Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
226dVJ2zRZ.exe

Overview

General Information

Sample name:226dVJ2zRZ.exe
renamed because original name is a hash value
Original sample name:af4b01a3849d9cc08f3b92f0246f0877.exe
Analysis ID:1372428
MD5:af4b01a3849d9cc08f3b92f0246f0877
SHA1:193232901c159e23ccece3758e8b9ef9586bcbac
SHA256:6c523ef93416b140bba0a146cec6fdfd44d95db5505b913fc5d2837dffe8f5fb
Tags:exenjratRAT
Infos:

Detection

Njrat
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus / Scanner detection for submitted sample
Antivirus detection for dropped file
Found malware configuration
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for domain / URL
Multi AV Scanner detection for dropped file
Multi AV Scanner detection for submitted file
Snort IDS alert for network traffic
Yara detected Njrat
.NET source code contains potential unpacker
Disables zone checking for all users
Drops PE files to the startup folder
Machine Learning detection for dropped file
Machine Learning detection for sample
Protects its processes via BreakOnTermination flag
AV process strings found (often used to terminate AV products)
Abnormal high CPU Usage
Checks if Antivirus/Antispyware/Firewall program is installed (via WMI)
Contains long sleeps (>= 3 min)
Creates a start menu entry (Start Menu\Programs\Startup)
Detected TCP or UDP traffic on non-standard ports
Detected potential crypto function
Drops PE files
Enables debug privileges
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
IP address seen in connection with other malware
Internet Provider seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
Queries the volume information (name, serial number etc) of a device
Sample file is different than original file name gathered from version info
Stores files to the Windows start menu directory
Uses 32bit PE files
Yara signature match

Classification

Process Tree

  • System is w10x64
  • 226dVJ2zRZ.exe (PID: 6888 cmdline: C:\Users\user\Desktop\226dVJ2zRZ.exe MD5: AF4B01A3849D9CC08F3B92F0246F0877)
  • 226dVJ2zRZ.exe (PID: 4564 cmdline: "C:\Users\user\Desktop\226dVJ2zRZ.exe" .. MD5: AF4B01A3849D9CC08F3B92F0246F0877)
  • 226dVJ2zRZ.exe (PID: 5228 cmdline: "C:\Users\user\Desktop\226dVJ2zRZ.exe" .. MD5: AF4B01A3849D9CC08F3B92F0246F0877)
  • 226dVJ2zRZ.exe (PID: 5928 cmdline: "C:\Users\user\Desktop\226dVJ2zRZ.exe" .. MD5: AF4B01A3849D9CC08F3B92F0246F0877)
  • Java update.exe (PID: 5496 cmdline: "C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Java update.exe" MD5: AF4B01A3849D9CC08F3B92F0246F0877)
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
NjRATRedPacket Security describes NJRat as "a remote access trojan (RAT) has capabilities to log keystrokes, access the victim's camera, steal credentials stored in browsers, open a reverse shell, upload/download files, view the victim's desktop, perform process, file, and registry manipulations, and capabilities to let the attacker update, uninstall, restart, close, disconnect the RAT and rename its campaign ID. Through the Command & Control (CnC) server software, the attacker has capabilities to create and configure the malware to spread through USB drives."It is supposedly popular with actors in the Middle East. Similar to other RATs, many leaked builders may be backdoored.
  • AQUATIC PANDA
  • Earth Lusca
  • Operation C-Major
  • The Gorgon Group
https://malpedia.caad.fkie.fraunhofer.de/details/win.njrat

Malware Configuration

Threatname: Njrat

{"Install Dir": "TEMP", "Install Name": "System.exe", "Startup": "Software\\Microsoft\\Windows\\CurrentVersion\\Run", "Campaign ID": "Sluha", "Version": "Njrat 0.7 Golden By Hassan Amiri", "Network Seprator": "|Hassan|", "Mutex": "Windows Update", "Install Flag": "False"}

Yara Signatures

Initial Sample

SourceRuleDescriptionAuthorStrings
226dVJ2zRZ.exeJoeSecurity_NjratYara detected NjratJoe Security
    226dVJ2zRZ.exeWindows_Trojan_Njrat_30f3c220unknownunknown
    • 0x7cbd:$a1: get_Registry
    • 0x93e2:$a2: SEE_MASK_NOZONECHECKS
    • 0x91f2:$a3: Download ERROR
    • 0x960a:$a4: cmd.exe /c ping 0 -n 2 & del "
    226dVJ2zRZ.exeCN_disclosed_20180208_cDetects malware from disclosed CN malware setFlorian Roth
    • 0x960a:$x1: cmd.exe /c ping 0 -n 2 & del "
    • 0x9498:$x2: schtasks /create /sc minute /mo 1 /tn Server /tr
    • 0x908c:$x3: www.upload.ee/image/
    • 0x90e4:$x3: www.upload.ee/image/
    • 0x9140:$x3: www.upload.ee/image/
    • 0x8d8a:$s1: winmgmts:\\.\root\SecurityCenter2
    • 0x9480:$s2: /Server.exe
    • 0x9214:$s3: Executed As
    • 0x724d:$s5: Stub.exe
    • 0x91f2:$s6: Download ERROR
    • 0x8eb0:$s7: shutdown -r -t 00
    • 0x8d4c:$s8: Select * From AntiVirusProduct
    226dVJ2zRZ.exeNjratdetect njRAT in memoryJPCERT/CC Incident Response Group
    • 0x93e2:$reg: SEE_MASK_NOZONECHECKS
    • 0x91ce:$msg: Execute ERROR
    • 0x922e:$msg: Execute ERROR
    • 0x960a:$ping: cmd.exe /c ping 0 -n 2 & del

    Dropped Files

    SourceRuleDescriptionAuthorStrings
    C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Java update.exeJoeSecurity_NjratYara detected NjratJoe Security
      C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Java update.exeWindows_Trojan_Njrat_30f3c220unknownunknown
      • 0x7cbd:$a1: get_Registry
      • 0x93e2:$a2: SEE_MASK_NOZONECHECKS
      • 0x91f2:$a3: Download ERROR
      • 0x960a:$a4: cmd.exe /c ping 0 -n 2 & del "
      C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Java update.exeCN_disclosed_20180208_cDetects malware from disclosed CN malware setFlorian Roth
      • 0x960a:$x1: cmd.exe /c ping 0 -n 2 & del "
      • 0x9498:$x2: schtasks /create /sc minute /mo 1 /tn Server /tr
      • 0x908c:$x3: www.upload.ee/image/
      • 0x90e4:$x3: www.upload.ee/image/
      • 0x9140:$x3: www.upload.ee/image/
      • 0x8d8a:$s1: winmgmts:\\.\root\SecurityCenter2
      • 0x9480:$s2: /Server.exe
      • 0x9214:$s3: Executed As
      • 0x724d:$s5: Stub.exe
      • 0x91f2:$s6: Download ERROR
      • 0x8eb0:$s7: shutdown -r -t 00
      • 0x8d4c:$s8: Select * From AntiVirusProduct
      C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Java update.exeNjratdetect njRAT in memoryJPCERT/CC Incident Response Group
      • 0x93e2:$reg: SEE_MASK_NOZONECHECKS
      • 0x91ce:$msg: Execute ERROR
      • 0x922e:$msg: Execute ERROR
      • 0x960a:$ping: cmd.exe /c ping 0 -n 2 & del

      Memory Dumps

      SourceRuleDescriptionAuthorStrings
      00000000.00000000.1655325701.0000000000742000.00000002.00000001.01000000.00000003.sdmpJoeSecurity_NjratYara detected NjratJoe Security
        00000000.00000000.1655325701.0000000000742000.00000002.00000001.01000000.00000003.sdmpWindows_Trojan_Njrat_30f3c220unknownunknown
        • 0x7abd:$a1: get_Registry
        • 0x91e2:$a2: SEE_MASK_NOZONECHECKS
        • 0x8ff2:$a3: Download ERROR
        • 0x940a:$a4: cmd.exe /c ping 0 -n 2 & del "
        00000000.00000000.1655325701.0000000000742000.00000002.00000001.01000000.00000003.sdmpNjratdetect njRAT in memoryJPCERT/CC Incident Response Group
        • 0x91e2:$reg: SEE_MASK_NOZONECHECKS
        • 0x8fce:$msg: Execute ERROR
        • 0x902e:$msg: Execute ERROR
        • 0x940a:$ping: cmd.exe /c ping 0 -n 2 & del
        Process Memory Space: 226dVJ2zRZ.exe PID: 6888JoeSecurity_NjratYara detected NjratJoe Security

          Unpacked PEs

          SourceRuleDescriptionAuthorStrings
          0.0.226dVJ2zRZ.exe.740000.0.unpackJoeSecurity_NjratYara detected NjratJoe Security
            0.0.226dVJ2zRZ.exe.740000.0.unpackWindows_Trojan_Njrat_30f3c220unknownunknown
            • 0x7cbd:$a1: get_Registry
            • 0x93e2:$a2: SEE_MASK_NOZONECHECKS
            • 0x91f2:$a3: Download ERROR
            • 0x960a:$a4: cmd.exe /c ping 0 -n 2 & del "
            0.0.226dVJ2zRZ.exe.740000.0.unpackCN_disclosed_20180208_cDetects malware from disclosed CN malware setFlorian Roth
            • 0x960a:$x1: cmd.exe /c ping 0 -n 2 & del "
            • 0x9498:$x2: schtasks /create /sc minute /mo 1 /tn Server /tr
            • 0x908c:$x3: www.upload.ee/image/
            • 0x90e4:$x3: www.upload.ee/image/
            • 0x9140:$x3: www.upload.ee/image/
            • 0x8d8a:$s1: winmgmts:\\.\root\SecurityCenter2
            • 0x9480:$s2: /Server.exe
            • 0x9214:$s3: Executed As
            • 0x724d:$s5: Stub.exe
            • 0x91f2:$s6: Download ERROR
            • 0x8eb0:$s7: shutdown -r -t 00
            • 0x8d4c:$s8: Select * From AntiVirusProduct
            0.0.226dVJ2zRZ.exe.740000.0.unpackNjratdetect njRAT in memoryJPCERT/CC Incident Response Group
            • 0x93e2:$reg: SEE_MASK_NOZONECHECKS
            • 0x91ce:$msg: Execute ERROR
            • 0x922e:$msg: Execute ERROR
            • 0x960a:$ping: cmd.exe /c ping 0 -n 2 & del

            Sigma Signatures

            No Sigma rule has matched

            Snort Signatures

            Timestamp:192.168.2.43.66.38.11749738144022825564 01/10/24-15:15:10.440491
            SID:2825564
            Source Port:49738
            Destination Port:14402
            Protocol:TCP
            Classtype:A Network Trojan was detected
            Timestamp:192.168.2.43.69.157.22049729144022825563 01/10/24-15:12:05.997539
            SID:2825563
            Source Port:49729
            Destination Port:14402
            Protocol:TCP
            Classtype:A Network Trojan was detected
            Timestamp:192.168.2.43.69.157.22049729144022825564 01/10/24-15:12:59.702779
            SID:2825564
            Source Port:49729
            Destination Port:14402
            Protocol:TCP
            Classtype:A Network Trojan was detected
            Timestamp:192.168.2.43.66.38.11749738144022033132 01/10/24-15:14:13.439792
            SID:2033132
            Source Port:49738
            Destination Port:14402
            Protocol:TCP
            Classtype:A Network Trojan was detected
            Timestamp:192.168.2.418.197.239.10949739144022033132 01/10/24-15:15:17.445649
            SID:2033132
            Source Port:49739
            Destination Port:14402
            Protocol:TCP
            Classtype:A Network Trojan was detected
            Timestamp:192.168.2.43.68.171.11949737144022825563 01/10/24-15:13:09.896188
            SID:2825563
            Source Port:49737
            Destination Port:14402
            Protocol:TCP
            Classtype:A Network Trojan was detected
            Timestamp:192.168.2.418.197.239.10949739144022825564 01/10/24-15:16:00.002281
            SID:2825564
            Source Port:49739
            Destination Port:14402
            Protocol:TCP
            Classtype:A Network Trojan was detected
            Timestamp:192.168.2.43.68.171.11949737144022825564 01/10/24-15:14:03.879122
            SID:2825564
            Source Port:49737
            Destination Port:14402
            Protocol:TCP
            Classtype:A Network Trojan was detected
            Timestamp:192.168.2.43.69.157.22049729144022033132 01/10/24-15:12:05.817254
            SID:2033132
            Source Port:49729
            Destination Port:14402
            Protocol:TCP
            Classtype:A Network Trojan was detected
            Timestamp:192.168.2.43.68.171.11949737144022033132 01/10/24-15:13:09.716753
            SID:2033132
            Source Port:49737
            Destination Port:14402
            Protocol:TCP
            Classtype:A Network Trojan was detected

            Joe Sandbox Signatures

            Click to jump to signature section

            Show All Signature Results

            AV Detection

            barindex
            Antivirus / Scanner detection for submitted sample
            Source: 226dVJ2zRZ.exeAvira: detected
            Antivirus detection for dropped file
            Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Java update.exeAvira: detection malicious, Label: TR/Dropper.Gen7
            Found malware configuration
            Source: 0.0.226dVJ2zRZ.exe.740000.0.unpackMalware Configuration Extractor: Njrat {"Install Dir": "TEMP", "Install Name": "System.exe", "Startup": "Software\\Microsoft\\Windows\\CurrentVersion\\Run", "Campaign ID": "Sluha", "Version": "Njrat 0.7 Golden By Hassan Amiri", "Network Seprator": "|Hassan|", "Mutex": "Windows Update", "Install Flag": "False"}
            Multi AV Scanner detection for domain / URL
            Source: 6.tcp.eu.ngrok.ioVirustotal: Detection: 8%Perma Link
            Multi AV Scanner detection for dropped file
            Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Java update.exeReversingLabs: Detection: 86%
            Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Java update.exeVirustotal: Detection: 80%Perma Link
            Multi AV Scanner detection for submitted file
            Source: 226dVJ2zRZ.exeReversingLabs: Detection: 86%
            Source: 226dVJ2zRZ.exeVirustotal: Detection: 80%Perma Link
            Yara detected Njrat
            Source: Yara matchFile source: 226dVJ2zRZ.exe, type: SAMPLE
            Source: Yara matchFile source: 0.0.226dVJ2zRZ.exe.740000.0.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 00000000.00000000.1655325701.0000000000742000.00000002.00000001.01000000.00000003.sdmp, type: MEMORY
            Source: Yara matchFile source: Process Memory Space: 226dVJ2zRZ.exe PID: 6888, type: MEMORYSTR
            Source: Yara matchFile source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Java update.exe, type: DROPPED
            Machine Learning detection for dropped file
            Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Java update.exeJoe Sandbox ML: detected
            Machine Learning detection for sample
            Source: 226dVJ2zRZ.exeJoe Sandbox ML: detected
            Source: 226dVJ2zRZ.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
            Source: 226dVJ2zRZ.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE

            Networking

            barindex
            Snort IDS alert for network traffic
            Source: TrafficSnort IDS: 2033132 ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) 192.168.2.4:49729 -> 3.69.157.220:14402
            Source: TrafficSnort IDS: 2825563 ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf) 192.168.2.4:49729 -> 3.69.157.220:14402
            Source: TrafficSnort IDS: 2825564 ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (act) 192.168.2.4:49729 -> 3.69.157.220:14402
            Source: TrafficSnort IDS: 2033132 ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) 192.168.2.4:49737 -> 3.68.171.119:14402
            Source: TrafficSnort IDS: 2825563 ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf) 192.168.2.4:49737 -> 3.68.171.119:14402
            Source: TrafficSnort IDS: 2825564 ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (act) 192.168.2.4:49737 -> 3.68.171.119:14402
            Source: TrafficSnort IDS: 2033132 ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) 192.168.2.4:49738 -> 3.66.38.117:14402
            Source: TrafficSnort IDS: 2825564 ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (act) 192.168.2.4:49738 -> 3.66.38.117:14402
            Source: TrafficSnort IDS: 2033132 ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) 192.168.2.4:49739 -> 18.197.239.109:14402
            Source: TrafficSnort IDS: 2825564 ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (act) 192.168.2.4:49739 -> 18.197.239.109:14402
            Source: global trafficTCP traffic: 192.168.2.4:49729 -> 3.69.157.220:14402
            Source: global trafficTCP traffic: 192.168.2.4:49737 -> 3.68.171.119:14402
            Source: global trafficTCP traffic: 192.168.2.4:49738 -> 3.66.38.117:14402
            Source: global trafficTCP traffic: 192.168.2.4:49739 -> 18.197.239.109:14402
            Source: Joe Sandbox ViewIP Address: 3.66.38.117 3.66.38.117
            Source: Joe Sandbox ViewIP Address: 18.197.239.109 18.197.239.109
            Source: Joe Sandbox ViewASN Name: AMAZON-02US AMAZON-02US
            Source: Joe Sandbox ViewASN Name: AMAZON-02US AMAZON-02US
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownDNS traffic detected: queries for: 6.tcp.eu.ngrok.io

            E-Banking Fraud

            barindex
            Yara detected Njrat
            Source: Yara matchFile source: 226dVJ2zRZ.exe, type: SAMPLE
            Source: Yara matchFile source: 0.0.226dVJ2zRZ.exe.740000.0.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 00000000.00000000.1655325701.0000000000742000.00000002.00000001.01000000.00000003.sdmp, type: MEMORY
            Source: Yara matchFile source: Process Memory Space: 226dVJ2zRZ.exe PID: 6888, type: MEMORYSTR
            Source: Yara matchFile source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Java update.exe, type: DROPPED

            Operating System Destruction

            barindex
            Protects its processes via BreakOnTermination flag
            Source: C:\Users\user\Desktop\226dVJ2zRZ.exeProcess information set: 01 00 00 00 Jump to behavior

            System Summary

            barindex
            Malicious sample detected (through community Yara rule)
            Source: 226dVJ2zRZ.exe, type: SAMPLEMatched rule: Windows_Trojan_Njrat_30f3c220 Author: unknown
            Source: 226dVJ2zRZ.exe, type: SAMPLEMatched rule: Detects malware from disclosed CN malware set Author: Florian Roth
            Source: 226dVJ2zRZ.exe, type: SAMPLEMatched rule: detect njRAT in memory Author: JPCERT/CC Incident Response Group
            Source: 0.0.226dVJ2zRZ.exe.740000.0.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Njrat_30f3c220 Author: unknown
            Source: 0.0.226dVJ2zRZ.exe.740000.0.unpack, type: UNPACKEDPEMatched rule: Detects malware from disclosed CN malware set Author: Florian Roth
            Source: 0.0.226dVJ2zRZ.exe.740000.0.unpack, type: UNPACKEDPEMatched rule: detect njRAT in memory Author: JPCERT/CC Incident Response Group
            Source: 00000000.00000000.1655325701.0000000000742000.00000002.00000001.01000000.00000003.sdmp, type: MEMORYMatched rule: Windows_Trojan_Njrat_30f3c220 Author: unknown
            Source: 00000000.00000000.1655325701.0000000000742000.00000002.00000001.01000000.00000003.sdmp, type: MEMORYMatched rule: detect njRAT in memory Author: JPCERT/CC Incident Response Group
            Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Java update.exe, type: DROPPEDMatched rule: Windows_Trojan_Njrat_30f3c220 Author: unknown
            Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Java update.exe, type: DROPPEDMatched rule: Detects malware from disclosed CN malware set Author: Florian Roth
            Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Java update.exe, type: DROPPEDMatched rule: detect njRAT in memory Author: JPCERT/CC Incident Response Group
            Source: C:\Users\user\Desktop\226dVJ2zRZ.exeProcess Stats: CPU usage > 49%
            Source: C:\Users\user\Desktop\226dVJ2zRZ.exeCode function: 0_2_02B2A6C00_2_02B2A6C0
            Source: C:\Users\user\Desktop\226dVJ2zRZ.exeCode function: 0_2_02B2EF800_2_02B2EF80
            Source: C:\Users\user\Desktop\226dVJ2zRZ.exeCode function: 0_2_02B2F5A80_2_02B2F5A8
            Source: C:\Users\user\Desktop\226dVJ2zRZ.exeCode function: 0_2_02B2A6B40_2_02B2A6B4
            Source: 226dVJ2zRZ.exe, 00000000.00000002.4096714466.0000000000B5E000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameclr.dllT vs 226dVJ2zRZ.exe
            Source: 226dVJ2zRZ.exe, 00000000.00000002.4096698622.0000000000AF8000.00000004.00000010.00020000.00000000.sdmpBinary or memory string: OriginalFilenameUNKNOWN_FILET vs 226dVJ2zRZ.exe
            Source: 226dVJ2zRZ.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
            Source: 226dVJ2zRZ.exe, type: SAMPLEMatched rule: Windows_Trojan_Njrat_30f3c220 reference_sample = 741a0f3954499c11f9eddc8df7c31e7c59ca41f1a7005646735b8b1d53438c1b, os = windows, severity = x86, creation_date = 2021-06-13, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Njrat, fingerprint = d15e131bca6beddcaecb20fffaff1784ad8a33a25e7ce90f7450d1a362908cc4, id = 30f3c220-b8dc-45a1-bcf0-027c2f76fa63, last_modified = 2021-10-04
            Source: 226dVJ2zRZ.exe, type: SAMPLEMatched rule: CN_disclosed_20180208_c date = 2018-02-08, hash1 = 17475d25d40c877284e73890a9dd55fccedc6a5a071c351a8c342c8ef7f9cea7, author = Florian Roth, description = Detects malware from disclosed CN malware set, reference = https://twitter.com/cyberintproject/status/961714165550342146, license = https://creativecommons.org/licenses/by-nc/4.0/
            Source: 226dVJ2zRZ.exe, type: SAMPLEMatched rule: Njrat hash1 = d5f63213ce11798879520b0e9b0d1b68d55f7727758ec8c120e370699a41379d, author = JPCERT/CC Incident Response Group, description = detect njRAT in memory, rule_usage = memory scan
            Source: 0.0.226dVJ2zRZ.exe.740000.0.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Njrat_30f3c220 reference_sample = 741a0f3954499c11f9eddc8df7c31e7c59ca41f1a7005646735b8b1d53438c1b, os = windows, severity = x86, creation_date = 2021-06-13, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Njrat, fingerprint = d15e131bca6beddcaecb20fffaff1784ad8a33a25e7ce90f7450d1a362908cc4, id = 30f3c220-b8dc-45a1-bcf0-027c2f76fa63, last_modified = 2021-10-04
            Source: 0.0.226dVJ2zRZ.exe.740000.0.unpack, type: UNPACKEDPEMatched rule: CN_disclosed_20180208_c date = 2018-02-08, hash1 = 17475d25d40c877284e73890a9dd55fccedc6a5a071c351a8c342c8ef7f9cea7, author = Florian Roth, description = Detects malware from disclosed CN malware set, reference = https://twitter.com/cyberintproject/status/961714165550342146, license = https://creativecommons.org/licenses/by-nc/4.0/
            Source: 0.0.226dVJ2zRZ.exe.740000.0.unpack, type: UNPACKEDPEMatched rule: Njrat hash1 = d5f63213ce11798879520b0e9b0d1b68d55f7727758ec8c120e370699a41379d, author = JPCERT/CC Incident Response Group, description = detect njRAT in memory, rule_usage = memory scan
            Source: 00000000.00000000.1655325701.0000000000742000.00000002.00000001.01000000.00000003.sdmp, type: MEMORYMatched rule: Windows_Trojan_Njrat_30f3c220 reference_sample = 741a0f3954499c11f9eddc8df7c31e7c59ca41f1a7005646735b8b1d53438c1b, os = windows, severity = x86, creation_date = 2021-06-13, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Njrat, fingerprint = d15e131bca6beddcaecb20fffaff1784ad8a33a25e7ce90f7450d1a362908cc4, id = 30f3c220-b8dc-45a1-bcf0-027c2f76fa63, last_modified = 2021-10-04
            Source: 00000000.00000000.1655325701.0000000000742000.00000002.00000001.01000000.00000003.sdmp, type: MEMORYMatched rule: Njrat hash1 = d5f63213ce11798879520b0e9b0d1b68d55f7727758ec8c120e370699a41379d, author = JPCERT/CC Incident Response Group, description = detect njRAT in memory, rule_usage = memory scan
            Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Java update.exe, type: DROPPEDMatched rule: Windows_Trojan_Njrat_30f3c220 reference_sample = 741a0f3954499c11f9eddc8df7c31e7c59ca41f1a7005646735b8b1d53438c1b, os = windows, severity = x86, creation_date = 2021-06-13, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Njrat, fingerprint = d15e131bca6beddcaecb20fffaff1784ad8a33a25e7ce90f7450d1a362908cc4, id = 30f3c220-b8dc-45a1-bcf0-027c2f76fa63, last_modified = 2021-10-04
            Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Java update.exe, type: DROPPEDMatched rule: CN_disclosed_20180208_c date = 2018-02-08, hash1 = 17475d25d40c877284e73890a9dd55fccedc6a5a071c351a8c342c8ef7f9cea7, author = Florian Roth, description = Detects malware from disclosed CN malware set, reference = https://twitter.com/cyberintproject/status/961714165550342146, license = https://creativecommons.org/licenses/by-nc/4.0/
            Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Java update.exe, type: DROPPEDMatched rule: Njrat hash1 = d5f63213ce11798879520b0e9b0d1b68d55f7727758ec8c120e370699a41379d, author = JPCERT/CC Incident Response Group, description = detect njRAT in memory, rule_usage = memory scan
            Source: classification engineClassification label: mal100.phis.troj.adwa.evad.winEXE@5/4@4/4
            Source: C:\Users\user\Desktop\226dVJ2zRZ.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Java update.exeJump to behavior
            Source: C:\Users\user\Desktop\226dVJ2zRZ.exeMutant created: \Sessions\1\BaseNamedObjects\Windows Update
            Source: 226dVJ2zRZ.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
            Source: 226dVJ2zRZ.exeStatic file information: TRID: Win32 Executable (generic) Net Framework (10011505/4) 49.80%
            Source: C:\Users\user\Desktop\226dVJ2zRZ.exeSection loaded: C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\a403a0b75e95c07da2caa7f780446a62\mscorlib.ni.dllJump to behavior
            Source: C:\Users\user\Desktop\226dVJ2zRZ.exeSection loaded: C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\a403a0b75e95c07da2caa7f780446a62\mscorlib.ni.dllJump to behavior
            Source: C:\Users\user\Desktop\226dVJ2zRZ.exeSection loaded: C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\a403a0b75e95c07da2caa7f780446a62\mscorlib.ni.dllJump to behavior
            Source: C:\Users\user\Desktop\226dVJ2zRZ.exeSection loaded: C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\a403a0b75e95c07da2caa7f780446a62\mscorlib.ni.dllJump to behavior
            Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Java update.exeSection loaded: C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\a403a0b75e95c07da2caa7f780446a62\mscorlib.ni.dllJump to behavior
            Source: C:\Users\user\Desktop\226dVJ2zRZ.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
            Source: 226dVJ2zRZ.exeReversingLabs: Detection: 86%
            Source: 226dVJ2zRZ.exeVirustotal: Detection: 80%
            Source: C:\Users\user\Desktop\226dVJ2zRZ.exeFile read: C:\Users\user\Desktop\226dVJ2zRZ.exeJump to behavior
            Source: unknownProcess created: C:\Users\user\Desktop\226dVJ2zRZ.exe C:\Users\user\Desktop\226dVJ2zRZ.exe
            Source: unknownProcess created: C:\Users\user\Desktop\226dVJ2zRZ.exe "C:\Users\user\Desktop\226dVJ2zRZ.exe" ..
            Source: unknownProcess created: C:\Users\user\Desktop\226dVJ2zRZ.exe "C:\Users\user\Desktop\226dVJ2zRZ.exe" ..
            Source: unknownProcess created: C:\Users\user\Desktop\226dVJ2zRZ.exe "C:\Users\user\Desktop\226dVJ2zRZ.exe" ..
            Source: unknownProcess created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Java update.exe "C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Java update.exe"
            Source: C:\Users\user\Desktop\226dVJ2zRZ.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{CF4CC405-E2C5-4DDD-B3CE-5E7582D8C9FA}\InprocServer32Jump to behavior
            Source: 226dVJ2zRZ.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR
            Source: 226dVJ2zRZ.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE

            Data Obfuscation

            barindex
            .NET source code contains potential unpacker
            Source: 226dVJ2zRZ.exe, OK.cs.Net Code: Plugin System.Reflection.Assembly.Load(byte[])
            Source: Java update.exe.0.dr, OK.cs.Net Code: Plugin System.Reflection.Assembly.Load(byte[])
            Source: C:\Users\user\Desktop\226dVJ2zRZ.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Java update.exeJump to dropped file

            Boot Survival

            barindex
            Drops PE files to the startup folder
            Source: C:\Users\user\Desktop\226dVJ2zRZ.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Java update.exeJump to dropped file
            Source: C:\Users\user\Desktop\226dVJ2zRZ.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Java update.exeJump to behavior
            Source: C:\Users\user\Desktop\226dVJ2zRZ.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Java update.exeJump to behavior
            Source: C:\Users\user\Desktop\226dVJ2zRZ.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Java update.exe\:Zone.Identifier:$DATAJump to behavior
            Source: C:\Users\user\Desktop\226dVJ2zRZ.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run Windows UpdateJump to behavior
            Source: C:\Users\user\Desktop\226dVJ2zRZ.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run Windows UpdateJump to behavior
            Source: C:\Users\user\Desktop\226dVJ2zRZ.exeRegistry value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run Windows UpdateJump to behavior
            Source: C:\Users\user\Desktop\226dVJ2zRZ.exeRegistry value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run Windows UpdateJump to behavior
            Source: C:\Users\user\Desktop\226dVJ2zRZ.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\226dVJ2zRZ.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\226dVJ2zRZ.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\226dVJ2zRZ.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\226dVJ2zRZ.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\226dVJ2zRZ.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\226dVJ2zRZ.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\226dVJ2zRZ.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\226dVJ2zRZ.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\226dVJ2zRZ.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\226dVJ2zRZ.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\226dVJ2zRZ.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\226dVJ2zRZ.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\226dVJ2zRZ.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\226dVJ2zRZ.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\226dVJ2zRZ.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\226dVJ2zRZ.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\226dVJ2zRZ.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\226dVJ2zRZ.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\226dVJ2zRZ.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\226dVJ2zRZ.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\226dVJ2zRZ.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\226dVJ2zRZ.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\226dVJ2zRZ.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\226dVJ2zRZ.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\226dVJ2zRZ.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\226dVJ2zRZ.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\226dVJ2zRZ.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\226dVJ2zRZ.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\226dVJ2zRZ.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\226dVJ2zRZ.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\226dVJ2zRZ.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\226dVJ2zRZ.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\226dVJ2zRZ.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\226dVJ2zRZ.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\226dVJ2zRZ.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\226dVJ2zRZ.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\226dVJ2zRZ.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\226dVJ2zRZ.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\226dVJ2zRZ.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\226dVJ2zRZ.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\226dVJ2zRZ.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\226dVJ2zRZ.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\226dVJ2zRZ.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\226dVJ2zRZ.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\226dVJ2zRZ.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\226dVJ2zRZ.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\226dVJ2zRZ.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\226dVJ2zRZ.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\226dVJ2zRZ.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\226dVJ2zRZ.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\226dVJ2zRZ.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\226dVJ2zRZ.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\226dVJ2zRZ.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\226dVJ2zRZ.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\226dVJ2zRZ.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\226dVJ2zRZ.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\226dVJ2zRZ.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\226dVJ2zRZ.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\226dVJ2zRZ.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\226dVJ2zRZ.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\226dVJ2zRZ.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\226dVJ2zRZ.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\226dVJ2zRZ.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\226dVJ2zRZ.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\226dVJ2zRZ.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\226dVJ2zRZ.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\226dVJ2zRZ.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\226dVJ2zRZ.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\226dVJ2zRZ.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\226dVJ2zRZ.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\226dVJ2zRZ.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\226dVJ2zRZ.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\226dVJ2zRZ.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\226dVJ2zRZ.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\226dVJ2zRZ.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\226dVJ2zRZ.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\226dVJ2zRZ.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\226dVJ2zRZ.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\226dVJ2zRZ.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\226dVJ2zRZ.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\226dVJ2zRZ.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\226dVJ2zRZ.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\226dVJ2zRZ.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\226dVJ2zRZ.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\226dVJ2zRZ.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\226dVJ2zRZ.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\226dVJ2zRZ.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\226dVJ2zRZ.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\226dVJ2zRZ.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\226dVJ2zRZ.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\226dVJ2zRZ.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\226dVJ2zRZ.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\226dVJ2zRZ.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\226dVJ2zRZ.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\226dVJ2zRZ.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\226dVJ2zRZ.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\226dVJ2zRZ.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\226dVJ2zRZ.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\226dVJ2zRZ.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\226dVJ2zRZ.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\226dVJ2zRZ.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\226dVJ2zRZ.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\226dVJ2zRZ.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\226dVJ2zRZ.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\226dVJ2zRZ.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\226dVJ2zRZ.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\226dVJ2zRZ.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\226dVJ2zRZ.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\226dVJ2zRZ.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\226dVJ2zRZ.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\226dVJ2zRZ.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\226dVJ2zRZ.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\226dVJ2zRZ.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\226dVJ2zRZ.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\226dVJ2zRZ.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\226dVJ2zRZ.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\226dVJ2zRZ.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\226dVJ2zRZ.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\226dVJ2zRZ.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\226dVJ2zRZ.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\226dVJ2zRZ.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\226dVJ2zRZ.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\226dVJ2zRZ.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Java update.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Java update.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Java update.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Java update.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Java update.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Java update.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Java update.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Java update.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Java update.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Java update.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Java update.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Java update.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Java update.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Java update.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Java update.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Java update.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Java update.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Java update.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Java update.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Java update.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Java update.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Java update.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Java update.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Java update.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\226dVJ2zRZ.exeThread delayed: delay time: 922337203685477Jump to behavior
            Source: C:\Users\user\Desktop\226dVJ2zRZ.exeThread delayed: delay time: 922337203685477Jump to behavior
            Source: C:\Users\user\Desktop\226dVJ2zRZ.exeThread delayed: delay time: 922337203685477Jump to behavior
            Source: C:\Users\user\Desktop\226dVJ2zRZ.exeThread delayed: delay time: 922337203685477Jump to behavior
            Source: C:\Users\user\Desktop\226dVJ2zRZ.exeThread delayed: delay time: 922337203685477Jump to behavior
            Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Java update.exeThread delayed: delay time: 922337203685477Jump to behavior
            Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Java update.exeThread delayed: delay time: 922337203685477Jump to behavior
            Source: C:\Users\user\Desktop\226dVJ2zRZ.exeWindow / User API: threadDelayed 1050Jump to behavior
            Source: C:\Users\user\Desktop\226dVJ2zRZ.exeWindow / User API: threadDelayed 3844Jump to behavior
            Source: C:\Users\user\Desktop\226dVJ2zRZ.exeWindow / User API: threadDelayed 4275Jump to behavior
            Source: C:\Users\user\Desktop\226dVJ2zRZ.exeWindow / User API: foregroundWindowGot 695Jump to behavior
            Source: C:\Users\user\Desktop\226dVJ2zRZ.exeWindow / User API: foregroundWindowGot 682Jump to behavior
            Source: C:\Users\user\Desktop\226dVJ2zRZ.exe TID: 6960Thread sleep time: -105000s >= -30000sJump to behavior
            Source: C:\Users\user\Desktop\226dVJ2zRZ.exe TID: 6912Thread sleep time: -3844000s >= -30000sJump to behavior
            Source: C:\Users\user\Desktop\226dVJ2zRZ.exe TID: 6912Thread sleep time: -4275000s >= -30000sJump to behavior
            Source: C:\Users\user\Desktop\226dVJ2zRZ.exe TID: 4476Thread sleep count: 43 > 30Jump to behavior
            Source: C:\Users\user\Desktop\226dVJ2zRZ.exe TID: 6016Thread sleep time: -922337203685477s >= -30000sJump to behavior
            Source: C:\Users\user\Desktop\226dVJ2zRZ.exe TID: 3512Thread sleep count: 39 > 30Jump to behavior
            Source: C:\Users\user\Desktop\226dVJ2zRZ.exe TID: 6120Thread sleep time: -922337203685477s >= -30000sJump to behavior
            Source: C:\Users\user\Desktop\226dVJ2zRZ.exe TID: 3604Thread sleep time: -922337203685477s >= -30000sJump to behavior
            Source: C:\Users\user\Desktop\226dVJ2zRZ.exe TID: 4916Thread sleep count: 41 > 30Jump to behavior
            Source: C:\Users\user\Desktop\226dVJ2zRZ.exe TID: 6840Thread sleep time: -922337203685477s >= -30000sJump to behavior
            Source: C:\Users\user\Desktop\226dVJ2zRZ.exe TID: 5548Thread sleep time: -922337203685477s >= -30000sJump to behavior
            Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Java update.exe TID: 1608Thread sleep count: 59 > 30Jump to behavior
            Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Java update.exe TID: 4456Thread sleep time: -922337203685477s >= -30000sJump to behavior
            Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Java update.exe TID: 6868Thread sleep time: -922337203685477s >= -30000sJump to behavior
            Source: C:\Users\user\Desktop\226dVJ2zRZ.exeThread delayed: delay time: 922337203685477Jump to behavior
            Source: C:\Users\user\Desktop\226dVJ2zRZ.exeThread delayed: delay time: 922337203685477Jump to behavior
            Source: C:\Users\user\Desktop\226dVJ2zRZ.exeThread delayed: delay time: 922337203685477Jump to behavior
            Source: C:\Users\user\Desktop\226dVJ2zRZ.exeThread delayed: delay time: 922337203685477Jump to behavior
            Source: C:\Users\user\Desktop\226dVJ2zRZ.exeThread delayed: delay time: 922337203685477Jump to behavior
            Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Java update.exeThread delayed: delay time: 922337203685477Jump to behavior
            Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Java update.exeThread delayed: delay time: 922337203685477Jump to behavior
            Source: 226dVJ2zRZ.exe, 00000000.00000002.4096714466.0000000000C20000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
            Source: C:\Users\user\Desktop\226dVJ2zRZ.exeProcess token adjusted: DebugJump to behavior
            Source: C:\Users\user\Desktop\226dVJ2zRZ.exeMemory allocated: page read and write | page guardJump to behavior
            Source: 226dVJ2zRZ.exe, 00000000.00000002.4099331352.0000000003B59000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/02/07 | 23:51:59 - Program Manager
            Source: 226dVJ2zRZ.exe, 00000000.00000002.4099331352.0000000003B59000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/02/14 | 11:39:30 - Program Manager
            Source: 226dVJ2zRZ.exe, 00000000.00000002.4099331352.0000000003B59000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/01/26 | 01:34:12 - Program Manager
            Source: 226dVJ2zRZ.exe, 00000000.00000002.4097715923.0000000002F67000.00000004.00000800.00020000.00000000.sdmp, 226dVJ2zRZ.exe, 00000000.00000002.4099331352.0000000003B59000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/01/13 | 00:29:59 - Program Manager
            Source: 226dVJ2zRZ.exe, 00000000.00000002.4099331352.0000000003B59000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/02/29 | 19:17:25 - Program Manager
            Source: 226dVJ2zRZ.exe, 00000000.00000002.4099331352.0000000003B59000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/02/12 | 07:48:19 - Program Manager
            Source: 226dVJ2zRZ.exe, 00000000.00000002.4099331352.0000000003B59000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/02/21 | 00:48:37 - Program Manager
            Source: 226dVJ2zRZ.exe, 00000000.00000002.4097715923.0000000002F67000.00000004.00000800.00020000.00000000.sdmp, 226dVJ2zRZ.exe, 00000000.00000002.4099331352.0000000003B59000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/01/10 | 20:42:44 - Program Manager
            Source: 226dVJ2zRZ.exe, 00000000.00000002.4099331352.0000000003B59000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/02/23 | 04:36:12 - Program Manager
            Source: 226dVJ2zRZ.exe, 00000000.00000002.4099331352.0000000003B59000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/02/21 | 00:46:39 - Program Manager
            Source: 226dVJ2zRZ.exe, 00000000.00000002.4099331352.0000000003B59000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/03/02 | 22:56:17 - Program Manager
            Source: 226dVJ2zRZ.exe, 00000000.00000002.4099331352.0000000003B59000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/01/26 | 00:47:32 - Program Manager
            Source: 226dVJ2zRZ.exe, 00000000.00000002.4099331352.0000000003B59000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/01/17 | 10:01:31 - Program Manager
            Source: 226dVJ2zRZ.exe, 00000000.00000002.4097715923.0000000002F67000.00000004.00000800.00020000.00000000.sdmp, 226dVJ2zRZ.exe, 00000000.00000002.4099331352.0000000003B59000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/01/10 | 20:46:40 - Program Manager
            Source: 226dVJ2zRZ.exe, 00000000.00000002.4099331352.0000000003B59000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/02/03 | 16:15:38 - Program Manager
            Source: 226dVJ2zRZ.exe, 00000000.00000002.4099331352.0000000003B59000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/02/18 | 20:41:50 - Program Manager
            Source: 226dVJ2zRZ.exe, 00000000.00000002.4099331352.0000000003B59000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/03/03 | 07:25:02 - Program Manager
            Source: 226dVJ2zRZ.exe, 00000000.00000002.4099331352.0000000003B59000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/01/15 | 04:55:33 - Program Manager
            Source: 226dVJ2zRZ.exe, 00000000.00000002.4099331352.0000000003B59000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/02/14 | 12:43:38 - Program Manager
            Source: 226dVJ2zRZ.exe, 00000000.00000002.4099331352.0000000003B59000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/03/02 | 22:46:58 - Program Manager
            Source: 226dVJ2zRZ.exe, 00000000.00000002.4099331352.0000000003B59000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/02/14 | 11:33:36 - Program Manager
            Source: 226dVJ2zRZ.exe, 00000000.00000002.4099331352.0000000003B59000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/01/15 | 04:53:35 - Program Manager
            Source: 226dVJ2zRZ.exe, 00000000.00000002.4099331352.0000000003B59000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/01/28 | 04:56:31 - Program Manager
            Source: 226dVJ2zRZ.exe, 00000000.00000002.4099331352.0000000003B59000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/02/14 | 11:18:59 - Program Manager
            Source: 226dVJ2zRZ.exe, 00000000.00000002.4099331352.0000000003B59000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/02/14 | 12:07:37 - Program Manager
            Source: 226dVJ2zRZ.exe, 00000000.00000002.4099331352.0000000003B59000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/01/15 | 05:00:18 - Program Manager
            Source: 226dVJ2zRZ.exe, 00000000.00000002.4097715923.0000000002F67000.00000004.00000800.00020000.00000000.sdmp, 226dVJ2zRZ.exe, 00000000.00000002.4099331352.0000000003B59000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/01/10 | 15:13:50 - Program Manager
            Source: 226dVJ2zRZ.exe, 00000000.00000002.4099331352.0000000003B59000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/02/01 | 11:57:58 - Program Manager
            Source: 226dVJ2zRZ.exe, 00000000.00000002.4099331352.0000000003B59000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/01/15 | 06:18:12 - Program Manager
            Source: 226dVJ2zRZ.exe, 00000000.00000002.4099331352.0000000003B59000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/01/15 | 05:32:54 - Program Manager
            Source: 226dVJ2zRZ.exe, 00000000.00000002.4099331352.0000000003B59000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/01/26 | 00:49:30 - Program Manager
            Source: 226dVJ2zRZ.exe, 00000000.00000002.4099331352.0000000003B59000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/01/15 | 05:42:13 - Program Manager
            Source: 226dVJ2zRZ.exe, 00000000.00000002.4099331352.0000000003B59000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/02/21 | 00:41:22 - Program Manager
            Source: 226dVJ2zRZ.exe, 00000000.00000002.4097715923.0000000002F67000.00000004.00000800.00020000.00000000.sdmp, 226dVJ2zRZ.exe, 00000000.00000002.4099331352.0000000003B59000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/01/10 | 20:39:24 - Program Manager
            Source: 226dVJ2zRZ.exe, 00000000.00000002.4099331352.0000000003B59000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/01/15 | 04:24:50 - Program Manager
            Source: 226dVJ2zRZ.exe, 00000000.00000002.4099331352.0000000003B59000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/02/08 | 00:06:43 - Program Manager
            Source: 226dVJ2zRZ.exe, 00000000.00000002.4099331352.0000000003B59000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/02/18 | 20:16:29 - Program Manager
            Source: 226dVJ2zRZ.exe, 00000000.00000002.4099331352.0000000003B59000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/02/03 | 16:30:15 - Program Manager
            Source: 226dVJ2zRZ.exe, 00000000.00000002.4099331352.0000000003B59000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/02/18 | 20:18:27 - Program Manager
            Source: 226dVJ2zRZ.exe, 00000000.00000002.4097715923.0000000002F67000.00000004.00000800.00020000.00000000.sdmp, 226dVJ2zRZ.exe, 00000000.00000002.4099331352.0000000003B59000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/01/13 | 00:24:42 - Program Manager
            Source: 226dVJ2zRZ.exe, 00000000.00000002.4099331352.0000000003B59000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/02/10 | 03:24:44 - Program Manager
            Source: 226dVJ2zRZ.exe, 00000000.00000002.4099331352.0000000003B59000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/03/02 | 23:52:11 - Program Manager
            Source: 226dVJ2zRZ.exe, 00000000.00000002.4099331352.0000000003B59000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/02/01 | 11:52:41 - Program Manager
            Source: 226dVJ2zRZ.exe, 00000000.00000002.4099331352.0000000003B59000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/02/01 | 12:17:51 - Program Manager
            Source: 226dVJ2zRZ.exe, 00000000.00000002.4099331352.0000000003B59000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/01/15 | 05:34:52 - Program Manager
            Source: 226dVJ2zRZ.exe, 00000000.00000002.4099331352.0000000003B59000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/01/26 | 01:01:31 - Program Manager
            Source: 226dVJ2zRZ.exe, 00000000.00000002.4099331352.0000000003B59000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/02/05 | 19:49:14 - Program Manager
            Source: 226dVJ2zRZ.exe, 00000000.00000002.4099331352.0000000003B59000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/03/02 | 23:50:13 - Program Manager
            Source: 226dVJ2zRZ.exe, 00000000.00000002.4099331352.0000000003B59000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/02/05 | 19:47:16 - Program Manager
            Source: 226dVJ2zRZ.exe, 00000000.00000002.4099331352.0000000003B59000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/03/03 | 01:09:13 - Program Manager
            Source: 226dVJ2zRZ.exe, 00000000.00000002.4099331352.0000000003B59000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/02/01 | 11:50:43 - Program Manager
            Source: 226dVJ2zRZ.exe, 00000000.00000002.4099331352.0000000003B59000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/02/18 | 21:06:37 - Program Manager
            Source: 226dVJ2zRZ.exe, 00000000.00000002.4099331352.0000000003B59000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/03/02 | 23:15:42 - Program Manager
            Source: 226dVJ2zRZ.exe, 00000000.00000002.4099331352.0000000003B59000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/01/15 | 04:39:26 - Program Manager
            Source: 226dVJ2zRZ.exe, 00000000.00000002.4099331352.0000000003B59000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/01/23 | 21:21:31 - Program Manager
            Source: 226dVJ2zRZ.exe, 00000000.00000002.4099331352.0000000003B59000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/02/14 | 12:06:07 - Program Manager
            Source: 226dVJ2zRZ.exe, 00000000.00000002.4097715923.0000000002F67000.00000004.00000800.00020000.00000000.sdmp, 226dVJ2zRZ.exe, 00000000.00000002.4099331352.0000000003B59000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/01/10 | 21:05:56 - Program Manager
            Source: 226dVJ2zRZ.exe, 00000000.00000002.4099331352.0000000003B59000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/02/21 | 00:36:04 - Program Manager
            Source: 226dVJ2zRZ.exe, 00000000.00000002.4099331352.0000000003B59000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/01/19 | 13:45:42 - Program Manager
            Source: 226dVJ2zRZ.exe, 00000000.00000002.4099331352.0000000003B59000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/01/13 | 01:06:04 - Program Manager
            Source: 226dVJ2zRZ.exe, 00000000.00000002.4099331352.0000000003B59000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/01/23 | 21:19:41 - Program Manager
            Source: 226dVJ2zRZ.exe, 00000000.00000002.4099331352.0000000003B59000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/02/12 | 07:20:56 - Program Manager
            Source: 226dVJ2zRZ.exe, 00000000.00000002.4099331352.0000000003B59000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/02/14 | 13:14:20 - Program Manager
            Source: 226dVJ2zRZ.exe, 00000000.00000002.4099331352.0000000003B59000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/02/21 | 01:13:25 - Program Manager
            Source: 226dVJ2zRZ.exe, 00000000.00000002.4099331352.0000000003B59000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/02/29 | 07:23:53 - Program Manager
            Source: 226dVJ2zRZ.exe, 00000000.00000002.4099331352.0000000003B59000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/03/02 | 23:57:28 - Program Manager
            Source: 226dVJ2zRZ.exe, 00000000.00000002.4099331352.0000000003B59000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/01/26 | 01:06:48 - Program Manager
            Source: 226dVJ2zRZ.exe, 00000000.00000002.4099331352.0000000003B59000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/02/01 | 12:19:26 - Program Manager
            Source: 226dVJ2zRZ.exe, 00000000.00000002.4099331352.0000000003B59000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/02/07 | 23:50:29 - Program Manager
            Source: 226dVJ2zRZ.exe, 00000000.00000002.4099331352.0000000003B59000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/02/14 | 11:55:28 - Program Manager
            Source: 226dVJ2zRZ.exe, 00000000.00000002.4099331352.0000000003B59000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/02/14 | 12:00:22 - Program Manager
            Source: 226dVJ2zRZ.exe, 00000000.00000002.4099331352.0000000003B59000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/02/14 | 11:21:03 - Program Manager
            Source: 226dVJ2zRZ.exe, 00000000.00000002.4099331352.0000000003B59000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/02/01 | 12:24:44 - Program Manager
            Source: 226dVJ2zRZ.exe, 00000000.00000002.4099331352.0000000003B59000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/02/14 | 12:34:47 - Program Manager
            Source: 226dVJ2zRZ.exe, 00000000.00000002.4099331352.0000000003B59000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/02/18 | 20:20:03 - Program Manager
            Source: 226dVJ2zRZ.exe, 00000000.00000002.4099331352.0000000003B59000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/02/12 | 07:26:50 - Program Manager
            Source: 226dVJ2zRZ.exe, 00000000.00000002.4099331352.0000000003B59000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/01/17 | 10:06:48 - Program Manager
            Source: 226dVJ2zRZ.exe, 00000000.00000002.4099331352.0000000003B59000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/02/29 | 11:05:00 - Program Manager
            Source: 226dVJ2zRZ.exe, 00000000.00000002.4099331352.0000000003B59000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/01/19 | 14:03:14 - Program Manager
            Source: 226dVJ2zRZ.exe, 00000000.00000002.4099331352.0000000003B59000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/01/28 | 05:02:46 - Program Manager
            Source: 226dVJ2zRZ.exe, 00000000.00000002.4099331352.0000000003B59000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/03/02 | 23:26:45 - Program Manager
            Source: 226dVJ2zRZ.exe, 00000000.00000002.4099331352.0000000003B59000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/02/14 | 13:03:08 - Program Manager
            Source: 226dVJ2zRZ.exe, 00000000.00000002.4099331352.0000000003B59000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/02/14 | 12:29:29 - Program Manager
            Source: 226dVJ2zRZ.exe, 00000000.00000002.4097715923.0000000002F67000.00000004.00000800.00020000.00000000.sdmp, 226dVJ2zRZ.exe, 00000000.00000002.4099331352.0000000003B59000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/01/10 | 20:35:51 - Program Manager
            Source: 226dVJ2zRZ.exe, 00000000.00000002.4099331352.0000000003B59000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/02/21 | 00:54:23 - Program Manager
            Source: 226dVJ2zRZ.exe, 00000000.00000002.4099331352.0000000003B59000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/02/23 | 04:45:03 - Program Manager
            Source: 226dVJ2zRZ.exe, 00000000.00000002.4099331352.0000000003B59000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/01/15 | 05:25:38 - Program Manager
            Source: 226dVJ2zRZ.exe, 00000000.00000002.4099331352.0000000003B59000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/01/10 | 15:15:25 - Program Manager
            Source: 226dVJ2zRZ.exe, 00000000.00000002.4099331352.0000000003B59000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/02/18 | 20:09:22 - Program Manager
            Source: 226dVJ2zRZ.exe, 00000000.00000002.4099331352.0000000003B59000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/01/13 | 00:52:20 - Program Manager
            Source: 226dVJ2zRZ.exe, 00000000.00000002.4097715923.0000000002F67000.00000004.00000800.00020000.00000000.sdmp, 226dVJ2zRZ.exe, 00000000.00000002.4099331352.0000000003B59000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/01/10 | 20:29:03 - Program Manager
            Source: 226dVJ2zRZ.exe, 00000000.00000002.4099331352.0000000003B59000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/01/15 | 06:29:15 - Program Manager
            Source: 226dVJ2zRZ.exe, 00000000.00000002.4099331352.0000000003B59000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/01/15 | 04:42:32 - Program Manager
            Source: 226dVJ2zRZ.exe, 00000000.00000002.4099331352.0000000003B59000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/02/14 | 11:20:35 - Program Manager
            Source: 226dVJ2zRZ.exe, 00000000.00000002.4099331352.0000000003B59000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/02/18 | 20:16:52 - Program Manager
            Source: 226dVJ2zRZ.exe, 00000000.00000002.4099331352.0000000003B59000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/01/26 | 01:05:18 - Program Manager
            Source: 226dVJ2zRZ.exe, 00000000.00000002.4099331352.0000000003B59000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/02/12 | 07:08:31 - Program Manager
            Source: 226dVJ2zRZ.exe, 00000000.00000002.4099331352.0000000003B59000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/02/14 | 12:58:37 - Program Manager
            Source: 226dVJ2zRZ.exe, 00000000.00000002.4099331352.0000000003B59000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/03/02 | 22:50:46 - Program Manager
            Source: 226dVJ2zRZ.exe, 00000000.00000002.4099331352.0000000003B59000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/01/19 | 13:42:14 - Program Manager
            Source: 226dVJ2zRZ.exe, 00000000.00000002.4099331352.0000000003B59000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/02/21 | 00:50:13 - Program Manager
            Source: 226dVJ2zRZ.exe, 00000000.00000002.4099331352.0000000003B59000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/03/02 | 22:52:30 - Program Manager
            Source: 226dVJ2zRZ.exe, 00000000.00000002.4099331352.0000000003B59000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/01/19 | 14:08:54 - Program Manager
            Source: 226dVJ2zRZ.exe, 00000000.00000002.4099331352.0000000003B59000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/01/19 | 14:12:05 - Program Manager
            Source: 226dVJ2zRZ.exe, 00000000.00000002.4099331352.0000000003B59000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/02/12 | 07:42:34 - Program Manager
            Source: 226dVJ2zRZ.exe, 00000000.00000002.4099331352.0000000003B59000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/02/14 | 12:49:09 - Program Manager
            Source: 226dVJ2zRZ.exe, 00000000.00000002.4099331352.0000000003B59000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/02/03 | 16:06:33 - Program Manager
            Source: 226dVJ2zRZ.exe, 00000000.00000002.4099331352.0000000003B59000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/01/26 | 01:26:28 - Program Manager
            Source: 226dVJ2zRZ.exe, 00000000.00000002.4099331352.0000000003B59000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/02/21 | 01:17:35 - Program Manager
            Source: 226dVJ2zRZ.exe, 00000000.00000002.4099331352.0000000003B59000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/01/28 | 05:06:42 - Program Manager
            Source: 226dVJ2zRZ.exe, 00000000.00000002.4097715923.0000000002F67000.00000004.00000800.00020000.00000000.sdmp, 226dVJ2zRZ.exe, 00000000.00000002.4099331352.0000000003B59000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/01/13 | 00:26:17 - Program Manager
            Source: 226dVJ2zRZ.exe, 00000000.00000002.4099331352.0000000003B59000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/01/15 | 05:31:24 - Program Manager
            Source: 226dVJ2zRZ.exe, 00000000.00000002.4099331352.0000000003B59000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/02/14 | 11:48:35 - Program Manager
            Source: 226dVJ2zRZ.exe, 00000000.00000002.4099331352.0000000003B59000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/02/12 | 07:40:36 - Program Manager
            Source: 226dVJ2zRZ.exe, 00000000.00000002.4099331352.0000000003B59000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/01/15 | 06:22:39 - Program Manager
            Source: 226dVJ2zRZ.exe, 00000000.00000002.4099331352.0000000003B59000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/03/02 | 22:34:39 - Program Manager
            Source: 226dVJ2zRZ.exe, 00000000.00000002.4099331352.0000000003B59000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/01/19 | 14:04:44 - Program Manager
            Source: 226dVJ2zRZ.exe, 00000000.00000002.4099331352.0000000003B59000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/01/17 | 09:58:50 - Program Manager
            Source: 226dVJ2zRZ.exe, 00000000.00000002.4099331352.0000000003B59000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/01/15 | 05:12:37 - Program Manager
            Source: 226dVJ2zRZ.exe, 00000000.00000002.4099331352.0000000003B59000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/02/12 | 07:46:44 - Program Manager
            Source: 226dVJ2zRZ.exe, 00000000.00000002.4099331352.0000000003B59000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/02/01 | 12:17:28 - Program Manager
            Source: 226dVJ2zRZ.exe, 00000000.00000002.4099331352.0000000003B59000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/01/15 | 04:43:14 - Program Manager
            Source: 226dVJ2zRZ.exe, 00000000.00000002.4099331352.0000000003B59000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/02/14 | 11:44:25 - Program Manager
            Source: 226dVJ2zRZ.exe, 00000000.00000002.4097715923.0000000002F67000.00000004.00000800.00020000.00000000.sdmp, 226dVJ2zRZ.exe, 00000000.00000002.4099331352.0000000003B59000.00000004.00000800.00020000.00000000.sdmp, 226dVJ2zRZ.exe, 00000003.00000002.1913161929.000000000328E000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/01/10 | 15:12:20 - Program Manager
            Source: 226dVJ2zRZ.exe, 00000000.00000002.4099331352.0000000003B59000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/01/13 | 00:55:25 - Program Manager
            Source: 226dVJ2zRZ.exe, 00000000.00000002.4099331352.0000000003B59000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/01/15 | 05:53:02 - Program Manager
            Source: 226dVJ2zRZ.exe, 00000000.00000002.4099331352.0000000003B59000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/02/12 | 07:03:19 - Program Manager
            Source: 226dVJ2zRZ.exe, 00000000.00000002.4099331352.0000000003B59000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/01/26 | 00:50:29 - Program Manager
            Source: 226dVJ2zRZ.exe, 00000000.00000002.4099331352.0000000003B59000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/02/14 | 11:57:26 - Program Manager
            Source: 226dVJ2zRZ.exe, 00000000.00000002.4099331352.0000000003B59000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/02/21 | 00:47:30 - Program Manager
            Source: 226dVJ2zRZ.exe, 00000000.00000002.4099331352.0000000003B59000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/02/18 | 20:56:12 - Program Manager
            Source: 226dVJ2zRZ.exe, 00000000.00000002.4097715923.0000000002F67000.00000004.00000800.00020000.00000000.sdmp, 226dVJ2zRZ.exe, 00000000.00000002.4099331352.0000000003B59000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/01/10 | 20:28:35 - Program Manager
            Source: 226dVJ2zRZ.exe, 00000000.00000002.4099331352.0000000003B59000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/01/15 | 05:05:44 - Program Manager
            Source: 226dVJ2zRZ.exe, 00000000.00000002.4099331352.0000000003B59000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/02/23 | 04:48:45 - Program Manager
            Source: 226dVJ2zRZ.exe, 00000000.00000002.4099331352.0000000003B59000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/02/23 | 04:33:46 - Program Manager
            Source: 226dVJ2zRZ.exe, 00000000.00000002.4099331352.0000000003B59000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/03/02 | 23:53:41 - Program Manager
            Source: 226dVJ2zRZ.exe, 00000000.00000002.4099331352.0000000003B59000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/02/18 | 20:08:54 - Program Manager
            Source: 226dVJ2zRZ.exe, 00000000.00000002.4099331352.0000000003B59000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/02/18 | 20:42:09 - Program Manager
            Source: 226dVJ2zRZ.exe, 00000000.00000002.4099331352.0000000003B59000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/02/21 | 01:11:27 - Program Manager
            Source: 226dVJ2zRZ.exe, 00000000.00000002.4099331352.0000000003B59000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/02/12 | 06:41:23 - Program Manager
            Source: 226dVJ2zRZ.exe, 00000000.00000002.4099331352.0000000003B59000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/02/14 | 12:58:23 - Program Manager
            Source: 226dVJ2zRZ.exe, 00000000.00000002.4099331352.0000000003B59000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/02/03 | 15:43:35 - Program Manager
            Source: 226dVJ2zRZ.exe, 00000000.00000002.4099331352.0000000003B59000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/02/12 | 06:47:31 - Program Manager
            Source: 226dVJ2zRZ.exe, 00000000.00000002.4099331352.0000000003B59000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/01/26 | 00:43:22 - Program Manager
            Source: 226dVJ2zRZ.exe, 00000000.00000002.4099331352.0000000003B59000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/03/03 | 20:21:01 - Program Manager
            Source: 226dVJ2zRZ.exe, 00000000.00000002.4099331352.0000000003B59000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/02/23 | 04:39:54 - Program Manager
            Source: 226dVJ2zRZ.exe, 00000000.00000002.4099331352.0000000003B59000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/01/15 | 05:49:51 - Program Manager
            Source: 226dVJ2zRZ.exe, 00000000.00000002.4099331352.0000000003B59000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/01/17 | 10:03:06 - Program Manager
            Source: 226dVJ2zRZ.exe, 00000000.00000002.4099331352.0000000003B59000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/01/26 | 01:07:02 - Program Manager
            Source: 226dVJ2zRZ.exe, 00000000.00000002.4099331352.0000000003B59000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/01/15 | 06:06:41 - Program Manager
            Source: 226dVJ2zRZ.exe, 00000000.00000002.4099331352.0000000003B59000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/02/14 | 11:51:18 - Program Manager
            Source: 226dVJ2zRZ.exe, 00000000.00000002.4099331352.0000000003B59000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/03/03 | 00:11:22 - Program Manager
            Source: 226dVJ2zRZ.exe, 00000000.00000002.4099331352.0000000003B59000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/03/03 | 00:33:14 - Program Manager
            Source: 226dVJ2zRZ.exe, 00000000.00000002.4099331352.0000000003B59000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/02/07 | 23:18:10 - Program Manager
            Source: 226dVJ2zRZ.exe, 00000000.00000002.4099331352.0000000003B59000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/01/28 | 05:03:00 - Program Manager
            Source: 226dVJ2zRZ.exe, 00000000.00000002.4099331352.0000000003B59000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/01/10 | 15:15:39 - Program Manager
            Source: 226dVJ2zRZ.exe, 00000000.00000002.4099331352.0000000003B59000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/02/14 | 11:23:01 - Program Manager
            Source: 226dVJ2zRZ.exe, 00000000.00000002.4099331352.0000000003B59000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/02/18 | 19:55:30 - Program Manager
            Source: 226dVJ2zRZ.exe, 00000000.00000002.4099331352.0000000003B59000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/01/13 | 00:46:48 - Program Manager
            Source: 226dVJ2zRZ.exe, 00000000.00000002.4099331352.0000000003B59000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/01/15 | 05:21:51 - Program Manager
            Source: 226dVJ2zRZ.exe, 00000000.00000002.4099331352.0000000003B59000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/03/02 | 22:36:23 - Program Manager
            Source: 226dVJ2zRZ.exe, 00000000.00000002.4099331352.0000000003B59000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/02/14 | 11:28:04 - Program Manager
            Source: 226dVJ2zRZ.exe, 00000000.00000002.4099331352.0000000003B59000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/01/10 | 15:14:57 - Program Manager
            Source: 226dVJ2zRZ.exe, 00000000.00000002.4099331352.0000000003B59000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/02/21 | 01:12:09 - Program Manager
            Source: 226dVJ2zRZ.exe, 00000000.00000002.4099331352.0000000003B59000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/03/02 | 23:28:06 - Program Manager
            Source: 226dVJ2zRZ.exe, 00000000.00000002.4099331352.0000000003B59000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/03/03 | 00:19:19 - Program Manager
            Source: 226dVJ2zRZ.exe, 00000000.00000002.4099331352.0000000003B59000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/01/23 | 21:18:25 - Program Manager
            Source: 226dVJ2zRZ.exe, 00000000.00000002.4097715923.0000000002F67000.00000004.00000800.00020000.00000000.sdmp, 226dVJ2zRZ.exe, 00000000.00000002.4099331352.0000000003B59000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/01/10 | 20:33:16 - Program Manager
            Source: 226dVJ2zRZ.exe, 00000000.00000002.4099331352.0000000003B59000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/01/19 | 13:50:23 - Program Manager
            Source: 226dVJ2zRZ.exe, 00000000.00000002.4099331352.0000000003B59000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/03/03 | 00:56:22 - Program Manager
            Source: 226dVJ2zRZ.exe, 00000000.00000002.4099331352.0000000003B59000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/02/29 | 12:58:04 - Program Manager
            Source: 226dVJ2zRZ.exe, 00000000.00000002.4099331352.0000000003B59000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/01/13 | 00:54:09 - Program Manager
            Source: 226dVJ2zRZ.exe, 00000000.00000002.4099331352.0000000003B59000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/02/12 | 07:50:57 - Program Manager
            Source: 226dVJ2zRZ.exe, 00000000.00000002.4099331352.0000000003B59000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/03/03 | 00:58:20 - Program Manager
            Source: 226dVJ2zRZ.exe, 00000000.00000002.4099331352.0000000003B59000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/03/02 | 23:16:49 - Program Manager
            Source: 226dVJ2zRZ.exe, 00000000.00000002.4099331352.0000000003B59000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/01/19 | 14:24:24 - Program Manager
            Source: 226dVJ2zRZ.exe, 00000000.00000002.4099331352.0000000003B59000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/02/21 | 00:42:04 - Program Manager
            Source: 226dVJ2zRZ.exe, 00000000.00000002.4099331352.0000000003B59000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/01/17 | 10:15:25 - Program Manager
            Source: 226dVJ2zRZ.exe, 00000000.00000002.4099331352.0000000003B59000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/02/05 | 19:47:02 - Program Manager
            Source: 226dVJ2zRZ.exe, 00000000.00000002.4099331352.0000000003B59000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/01/15 | 05:23:26 - Program Manager
            Source: 226dVJ2zRZ.exe, 00000000.00000002.4099331352.0000000003B59000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/02/18 | 20:51:23 - Program Manager
            Source: 226dVJ2zRZ.exe, 00000000.00000002.4099331352.0000000003B59000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/02/14 | 11:18:20 - Program Manager
            Source: 226dVJ2zRZ.exe, 00000000.00000002.4099331352.0000000003B59000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/02/18 | 20:33:18 - Program Manager
            Source: 226dVJ2zRZ.exe, 00000000.00000002.4099331352.0000000003B59000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/02/29 | 02:21:17 - Program Manager
            Source: 226dVJ2zRZ.exe, 00000000.00000002.4099331352.0000000003B59000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/01/19 | 13:49:01 - Program Manager
            Source: 226dVJ2zRZ.exe, 00000000.00000002.4099331352.0000000003B59000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/02/01 | 11:53:23 - Program Manager
            Source: 226dVJ2zRZ.exe, 00000000.00000002.4099331352.0000000003B59000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/03/03 | 00:06:41 - Program Manager
            Source: 226dVJ2zRZ.exe, 00000000.00000002.4099331352.0000000003B59000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/02/18 | 20:23:59 - Program Manager
            Source: 226dVJ2zRZ.exe, 00000000.00000002.4099331352.0000000003B59000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/01/19 | 13:55:15 - Program Manager
            Source: 226dVJ2zRZ.exe, 00000000.00000002.4099331352.0000000003B59000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/02/12 | 07:11:03 - Program Manager
            Source: 226dVJ2zRZ.exe, 00000000.00000002.4099331352.0000000003B59000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/01/19 | 13:39:42 - Program Manager
            Source: 226dVJ2zRZ.exe, 00000000.00000002.4099331352.0000000003B59000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/02/21 | 00:46:25 - Program Manager
            Source: 226dVJ2zRZ.exe, 00000000.00000002.4099331352.0000000003B59000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/02/29 | 17:12:12 - Program Manager
            Source: 226dVJ2zRZ.exe, 00000000.00000002.4099331352.0000000003B59000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/03/02 | 23:11:32 - Program Manager
            Source: 226dVJ2zRZ.exe, 00000000.00000002.4099331352.0000000003B59000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/02/18 | 20:17:45 - Program Manager
            Source: 226dVJ2zRZ.exe, 00000000.00000002.4099331352.0000000003B59000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/01/26 | 00:42:54 - Program Manager
            Source: 226dVJ2zRZ.exe, 00000000.00000002.4099331352.0000000003B59000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/02/14 | 12:05:25 - Program Manager
            Source: 226dVJ2zRZ.exe, 00000000.00000002.4099331352.0000000003B59000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/02/29 | 19:17:39 - Program Manager
            Source: 226dVJ2zRZ.exe, 00000000.00000002.4099331352.0000000003B59000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/01/15 | 05:27:22 - Program Manager
            Source: 226dVJ2zRZ.exe, 00000000.00000002.4099331352.0000000003B59000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/01/28 | 05:06:19 - Program Manager
            Source: 226dVJ2zRZ.exe, 00000000.00000002.4099331352.0000000003B59000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/02/14 | 11:43:09 - Program Manager
            Source: 226dVJ2zRZ.exe, 00000000.00000002.4099331352.0000000003B59000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/01/15 | 04:25:09 - Program Manager
            Source: 226dVJ2zRZ.exe, 00000000.00000002.4099331352.0000000003B59000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/02/12 | 07:13:26 - Program Manager
            Source: 226dVJ2zRZ.exe, 00000000.00000002.4099331352.0000000003B59000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/02/03 | 16:11:28 - Program Manager
            Source: 226dVJ2zRZ.exe, 00000000.00000002.4099331352.0000000003B59000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/02/18 | 20:30:24 - Program Manager
            Source: 226dVJ2zRZ.exe, 00000000.00000002.4099331352.0000000003B59000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/01/15 | 05:13:42 - Program Manager
            Source: 226dVJ2zRZ.exe, 00000000.00000002.4099331352.0000000003B59000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/02/21 | 00:27:27 - Program Manager
            Source: 226dVJ2zRZ.exe, 00000000.00000002.4099331352.0000000003B59000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/02/18 | 19:51:48 - Program Manager
            Source: 226dVJ2zRZ.exe, 00000000.00000002.4099331352.0000000003B59000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/01/19 | 14:19:06 - Program Manager
            Source: 226dVJ2zRZ.exe, 00000000.00000002.4099331352.0000000003B59000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/01/26 | 00:44:18 - Program Manager
            Source: 226dVJ2zRZ.exe, 00000000.00000002.4099331352.0000000003B59000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/01/21 | 17:55:26 - Program Manager
            Source: 226dVJ2zRZ.exe, 00000000.00000002.4099331352.0000000003B59000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/01/15 | 05:37:32 - Program Manager
            Source: 226dVJ2zRZ.exe, 00000000.00000002.4099331352.0000000003B59000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/03/03 | 01:11:51 - Program Manager
            Source: 226dVJ2zRZ.exe, 00000000.00000002.4099331352.0000000003B59000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/01/28 | 05:00:34 - Program Manager
            Source: 226dVJ2zRZ.exe, 00000000.00000002.4099331352.0000000003B59000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/02/01 | 12:13:41 - Program Manager
            Source: 226dVJ2zRZ.exe, 00000000.00000002.4099331352.0000000003B59000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/02/01 | 12:24:58 - Program Manager
            Source: 226dVJ2zRZ.exe, 00000000.00000002.4099331352.0000000003B59000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/01/19 | 13:32:18 - Program Manager
            Source: 226dVJ2zRZ.exe, 00000000.00000002.4099331352.0000000003B59000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/02/18 | 19:50:18 - Program Manager
            Source: 226dVJ2zRZ.exe, 00000000.00000002.4097715923.0000000002F67000.00000004.00000800.00020000.00000000.sdmp, 226dVJ2zRZ.exe, 00000000.00000002.4099331352.0000000003B59000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/01/10 | 20:40:09 - Program Manager
            Source: 226dVJ2zRZ.exe, 00000000.00000002.4099331352.0000000003B59000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/01/23 | 21:17:57 - Program Manager
            Source: 226dVJ2zRZ.exe, 00000000.00000002.4097715923.0000000002F67000.00000004.00000800.00020000.00000000.sdmp, 226dVJ2zRZ.exe, 00000000.00000002.4099331352.0000000003B59000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/01/10 | 15:12:59 - Program Manager
            Source: 226dVJ2zRZ.exe, 00000000.00000002.4099331352.0000000003B59000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/02/14 | 11:55:51 - Program Manager
            Source: 226dVJ2zRZ.exe, 00000000.00000002.4099331352.0000000003B59000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/02/18 | 20:31:54 - Program Manager
            Source: 226dVJ2zRZ.exe, 00000000.00000002.4099331352.0000000003B59000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/03/02 | 23:21:19 - Program Manager
            Source: 226dVJ2zRZ.exe, 00000000.00000002.4099331352.0000000003B59000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/01/17 | 10:06:34 - Program Manager
            Source: 226dVJ2zRZ.exe, 00000000.00000002.4099331352.0000000003B59000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/02/01 | 12:07:30 - Program Manager
            Source: 226dVJ2zRZ.exe, 00000000.00000002.4099331352.0000000003B59000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/03/03 | 00:05:11 - Program Manager
            Source: 226dVJ2zRZ.exe, 00000000.00000002.4099331352.0000000003B59000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/01/19 | 13:53:51 - Program Manager
            Source: 226dVJ2zRZ.exe, 00000000.00000002.4099331352.0000000003B59000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/02/10 | 03:24:58 - Program Manager
            Source: 226dVJ2zRZ.exe, 00000000.00000002.4099331352.0000000003B59000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/03/03 | 01:03:56 - Program Manager
            Source: 226dVJ2zRZ.exe, 00000000.00000002.4099331352.0000000003B59000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/01/10 | 17:24:26 - Program Manager
            Source: 226dVJ2zRZ.exe, 00000000.00000002.4099331352.0000000003B59000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/01/26 | 01:12:34 - Program Manager
            Source: 226dVJ2zRZ.exe, 00000000.00000002.4099331352.0000000003B59000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/02/18 | 20:03:14 - Program Manager
            Source: 226dVJ2zRZ.exe, 00000000.00000002.4097715923.0000000002F67000.00000004.00000800.00020000.00000000.sdmp, 226dVJ2zRZ.exe, 00000000.00000002.4099331352.0000000003B59000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/01/13 | 00:32:40 - Program Manager
            Source: 226dVJ2zRZ.exe, 00000000.00000002.4099331352.0000000003B59000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/03/02 | 22:35:30 - Program Manager
            Source: 226dVJ2zRZ.exe, 00000000.00000002.4099331352.0000000003B59000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/01/26 | 01:18:19 - Program Manager
            Source: 226dVJ2zRZ.exe, 00000000.00000002.4099331352.0000000003B59000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/02/21 | 01:01:54 - Program Manager
            Source: 226dVJ2zRZ.exe, 00000000.00000002.4099331352.0000000003B59000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/03/02 | 22:44:46 - Program Manager
            Source: 226dVJ2zRZ.exe, 00000000.00000002.4099331352.0000000003B59000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/01/13 | 00:51:15 - Program Manager
            Source: 226dVJ2zRZ.exe, 00000000.00000002.4099331352.0000000003B59000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/01/19 | 13:51:19 - Program Manager
            Source: 226dVJ2zRZ.exe, 00000000.00000002.4097715923.0000000002F67000.00000004.00000800.00020000.00000000.sdmp, 226dVJ2zRZ.exe, 00000000.00000002.4099331352.0000000003B59000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/01/10 | 20:29:28 - Program Manager
            Source: 226dVJ2zRZ.exe, 00000000.00000002.4099331352.0000000003B59000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/02/21 | 00:53:18 - Program Manager
            Source: 226dVJ2zRZ.exe, 00000000.00000002.4099331352.0000000003B59000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/02/12 | 07:09:13 - Program Manager
            Source: 226dVJ2zRZ.exe, 00000000.00000002.4099331352.0000000003B59000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/03/02 | 22:54:05 - Program Manager
            Source: 226dVJ2zRZ.exe, 00000000.00000002.4099331352.0000000003B59000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/02/03 | 16:09:38 - Program Manager
            Source: 226dVJ2zRZ.exe, 00000000.00000002.4097715923.0000000002F67000.00000004.00000800.00020000.00000000.sdmp, 226dVJ2zRZ.exe, 00000000.00000002.4099331352.0000000003B59000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/01/10 | 20:57:43 - Program Manager
            Source: 226dVJ2zRZ.exe, 00000000.00000002.4099331352.0000000003B59000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/02/23 | 04:36:26 - Program Manager
            Source: 226dVJ2zRZ.exe, 00000000.00000002.4099331352.0000000003B59000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/03/03 | 00:29:12 - Program Manager
            Source: 226dVJ2zRZ.exe, 00000000.00000002.4099331352.0000000003B59000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/01/15 | 05:19:13 - Program Manager
            Source: 226dVJ2zRZ.exe, 00000000.00000002.4097715923.0000000002F67000.00000004.00000800.00020000.00000000.sdmp, 226dVJ2zRZ.exe, 00000000.00000002.4099331352.0000000003B59000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/01/10 | 20:24:00 - Program Manager
            Source: 226dVJ2zRZ.exe, 00000000.00000002.4097715923.0000000002F67000.00000004.00000800.00020000.00000000.sdmp, 226dVJ2zRZ.exe, 00000000.00000002.4099331352.0000000003B59000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/01/10 | 20:28:21 - Program Manager
            Source: 226dVJ2zRZ.exe, 00000000.00000002.4099331352.0000000003B59000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/02/12 | 06:54:10 - Program Manager
            Source: 226dVJ2zRZ.exe, 00000000.00000002.4099331352.0000000003B59000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/02/18 | 19:54:14 - Program Manager
            Source: 226dVJ2zRZ.exe, 00000000.00000002.4099331352.0000000003B59000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/01/15 | 05:17:29 - Program Manager
            Source: 226dVJ2zRZ.exe, 00000000.00000002.4099331352.0000000003B59000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/02/21 | 00:23:40 - Program Manager
            Source: 226dVJ2zRZ.exe, 00000000.00000002.4099331352.0000000003B59000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/02/08 | 00:05:38 - Program Manager
            Source: 226dVJ2zRZ.exe, 00000000.00000002.4099331352.0000000003B59000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/02/08 | 00:01:17 - Program Manager
            Source: 226dVJ2zRZ.exe, 00000000.00000002.4099331352.0000000003B59000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/02/12 | 07:40:11 - Program Manager
            Source: 226dVJ2zRZ.exe, 00000000.00000002.4097715923.0000000002F67000.00000004.00000800.00020000.00000000.sdmp, 226dVJ2zRZ.exe, 00000000.00000002.4099331352.0000000003B59000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/01/10 | 15:13:27 - Program Manager
            Source: 226dVJ2zRZ.exe, 00000000.00000002.4099331352.0000000003B59000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/01/26 | 00:53:43 - Program Manager
            Source: 226dVJ2zRZ.exe, 00000000.00000002.4099331352.0000000003B59000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/02/12 | 07:44:32 - Program Manager
            Source: 226dVJ2zRZ.exe, 00000000.00000002.4099331352.0000000003B59000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/02/29 | 14:41:40 - Program Manager
            Source: 226dVJ2zRZ.exe, 00000000.00000002.4099331352.0000000003B59000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/01/26 | 01:21:11 - Program Manager
            Source: 226dVJ2zRZ.exe, 00000000.00000002.4099331352.0000000003B59000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/01/23 | 21:24:11 - Program Manager
            Source: 226dVJ2zRZ.exe, 00000000.00000002.4099331352.0000000003B59000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/02/14 | 11:25:27 - Program Manager
            Source: 226dVJ2zRZ.exe, 00000000.00000002.4099331352.0000000003B59000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/03/02 | 22:37:53 - Program Manager
            Source: 226dVJ2zRZ.exe, 00000000.00000002.4099331352.0000000003B59000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/01/17 | 10:07:16 - Program Manager
            Source: 226dVJ2zRZ.exe, 00000000.00000002.4099331352.0000000003B59000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/02/03 | 16:25:20 - Program Manager
            Source: 226dVJ2zRZ.exe, 00000000.00000002.4099331352.0000000003B59000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/02/18 | 19:57:05 - Program Manager
            Source: 226dVJ2zRZ.exe, 00000000.00000002.4099331352.0000000003B59000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/02/01 | 12:18:58 - Program Manager
            Source: 226dVJ2zRZ.exe, 00000000.00000002.4099331352.0000000003B59000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/01/13 | 00:52:45 - Program Manager
            Source: 226dVJ2zRZ.exe, 00000000.00000002.4099331352.0000000003B59000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/02/14 | 11:23:29 - Program Manager
            Source: 226dVJ2zRZ.exe, 00000000.00000002.4099331352.0000000003B59000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/02/07 | 23:49:44 - Program Manager
            Source: 226dVJ2zRZ.exe, 00000000.00000002.4099331352.0000000003B59000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/01/15 | 05:42:50 - Program Manager
            Source: 226dVJ2zRZ.exe, 00000000.00000002.4099331352.0000000003B59000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/03/02 | 23:09:42 - Program Manager
            Source: 226dVJ2zRZ.exe, 00000000.00000002.4099331352.0000000003B59000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/02/07 | 23:24:10 - Program Manager
            Source: 226dVJ2zRZ.exe, 00000000.00000002.4099331352.0000000003B59000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/02/29 | 14:06:21 - Program Manager
            Source: 226dVJ2zRZ.exe, 00000000.00000002.4099331352.0000000003B59000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/01/15 | 04:46:42 - Program Manager
            Source: 226dVJ2zRZ.exe, 00000000.00000002.4097715923.0000000002F67000.00000004.00000800.00020000.00000000.sdmp, 226dVJ2zRZ.exe, 00000000.00000002.4099331352.0000000003B59000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/01/10 | 20:13:11 - Program Manager
            Source: 226dVJ2zRZ.exe, 00000000.00000002.4099331352.0000000003B59000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/02/23 | 04:46:33 - Program Manager
            Source: 226dVJ2zRZ.exe, 00000000.00000002.4099331352.0000000003B59000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/01/15 | 05:54:32 - Program Manager
            Source: 226dVJ2zRZ.exe, 00000000.00000002.4099331352.0000000003B59000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/03/03 | 00:50:51 - Program Manager
            Source: 226dVJ2zRZ.exe, 00000000.00000002.4099331352.0000000003B59000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/02/29 | 12:33:21 - Program Manager
            Source: 226dVJ2zRZ.exe, 00000000.00000002.4099331352.0000000003B59000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/02/16 | 16:30:20 - Program Manager
            Source: 226dVJ2zRZ.exe, 00000000.00000002.4099331352.0000000003B59000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/02/05 | 19:51:18 - Program Manager
            Source: 226dVJ2zRZ.exe, 00000000.00000002.4099331352.0000000003B59000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/03/03 | 00:26:46 - Program Manager
            Source: 226dVJ2zRZ.exe, 00000000.00000002.4099331352.0000000003B59000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/02/07 | 23:35:38 - Program Manager
            Source: 226dVJ2zRZ.exe, 00000000.00000002.4099331352.0000000003B59000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/01/26 | 01:32:51 - Program Manager
            Source: 226dVJ2zRZ.exe, 00000000.00000002.4099331352.0000000003B59000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/02/12 | 07:45:28 - Program Manager
            Source: 226dVJ2zRZ.exe, 00000000.00000002.4099331352.0000000003B59000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/02/03 | 16:11:14 - Program Manager
            Source: 226dVJ2zRZ.exe, 00000000.00000002.4099331352.0000000003B59000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/02/18 | 19:56:37 - Program Manager
            Source: 226dVJ2zRZ.exe, 00000000.00000002.4099331352.0000000003B59000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/01/26 | 00:48:00 - Program Manager
            Source: 226dVJ2zRZ.exe, 00000000.00000002.4099331352.0000000003B59000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/03/03 | 00:22:25 - Program Manager
            Source: 226dVJ2zRZ.exe, 00000000.00000002.4099331352.0000000003B59000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/01/26 | 01:04:11 - Program Manager
            Source: 226dVJ2zRZ.exe, 00000000.00000002.4097715923.0000000002F67000.00000004.00000800.00020000.00000000.sdmp, 226dVJ2zRZ.exe, 00000000.00000002.4099331352.0000000003B59000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/01/10 | 20:42:07 - Program Manager
            Source: 226dVJ2zRZ.exe, 00000000.00000002.4099331352.0000000003B59000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/02/14 | 12:04:09 - Program Manager
            Source: 226dVJ2zRZ.exe, 00000000.00000002.4099331352.0000000003B59000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/01/15 | 05:39:30 - Program Manager
            Source: 226dVJ2zRZ.exe, 00000000.00000002.4099331352.0000000003B59000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/01/15 | 04:30:38 - Program Manager
            Source: 226dVJ2zRZ.exe, 00000000.00000002.4099331352.0000000003B59000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/01/17 | 09:57:34 - Program Manager
            Source: 226dVJ2zRZ.exe, 00000000.00000002.4099331352.0000000003B59000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/02/12 | 07:45:14 - Program Manager
            Source: 226dVJ2zRZ.exe, 00000000.00000002.4099331352.0000000003B59000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/02/21 | 00:58:33 - Program Manager
            Source: 226dVJ2zRZ.exe, 00000000.00000002.4097715923.0000000002F67000.00000004.00000800.00020000.00000000.sdmp, 226dVJ2zRZ.exe, 00000000.00000002.4099331352.0000000003B59000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/01/10 | 21:00:02 - Program Manager
            Source: Java update.exe, 00000008.00000002.2188399266.00000000029CE000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/01/10 | 15:12:45 - Program Manager
            Source: 226dVJ2zRZ.exe, 00000000.00000002.4099331352.0000000003B59000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/01/21 | 17:57:10 - Program Manager
            Source: 226dVJ2zRZ.exe, 00000000.00000002.4099331352.0000000003B59000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/03/02 | 23:03:37 - Program Manager
            Source: 226dVJ2zRZ.exe, 00000000.00000002.4099331352.0000000003B59000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/01/26 | 01:08:46 - Program Manager
            Source: 226dVJ2zRZ.exe, 00000000.00000002.4099331352.0000000003B59000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/01/13 | 00:49:39 - Program Manager
            Source: 226dVJ2zRZ.exe, 00000000.00000002.4099331352.0000000003B59000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/01/15 | 04:47:10 - Program Manager
            Source: 226dVJ2zRZ.exe, 00000000.00000002.4099331352.0000000003B59000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/01/15 | 05:46:37 - Program Manager
            Source: 226dVJ2zRZ.exe, 00000000.00000002.4099331352.0000000003B59000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/01/15 | 05:32:17 - Program Manager
            Source: 226dVJ2zRZ.exe, 00000000.00000002.4099331352.0000000003B59000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/02/01 | 12:22:46 - Program Manager
            Source: 226dVJ2zRZ.exe, 00000000.00000002.4099331352.0000000003B59000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/03/03 | 01:05:54 - Program Manager
            Source: 226dVJ2zRZ.exe, 00000000.00000002.4099331352.0000000003B59000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/01/15 | 04:56:01 - Program Manager
            Source: 226dVJ2zRZ.exe, 00000000.00000002.4099331352.0000000003B59000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/01/19 | 13:43:58 - Program Manager
            Source: 226dVJ2zRZ.exe, 00000000.00000002.4099331352.0000000003B59000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/01/15 | 04:37:51 - Program Manager
            Source: 226dVJ2zRZ.exe, 00000000.00000002.4099331352.0000000003B59000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/03/02 | 23:21:05 - Program Manager
            Source: 226dVJ2zRZ.exe, 00000000.00000002.4099331352.0000000003B59000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/01/23 | 21:19:55 - Program Manager
            Source: 226dVJ2zRZ.exe, 00000000.00000002.4099331352.0000000003B59000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/02/10 | 03:22:21 - Program Manager
            Source: 226dVJ2zRZ.exe, 00000000.00000002.4099331352.0000000003B59000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/01/13 | 00:58:16 - Program Manager
            Source: 226dVJ2zRZ.exe, 00000000.00000002.4099331352.0000000003B59000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/03/02 | 23:07:58 - Program Manager
            Source: 226dVJ2zRZ.exe, 00000000.00000002.4097715923.0000000002F67000.00000004.00000800.00020000.00000000.sdmp, 226dVJ2zRZ.exe, 00000000.00000002.4099331352.0000000003B59000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/01/10 | 20:25:41 - Program Manager
            Source: 226dVJ2zRZ.exe, 00000000.00000002.4099331352.0000000003B59000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/02/18 | 20:52:53 - Program Manager
            Source: 226dVJ2zRZ.exe, 00000000.00000002.4099331352.0000000003B59000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/02/14 | 13:00:03 - Program Manager
            Source: 226dVJ2zRZ.exe, 00000000.00000002.4099331352.0000000003B59000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/02/03 | 15:53:19 - Program Manager
            Source: 226dVJ2zRZ.exe, 00000000.00000002.4099331352.0000000003B59000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/02/07 | 23:27:29 - Program Manager
            Source: 226dVJ2zRZ.exe, 00000000.00000002.4099331352.0000000003B59000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/02/12 | 06:43:35 - Program Manager
            Source: 226dVJ2zRZ.exe, 00000000.00000002.4099331352.0000000003B59000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/02/05 | 19:46:48 - Program Manager
            Source: 226dVJ2zRZ.exe, 00000000.00000002.4099331352.0000000003B59000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/02/03 | 16:02:37 - Program Manager
            Source: 226dVJ2zRZ.exe, 00000000.00000002.4099331352.0000000003B59000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/02/21 | 00:29:11 - Program Manager
            Source: 226dVJ2zRZ.exe, 00000000.00000002.4099331352.0000000003B59000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/02/12 | 07:06:33 - Program Manager
            Source: 226dVJ2zRZ.exe, 00000000.00000002.4099331352.0000000003B59000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/02/18 | 20:23:31 - Program Manager
            Source: 226dVJ2zRZ.exe, 00000000.00000002.4099331352.0000000003B59000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/02/12 | 07:22:17 - Program Manager
            Source: 226dVJ2zRZ.exe, 00000000.00000002.4099331352.0000000003B59000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/02/21 | 01:01:40 - Program Manager
            Source: 226dVJ2zRZ.exe, 00000000.00000002.4099331352.0000000003B59000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/03/03 | 00:38:06 - Program Manager
            Source: 226dVJ2zRZ.exe, 00000000.00000002.4099331352.0000000003B59000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/02/12 | 07:10:46 - Program Manager
            Source: 226dVJ2zRZ.exe, 00000000.00000002.4099331352.0000000003B59000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/01/19 | 14:06:08 - Program Manager
            Source: 226dVJ2zRZ.exe, 00000000.00000002.4099331352.0000000003B59000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/03/03 | 01:12:58 - Program Manager
            Source: 226dVJ2zRZ.exe, 00000000.00000002.4099331352.0000000003B59000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/01/19 | 13:38:01 - Program Manager
            Source: 226dVJ2zRZ.exe, 00000000.00000002.4099331352.0000000003B59000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/02/28 | 23:37:32 - Program Manager
            Source: 226dVJ2zRZ.exe, 00000000.00000002.4099331352.0000000003B59000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/02/07 | 23:08:14 - Program Manager
            Source: 226dVJ2zRZ.exe, 00000000.00000002.4099331352.0000000003B59000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/02/12 | 07:22:03 - Program Manager
            Source: 226dVJ2zRZ.exe, 00000000.00000002.4099331352.0000000003B59000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/02/21 | 00:38:53 - Program Manager
            Source: 226dVJ2zRZ.exe, 00000000.00000002.4099331352.0000000003B59000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/02/07 | 23:42:17 - Program Manager
            Source: 226dVJ2zRZ.exe, 00000000.00000002.4099331352.0000000003B59000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/01/15 | 06:04:32 - Program Manager
            Source: 226dVJ2zRZ.exe, 00000000.00000002.4099331352.0000000003B59000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/02/18 | 20:39:26 - Program Manager
            Source: 226dVJ2zRZ.exe, 00000000.00000002.4099331352.0000000003B59000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/01/26 | 01:35:08 - Program Manager
            Source: 226dVJ2zRZ.exe, 00000000.00000002.4099331352.0000000003B59000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/02/12 | 07:13:15 - Program Manager
            Source: 226dVJ2zRZ.exe, 00000000.00000002.4099331352.0000000003B59000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/01/21 | 17:54:44 - Program Manager
            Source: 226dVJ2zRZ.exe, 00000000.00000002.4099331352.0000000003B59000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/01/21 | 17:57:13 - Program Manager
            Source: 226dVJ2zRZ.exe, 00000000.00000002.4097715923.0000000002F67000.00000004.00000800.00020000.00000000.sdmp, 226dVJ2zRZ.exe, 00000000.00000002.4099331352.0000000003B59000.00000004.00000800.00020000.00000000.sdmp, Java update.exe, 00000008.00000002.2188399266.00000000029CE000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/01/10 | 15:12:48 - Program Manager
            Source: 226dVJ2zRZ.exe, 00000000.00000002.4099331352.0000000003B59000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/02/18 | 19:53:57 - Program Manager
            Source: 226dVJ2zRZ.exe, 00000000.00000002.4099331352.0000000003B59000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/02/14 | 11:35:59 - Program Manager
            Source: 226dVJ2zRZ.exe, 00000000.00000002.4099331352.0000000003B59000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/02/14 | 13:13:15 - Program Manager
            Source: 226dVJ2zRZ.exe, 00000000.00000002.4099331352.0000000003B59000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/02/03 | 15:59:16 - Program Manager
            Source: 226dVJ2zRZ.exe, 00000000.00000002.4099331352.0000000003B59000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/02/29 | 03:03:50 - Program Manager
            Source: 226dVJ2zRZ.exe, 00000000.00000002.4099331352.0000000003B59000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/01/15 | 04:36:35 - Program Manager
            Source: 226dVJ2zRZ.exe, 00000000.00000002.4099331352.0000000003B59000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/01/26 | 01:01:59 - Program Manager
            Source: 226dVJ2zRZ.exe, 00000000.00000002.4099331352.0000000003B59000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/03/03 | 00:47:20 - Program Manager
            Source: 226dVJ2zRZ.exe, 00000000.00000002.4099331352.0000000003B59000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/01/15 | 05:51:29 - Program Manager
            Source: 226dVJ2zRZ.exe, 00000000.00000002.4099331352.0000000003B59000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/02/14 | 13:05:57 - Program Manager
            Source: 226dVJ2zRZ.exe, 00000000.00000002.4099331352.0000000003B59000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/02/07 | 23:22:23 - Program Manager
            Source: 226dVJ2zRZ.exe, 00000000.00000002.4097715923.0000000002F67000.00000004.00000800.00020000.00000000.sdmp, 226dVJ2zRZ.exe, 00000000.00000002.4099331352.0000000003B59000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/01/10 | 20:31:04 - Program Manager
            Source: 226dVJ2zRZ.exe, 00000000.00000002.4099331352.0000000003B59000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/01/13 | 00:38:22 - Program Manager
            Source: 226dVJ2zRZ.exe, 00000000.00000002.4099331352.0000000003B59000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/01/19 | 13:34:05 - Program Manager
            Source: 226dVJ2zRZ.exe, 00000000.00000002.4099331352.0000000003B59000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/01/19 | 13:42:51 - Program Manager
            Source: 226dVJ2zRZ.exe, 00000000.00000002.4099331352.0000000003B59000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/01/15 | 04:32:39 - Program Manager
            Source: 226dVJ2zRZ.exe, 00000000.00000002.4097715923.0000000002F67000.00000004.00000800.00020000.00000000.sdmp, 226dVJ2zRZ.exe, 00000000.00000002.4099331352.0000000003B59000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/01/13 | 00:32:54 - Program Manager
            Source: 226dVJ2zRZ.exe, 00000000.00000002.4099331352.0000000003B59000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/02/21 | 00:46:14 - Program Manager
            Source: 226dVJ2zRZ.exe, 00000000.00000002.4099331352.0000000003B59000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/01/17 | 10:05:52 - Program Manager
            Source: 226dVJ2zRZ.exe, 00000000.00000002.4099331352.0000000003B59000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/02/03 | 16:22:03 - Program Manager
            Source: 226dVJ2zRZ.exe, 00000000.00000002.4099331352.0000000003B59000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/01/15 | 05:11:55 - Program Manager
            Source: 226dVJ2zRZ.exe, 00000000.00000002.4099331352.0000000003B59000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/01/26 | 00:49:55 - Program Manager
            Source: 226dVJ2zRZ.exe, 00000000.00000002.4099331352.0000000003B59000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/02/07 | 23:48:11 - Program Manager
            Source: 226dVJ2zRZ.exe, 00000000.00000002.4099331352.0000000003B59000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/01/17 | 10:06:23 - Program Manager
            Source: 226dVJ2zRZ.exe, 00000000.00000002.4099331352.0000000003B59000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/02/03 | 16:25:48 - Program Manager
            Source: 226dVJ2zRZ.exe, 00000000.00000002.4099331352.0000000003B59000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/02/12 | 07:39:03 - Program Manager
            Source: 226dVJ2zRZ.exe, 00000000.00000002.4099331352.0000000003B59000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/03/03 | 00:16:11 - Program Manager
            Source: 226dVJ2zRZ.exe, 00000000.00000002.4099331352.0000000003B59000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/02/21 | 00:53:04 - Program Manager
            Source: 226dVJ2zRZ.exe, 00000000.00000002.4099331352.0000000003B59000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/02/18 | 19:47:09 - Program Manager
            Source: 226dVJ2zRZ.exe, 00000000.00000002.4099331352.0000000003B59000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/03/03 | 00:55:40 - Program Manager
            Source: 226dVJ2zRZ.exe, 00000000.00000002.4099331352.0000000003B59000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/02/07 | 23:08:17 - Program Manager
            Source: 226dVJ2zRZ.exe, 00000000.00000002.4099331352.0000000003B59000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/02/01 | 12:06:11 - Program Manager
            Source: 226dVJ2zRZ.exe, 00000000.00000002.4099331352.0000000003B59000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/01/10 | 16:00:58 - Program Manager
            Source: 226dVJ2zRZ.exe, 00000000.00000002.4097715923.0000000002F67000.00000004.00000800.00020000.00000000.sdmp, 226dVJ2zRZ.exe, 00000000.00000002.4099331352.0000000003B59000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/01/13 | 00:28:04 - Program Manager
            Source: 226dVJ2zRZ.exe, 00000000.00000002.4099331352.0000000003B59000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/01/19 | 14:02:09 - Program Manager
            Source: 226dVJ2zRZ.exe, 00000000.00000002.4099331352.0000000003B59000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/03/03 | 01:04:21 - Program Manager
            Source: 226dVJ2zRZ.exe, 00000000.00000002.4099331352.0000000003B59000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/02/23 | 04:48:20 - Program Manager
            Source: 226dVJ2zRZ.exe, 00000000.00000002.4099331352.0000000003B59000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/01/15 | 06:05:00 - Program Manager
            Source: 226dVJ2zRZ.exe, 00000000.00000002.4099331352.0000000003B59000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/02/21 | 00:32:56 - Program Manager
            Source: 226dVJ2zRZ.exe, 00000000.00000002.4099331352.0000000003B59000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/02/10 | 03:21:50 - Program Manager
            Source: 226dVJ2zRZ.exe, 00000000.00000002.4099331352.0000000003B59000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/01/19 | 14:10:58 - Program Manager
            Source: 226dVJ2zRZ.exe, 00000000.00000002.4099331352.0000000003B59000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/01/15 | 04:29:42 - Program Manager
            Source: 226dVJ2zRZ.exe, 00000000.00000002.4099331352.0000000003B59000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/02/21 | 00:31:29 - Program Manager
            Source: 226dVJ2zRZ.exe, 00000000.00000002.4099331352.0000000003B59000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/01/26 | 00:55:44 - Program Manager
            Source: 226dVJ2zRZ.exe, 00000000.00000002.4099331352.0000000003B59000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/03/03 | 00:54:13 - Program Manager
            Source: 226dVJ2zRZ.exe, 00000000.00000002.4099331352.0000000003B59000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/03/03 | 00:27:17 - Program Manager
            Source: 226dVJ2zRZ.exe, 00000000.00000002.4099331352.0000000003B59000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/01/15 | 05:03:21 - Program Manager
            Source: 226dVJ2zRZ.exe, 00000000.00000002.4099331352.0000000003B59000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/02/23 | 04:45:28 - Program Manager
            Source: 226dVJ2zRZ.exe, 00000000.00000002.4099331352.0000000003B59000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/01/26 | 01:09:25 - Program Manager
            Source: 226dVJ2zRZ.exe, 00000000.00000002.4099331352.0000000003B59000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/02/14 | 13:06:25 - Program Manager
            Source: 226dVJ2zRZ.exe, 00000000.00000002.4097715923.0000000002F67000.00000004.00000800.00020000.00000000.sdmp, 226dVJ2zRZ.exe, 00000000.00000002.4099331352.0000000003B59000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/01/10 | 21:05:31 - Program Manager
            Source: 226dVJ2zRZ.exe, 00000000.00000002.4099331352.0000000003B59000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/01/26 | 00:46:27 - Program Manager
            Source: 226dVJ2zRZ.exe, 00000000.00000002.4099331352.0000000003B59000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/01/17 | 10:04:22 - Program Manager
            Source: 226dVJ2zRZ.exe, 00000000.00000002.4099331352.0000000003B59000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/02/14 | 12:52:01 - Program Manager
            Source: 226dVJ2zRZ.exe, 00000000.00000002.4099331352.0000000003B59000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/03/02 | 22:59:08 - Program Manager
            Source: 226dVJ2zRZ.exe, 00000000.00000002.4099331352.0000000003B59000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/02/18 | 20:57:05 - Program Manager
            Source: 226dVJ2zRZ.exe, 00000000.00000002.4097715923.0000000002F67000.00000004.00000800.00020000.00000000.sdmp, 226dVJ2zRZ.exe, 00000000.00000002.4099331352.0000000003B59000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/01/13 | 00:33:22 - Program Manager
            Source: 226dVJ2zRZ.exe, 00000000.00000002.4099331352.0000000003B59000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/02/21 | 01:06:57 - Program Manager
            Source: 226dVJ2zRZ.exe, 00000000.00000002.4099331352.0000000003B59000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/01/15 | 06:06:30 - Program Manager
            Source: 226dVJ2zRZ.exe, 00000000.00000002.4099331352.0000000003B59000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/01/19 | 13:37:07 - Program Manager
            Source: 226dVJ2zRZ.exe, 00000000.00000002.4099331352.0000000003B59000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/02/14 | 12:25:08 - Program Manager
            Source: 226dVJ2zRZ.exe, 00000000.00000002.4099331352.0000000003B59000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/01/15 | 05:21:40 - Program Manager
            Source: 226dVJ2zRZ.exe, 00000000.00000002.4099331352.0000000003B59000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/01/15 | 05:59:38 - Program Manager
            Source: 226dVJ2zRZ.exe, 00000000.00000002.4099331352.0000000003B59000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/01/13 | 00:49:28 - Program Manager
            Source: 226dVJ2zRZ.exe, 00000000.00000002.4099331352.0000000003B59000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/02/12 | 07:29:18 - Program Manager
            Source: 226dVJ2zRZ.exe, 00000000.00000002.4099331352.0000000003B59000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/02/18 | 20:20:51 - Program Manager
            Source: 226dVJ2zRZ.exe, 00000000.00000002.4099331352.0000000003B59000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/02/14 | 11:36:27 - Program Manager
            Source: 226dVJ2zRZ.exe, 00000000.00000002.4099331352.0000000003B59000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/03/02 | 22:53:23 - Program Manager
            Source: 226dVJ2zRZ.exe, 00000000.00000002.4099331352.0000000003B59000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/02/03 | 15:48:27 - Program Manager
            Source: 226dVJ2zRZ.exe, 00000000.00000002.4097715923.0000000002F67000.00000004.00000800.00020000.00000000.sdmp, 226dVJ2zRZ.exe, 00000000.00000002.4099331352.0000000003B59000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/01/10 | 21:01:35 - Program Manager
            Source: 226dVJ2zRZ.exe, 00000000.00000002.4099331352.0000000003B59000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/02/18 | 21:00:15 - Program Manager
            Source: 226dVJ2zRZ.exe, 00000000.00000002.4099331352.0000000003B59000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/01/15 | 05:53:53 - Program Manager
            Source: 226dVJ2zRZ.exe, 00000000.00000002.4099331352.0000000003B59000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/02/12 | 07:23:33 - Program Manager
            Source: 226dVJ2zRZ.exe, 00000000.00000002.4099331352.0000000003B59000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/02/21 | 00:58:44 - Program Manager
            Source: 226dVJ2zRZ.exe, 00000000.00000002.4099331352.0000000003B59000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/03/03 | 00:06:55 - Program Manager
            Source: 226dVJ2zRZ.exe, 00000000.00000002.4099331352.0000000003B59000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/02/03 | 16:22:06 - Program Manager
            Source: 226dVJ2zRZ.exe, 00000000.00000002.4099331352.0000000003B59000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/03/02 | 23:42:04 - Program Manager
            Source: 226dVJ2zRZ.exe, 00000000.00000002.4099331352.0000000003B59000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/01/15 | 06:33:40 - Program Manager
            Source: 226dVJ2zRZ.exe, 00000000.00000002.4099331352.0000000003B59000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/01/15 | 04:47:38 - Program Manager
            Source: 226dVJ2zRZ.exe, 00000000.00000002.4099331352.0000000003B59000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/01/23 | 21:17:06 - Program Manager
            Source: 226dVJ2zRZ.exe, 00000000.00000002.4099331352.0000000003B59000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/02/18 | 20:40:31 - Program Manager
            Source: 226dVJ2zRZ.exe, 00000000.00000002.4099331352.0000000003B59000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/03/02 | 22:49:35 - Program Manager
            Source: 226dVJ2zRZ.exe, 00000000.00000002.4099331352.0000000003B59000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/03/02 | 23:55:02 - Program Manager
            Source: 226dVJ2zRZ.exe, 00000000.00000002.4097715923.0000000002F67000.00000004.00000800.00020000.00000000.sdmp, 226dVJ2zRZ.exe, 00000000.00000002.4099331352.0000000003B59000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/01/10 | 21:01:32 - Program Manager
            Source: 226dVJ2zRZ.exe, 00000000.00000002.4099331352.0000000003B59000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/02/03 | 16:27:43 - Program Manager
            Source: 226dVJ2zRZ.exe, 00000000.00000002.4099331352.0000000003B59000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/03/02 | 22:57:36 - Program Manager
            Source: 226dVJ2zRZ.exe, 00000000.00000002.4099331352.0000000003B59000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/02/03 | 16:07:29 - Program Manager
            Source: 226dVJ2zRZ.exe, 00000000.00000002.4099331352.0000000003B59000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/02/18 | 20:33:41 - Program Manager
            Source: 226dVJ2zRZ.exe, 00000000.00000002.4099331352.0000000003B59000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/02/14 | 13:02:12 - Program Manager
            Source: 226dVJ2zRZ.exe, 00000000.00000002.4099331352.0000000003B59000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/01/15 | 04:30:50 - Program Manager
            Source: 226dVJ2zRZ.exe, 00000000.00000002.4099331352.0000000003B59000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/01/26 | 01:31:35 - Program Manager
            Source: 226dVJ2zRZ.exe, 00000000.00000002.4099331352.0000000003B59000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/02/21 | 00:47:58 - Program Manager
            Source: 226dVJ2zRZ.exe, 00000000.00000002.4099331352.0000000003B59000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/02/05 | 19:53:13 - Program Manager
            Source: 226dVJ2zRZ.exe, 00000000.00000002.4099331352.0000000003B59000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/01/15 | 06:22:11 - Program Manager
            Source: 226dVJ2zRZ.exe, 00000000.00000002.4099331352.0000000003B59000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/01/26 | 00:55:41 - Program Manager
            Source: 226dVJ2zRZ.exe, 00000000.00000002.4099331352.0000000003B59000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/02/03 | 16:24:18 - Program Manager
            Source: 226dVJ2zRZ.exe, 00000000.00000002.4099331352.0000000003B59000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/02/29 | 13:05:35 - Program Manager
            Source: 226dVJ2zRZ.exe, 00000000.00000002.4097715923.0000000002F67000.00000004.00000800.00020000.00000000.sdmp, 226dVJ2zRZ.exe, 00000000.00000002.4099331352.0000000003B59000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/01/10 | 21:06:49 - Program Manager
            Source: 226dVJ2zRZ.exe, 00000000.00000002.4099331352.0000000003B59000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/02/12 | 07:04:21 - Program Manager
            Source: 226dVJ2zRZ.exe, 00000000.00000002.4099331352.0000000003B59000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/02/14 | 13:06:22 - Program Manager
            Source: 226dVJ2zRZ.exe, 00000000.00000002.4099331352.0000000003B59000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/02/23 | 14:43:04 - Program Manager
            Source: 226dVJ2zRZ.exe, 00000000.00000002.4099331352.0000000003B59000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/01/15 | 04:21:33 - Program Manager
            Source: 226dVJ2zRZ.exe, 00000000.00000002.4099331352.0000000003B59000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/01/19 | 14:23:56 - Program Manager
            Source: 226dVJ2zRZ.exe, 00000000.00000002.4099331352.0000000003B59000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/02/21 | 01:03:55 - Program Manager
            Source: 226dVJ2zRZ.exe, 00000000.00000002.4097715923.0000000002F67000.00000004.00000800.00020000.00000000.sdmp, 226dVJ2zRZ.exe, 00000000.00000002.4099331352.0000000003B59000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/01/13 | 00:34:29 - Program Manager
            Source: 226dVJ2zRZ.exe, 00000000.00000002.4099331352.0000000003B59000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/03/03 | 00:25:16 - Program Manager
            Source: 226dVJ2zRZ.exe, 00000000.00000002.4097715923.0000000002F67000.00000004.00000800.00020000.00000000.sdmp, 226dVJ2zRZ.exe, 00000000.00000002.4099331352.0000000003B59000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/01/10 | 20:26:48 - Program Manager
            Source: 226dVJ2zRZ.exe, 00000000.00000002.4099331352.0000000003B59000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/01/26 | 00:51:31 - Program Manager
            Source: 226dVJ2zRZ.exe, 00000000.00000002.4099331352.0000000003B59000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/02/01 | 11:46:41 - Program Manager
            Source: 226dVJ2zRZ.exe, 00000000.00000002.4099331352.0000000003B59000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/02/08 | 00:02:58 - Program Manager
            Source: 226dVJ2zRZ.exe, 00000000.00000002.4099331352.0000000003B59000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/02/03 | 16:21:38 - Program Manager
            Source: 226dVJ2zRZ.exe, 00000000.00000002.4099331352.0000000003B59000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/01/15 | 05:32:06 - Program Manager
            Source: 226dVJ2zRZ.exe, 00000000.00000002.4099331352.0000000003B59000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/02/03 | 15:53:31 - Program Manager
            Source: 226dVJ2zRZ.exe, 00000000.00000002.4099331352.0000000003B59000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/02/14 | 11:34:55 - Program Manager
            Source: 226dVJ2zRZ.exe, 00000000.00000002.4099331352.0000000003B59000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/03/03 | 00:44:28 - Program Manager
            Source: 226dVJ2zRZ.exe, 00000000.00000002.4099331352.0000000003B59000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/01/19 | 13:36:39 - Program Manager
            Source: 226dVJ2zRZ.exe, 00000000.00000002.4099331352.0000000003B59000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/01/28 | 05:01:50 - Program Manager
            Source: 226dVJ2zRZ.exe, 00000000.00000002.4099331352.0000000003B59000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/03/02 | 22:37:42 - Program Manager
            Source: 226dVJ2zRZ.exe, 00000000.00000002.4099331352.0000000003B59000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/01/15 | 04:49:22 - Program Manager
            Source: 226dVJ2zRZ.exe, 00000000.00000002.4099331352.0000000003B59000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/01/15 | 05:48:49 - Program Manager
            Source: 226dVJ2zRZ.exe, 00000000.00000002.4099331352.0000000003B59000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/03/02 | 23:57:39 - Program Manager
            Source: 226dVJ2zRZ.exe, 00000000.00000002.4099331352.0000000003B59000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/03/02 | 22:48:19 - Program Manager
            Source: 226dVJ2zRZ.exe, 00000000.00000002.4099331352.0000000003B59000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/01/26 | 01:21:39 - Program Manager
            Source: 226dVJ2zRZ.exe, 00000000.00000002.4099331352.0000000003B59000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/02/14 | 11:36:16 - Program Manager
            Source: 226dVJ2zRZ.exe, 00000000.00000002.4099331352.0000000003B59000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/03/03 | 00:50:40 - Program Manager
            Source: 226dVJ2zRZ.exe, 00000000.00000002.4099331352.0000000003B59000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/03/03 | 00:35:01 - Program Manager
            Source: 226dVJ2zRZ.exe, 00000000.00000002.4099331352.0000000003B59000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/01/15 | 05:19:24 - Program Manager
            Source: 226dVJ2zRZ.exe, 00000000.00000002.4099331352.0000000003B59000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/01/26 | 00:51:48 - Program Manager
            Source: 226dVJ2zRZ.exe, 00000000.00000002.4099331352.0000000003B59000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/02/12 | 07:08:59 - Program Manager
            Source: 226dVJ2zRZ.exe, 00000000.00000002.4099331352.0000000003B59000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/02/21 | 01:05:16 - Program Manager
            Source: 226dVJ2zRZ.exe, 00000000.00000002.4099331352.0000000003B59000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/03/02 | 23:58:47 - Program Manager
            Source: 226dVJ2zRZ.exe, 00000000.00000002.4099331352.0000000003B59000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/02/18 | 20:38:58 - Program Manager
            Source: 226dVJ2zRZ.exe, 00000000.00000002.4099331352.0000000003B59000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/01/26 | 01:29:31 - Program Manager
            Source: 226dVJ2zRZ.exe, 00000000.00000002.4099331352.0000000003B59000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/02/12 | 06:40:44 - Program Manager
            Source: 226dVJ2zRZ.exe, 00000000.00000002.4099331352.0000000003B59000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/02/23 | 04:34:51 - Program Manager
            Source: 226dVJ2zRZ.exe, 00000000.00000002.4099331352.0000000003B59000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/01/15 | 04:50:58 - Program Manager
            Source: 226dVJ2zRZ.exe, 00000000.00000002.4099331352.0000000003B59000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/02/03 | 16:21:35 - Program Manager
            Source: 226dVJ2zRZ.exe, 00000000.00000002.4099331352.0000000003B59000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/02/14 | 12:29:01 - Program Manager
            Source: 226dVJ2zRZ.exe, 00000000.00000002.4097715923.0000000002F67000.00000004.00000800.00020000.00000000.sdmp, 226dVJ2zRZ.exe, 00000000.00000002.4099331352.0000000003B59000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/01/10 | 20:33:05 - Program Manager
            Source: 226dVJ2zRZ.exe, 00000000.00000002.4099331352.0000000003B59000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/02/07 | 23:11:37 - Program Manager
            Source: 226dVJ2zRZ.exe, 00000000.00000002.4099331352.0000000003B59000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/02/21 | 00:42:41 - Program Manager
            Source: 226dVJ2zRZ.exe, 00000000.00000002.4099331352.0000000003B59000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/02/03 | 15:52:12 - Program Manager
            Source: 226dVJ2zRZ.exe, 00000000.00000002.4099331352.0000000003B59000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/02/12 | 07:28:00 - Program Manager
            Source: 226dVJ2zRZ.exe, 00000000.00000002.4099331352.0000000003B59000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/01/26 | 01:00:52 - Program Manager
            Source: 226dVJ2zRZ.exe, 00000000.00000002.4099331352.0000000003B59000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/02/01 | 12:12:39 - Program Manager
            Source: 226dVJ2zRZ.exe, 00000000.00000002.4099331352.0000000003B59000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/01/26 | 01:15:14 - Program Manager
            Source: 226dVJ2zRZ.exe, 00000000.00000002.4099331352.0000000003B59000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/02/29 | 02:58:56 - Program Manager
            Source: 226dVJ2zRZ.exe, 00000000.00000002.4097715923.0000000002F67000.00000004.00000800.00020000.00000000.sdmp, 226dVJ2zRZ.exe, 00000000.00000002.4099331352.0000000003B59000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/01/10 | 20:58:36 - Program Manager
            Source: 226dVJ2zRZ.exe, 00000000.00000002.4099331352.0000000003B59000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/01/15 | 05:30:45 - Program Manager
            Source: 226dVJ2zRZ.exe, 00000000.00000002.4097715923.0000000002F67000.00000004.00000800.00020000.00000000.sdmp, 226dVJ2zRZ.exe, 00000000.00000002.4099331352.0000000003B59000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/01/10 | 19:54:01 - Program Manager
            Source: C:\Users\user\Desktop\226dVJ2zRZ.exeQueries volume information: C:\Users\user\Desktop\226dVJ2zRZ.exe VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\226dVJ2zRZ.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\226dVJ2zRZ.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\226dVJ2zRZ.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\226dVJ2zRZ.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\226dVJ2zRZ.exeQueries volume information: C:\ VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\226dVJ2zRZ.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\CustomMarshalers\v4.0_4.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\226dVJ2zRZ.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\CustomMarshalers\v4.0_4.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\226dVJ2zRZ.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\CustomMarshalers\v4.0_4.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\226dVJ2zRZ.exeQueries volume information: C:\ VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\226dVJ2zRZ.exeQueries volume information: C:\ VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\226dVJ2zRZ.exeQueries volume information: C:\Users\user\Desktop\226dVJ2zRZ.exe VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\226dVJ2zRZ.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\226dVJ2zRZ.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\226dVJ2zRZ.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\226dVJ2zRZ.exeQueries volume information: C:\Users\user\Desktop\226dVJ2zRZ.exe VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\226dVJ2zRZ.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\226dVJ2zRZ.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\226dVJ2zRZ.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\226dVJ2zRZ.exeQueries volume information: C:\Users\user\Desktop\226dVJ2zRZ.exe VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\226dVJ2zRZ.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\226dVJ2zRZ.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\226dVJ2zRZ.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformationJump to behavior
            Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Java update.exeQueries volume information: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Java update.exe VolumeInformationJump to behavior
            Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Java update.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformationJump to behavior
            Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Java update.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
            Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Java update.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\226dVJ2zRZ.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior

            Lowering of HIPS / PFW / Operating System Security Settings

            barindex
            Disables zone checking for all users
            Source: C:\Users\user\Desktop\226dVJ2zRZ.exeRegistry value created: HKEY_CURRENT_USER\Environment SEE_MASK_NOZONECHECKSJump to behavior
            Source: 226dVJ2zRZ.exe, 00000000.00000002.4102511522.0000000006100000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: %\Windows Defender\MsMpeng.exe
            Source: 226dVJ2zRZ.exe, 00000000.00000002.4096714466.0000000000B91000.00000004.00000020.00020000.00000000.sdmp, 226dVJ2zRZ.exe, 00000000.00000002.4102511522.0000000006114000.00000004.00000020.00020000.00000000.sdmp, 226dVJ2zRZ.exe, 00000000.00000002.4102511522.000000000615F000.00000004.00000020.00020000.00000000.sdmp, 226dVJ2zRZ.exe, 00000000.00000002.4096714466.0000000000B5E000.00000004.00000020.00020000.00000000.sdmp, 226dVJ2zRZ.exe, 00000000.00000002.4096714466.0000000000BF4000.00000004.00000020.00020000.00000000.sdmp, 226dVJ2zRZ.exe, 00000000.00000002.4102511522.000000000613B000.00000004.00000020.00020000.00000000.sdmp, 226dVJ2zRZ.exe, 00000000.00000002.4096714466.0000000000C20000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: %ProgramFiles%\Windows Defender\MsMpeng.exe
            Source: C:\Users\user\Desktop\226dVJ2zRZ.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * From AntiVirusProduct
            Source: C:\Users\user\Desktop\226dVJ2zRZ.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * From AntiVirusProduct
            Source: C:\Users\user\Desktop\226dVJ2zRZ.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * From AntiVirusProduct
            Source: C:\Users\user\Desktop\226dVJ2zRZ.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * From AntiVirusProduct
            Source: C:\Users\user\Desktop\226dVJ2zRZ.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * From AntiVirusProduct
            Source: C:\Users\user\Desktop\226dVJ2zRZ.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * From AntiVirusProduct
            Source: C:\Users\user\Desktop\226dVJ2zRZ.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * From AntiVirusProduct
            Source: C:\Users\user\Desktop\226dVJ2zRZ.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * From AntiVirusProduct
            Source: C:\Users\user\Desktop\226dVJ2zRZ.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * From AntiVirusProduct
            Source: C:\Users\user\Desktop\226dVJ2zRZ.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * From AntiVirusProduct
            Source: C:\Users\user\Desktop\226dVJ2zRZ.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * From AntiVirusProduct
            Source: C:\Users\user\Desktop\226dVJ2zRZ.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * From AntiVirusProduct

            Stealing of Sensitive Information

            barindex
            Yara detected Njrat
            Source: Yara matchFile source: 226dVJ2zRZ.exe, type: SAMPLE
            Source: Yara matchFile source: 0.0.226dVJ2zRZ.exe.740000.0.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 00000000.00000000.1655325701.0000000000742000.00000002.00000001.01000000.00000003.sdmp, type: MEMORY
            Source: Yara matchFile source: Process Memory Space: 226dVJ2zRZ.exe PID: 6888, type: MEMORYSTR
            Source: Yara matchFile source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Java update.exe, type: DROPPED

            Remote Access Functionality

            barindex
            Yara detected Njrat
            Source: Yara matchFile source: 226dVJ2zRZ.exe, type: SAMPLE
            Source: Yara matchFile source: 0.0.226dVJ2zRZ.exe.740000.0.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 00000000.00000000.1655325701.0000000000742000.00000002.00000001.01000000.00000003.sdmp, type: MEMORY
            Source: Yara matchFile source: Process Memory Space: 226dVJ2zRZ.exe PID: 6888, type: MEMORYSTR
            Source: Yara matchFile source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Java update.exe, type: DROPPED

            Mitre Att&ck Matrix

            Initial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionExfiltrationCommand and ControlNetwork EffectsRemote Service EffectsImpactResource DevelopmentReconnaissance
            Valid Accounts1
            Windows Management Instrumentation            		121
            Registry Run Keys / Startup Folder            		2
            Process Injection            		1
            Masquerading            		OS Credential Dumping121
            Security Software Discovery            		Remote Services1
            Archive Collected Data            		Exfiltration Over Other Network Medium1
            Encrypted Channel            		Exploit SS7 to Redirect Phone Calls/SMSRemotely Wipe Data Without AuthorizationAbuse Accessibility FeaturesAcquire InfrastructureGather Victim Identity Information
            Default AccountsScheduled Task/JobBoot or Logon Initialization Scripts121
            Registry Run Keys / Startup Folder            		11
            Disable or Modify Tools            		LSASS Memory1
            Process Discovery            		Remote Desktop ProtocolData from Removable MediaExfiltration Over Bluetooth1
            Non-Standard Port            		SIM Card SwapObtain Device Cloud BackupsNetwork Denial of ServiceDomainsCredentials
            Domain AccountsAtLogon Script (Windows)Logon Script (Windows)21
            Virtualization/Sandbox Evasion            		Security Account Manager21
            Virtualization/Sandbox Evasion            		SMB/Windows Admin SharesData from Network Shared DriveAutomated Exfiltration1
            Non-Application Layer Protocol            		Data Encrypted for ImpactDNS ServerEmail Addresses
            Local AccountsCronLogin HookLogin Hook2
            Process Injection            		NTDS1
            Application Window Discovery            		Distributed Component Object ModelInput CaptureTraffic Duplication1
            Application Layer Protocol            		Data DestructionVirtual Private ServerEmployee Names
            Cloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script1
            Software Packing            		LSA Secrets12
            System Information Discovery            		SSHKeyloggingScheduled TransferFallback ChannelsData Encrypted for ImpactServerGather Victim Network Information

            Behavior Graph

            Hide Legend

            Legend:

            • Process
            • Signature
            • Created File
            • DNS/IP Info
            • Is Dropped
            • Is Windows Process
            • Number of created Registry Values
            • Number of created Files
            • Visual Basic
            • Delphi
            • Java
            • .Net C# or VB.NET
            • C, C++ or other language
            • Is malicious
            • Internet

            Screenshots

            Thumbnails

            This section contains all screenshots as thumbnails, including those not shown in the slideshow.


            windows-stand

            Antivirus, Machine Learning and Genetic Malware Detection

            Initial Sample

            SourceDetectionScannerLabelLink
            226dVJ2zRZ.exe86%ReversingLabsByteCode-MSIL.Backdoor.Bladabhindi
            226dVJ2zRZ.exe81%VirustotalBrowse
            226dVJ2zRZ.exe100%AviraTR/Dropper.Gen7
            226dVJ2zRZ.exe100%Joe Sandbox ML

            Dropped Files

            SourceDetectionScannerLabelLink
            C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Java update.exe100%AviraTR/Dropper.Gen7
            C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Java update.exe100%Joe Sandbox ML
            C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Java update.exe86%ReversingLabsByteCode-MSIL.Backdoor.Bladabhindi
            C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Java update.exe81%VirustotalBrowse

            Unpacked PE Files

            No Antivirus matches

            Domains

            SourceDetectionScannerLabelLink
            6.tcp.eu.ngrok.io9%VirustotalBrowse

            URLs

            No Antivirus matches

            Domains and IPs

            Contacted Domains

            NameIPActiveMaliciousAntivirus DetectionReputation
            6.tcp.eu.ngrok.io
            		3.69.157.220
            		truetrueunknown

            World Map of Contacted IPs

            • No. of IPs < 25%
            • 25% < No. of IPs < 50%
            • 50% < No. of IPs < 75%
            • 75% < No. of IPs

            Public IPs

            IPDomainCountryFlagASNASN NameMalicious
            3.66.38.117
            		unknownUnited States
            		16509AMAZON-02UStrue
            18.197.239.109
            		unknownUnited States
            		16509AMAZON-02UStrue
            3.68.171.119
            		unknownUnited States
            		16509AMAZON-02UStrue
            3.69.157.220
            		6.tcp.eu.ngrok.ioUnited States
            		16509AMAZON-02UStrue

            General Information

            Joe Sandbox version:38.0.0 Ammolite
            Analysis ID:1372428
            Start date and time:2024-01-10 15:11:06 +01:00
            Joe Sandbox product:CloudBasic
            Overall analysis duration:0h 7m 50s
            Hypervisor based Inspection enabled:false
            Report type:full
            Cookbook file name:default.jbs
            Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
            Number of analysed new started processes analysed:10
            Number of new started drivers analysed:0
            Number of existing processes analysed:0
            Number of existing drivers analysed:0
            Number of injected processes analysed:0
            Technologies:
            • HCA enabled
            • EGA enabled
            • AMSI enabled
            Analysis Mode:default
            Analysis stop reason:Timeout
            Sample name:226dVJ2zRZ.exe
            renamed because original name is a hash value
            Original Sample Name:af4b01a3849d9cc08f3b92f0246f0877.exe
            Detection:MAL
            Classification:mal100.phis.troj.adwa.evad.winEXE@5/4@4/4
            EGA Information:
            • Successful, ratio: 20%
            HCA Information:
            • Successful, ratio: 93%
            • Number of executed functions: 120
            • Number of non-executed functions: 0
            Cookbook Comments:
            • Found application associated with file extension: .exe
            • Override analysis time to 240s for sample files taking high CPU consumption

            Warnings

            • Behavior information exceeds normal sizes, reducing to normal. Report will have missing behavior information.
            • Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, WMIADAP.exe, SIHClient.exe, conhost.exe
            • Excluded domains from analysis (whitelisted): ocsp.digicert.com, slscr.update.microsoft.com, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
            • Execution Graph export aborted for target 226dVJ2zRZ.exe, PID 4564 because it is empty
            • Execution Graph export aborted for target 226dVJ2zRZ.exe, PID 5228 because it is empty
            • Execution Graph export aborted for target 226dVJ2zRZ.exe, PID 5928 because it is empty
            • Execution Graph export aborted for target Java update.exe, PID 5496 because it is empty
            • Not all processes where analyzed, report is missing behavior information
            • Report size exceeded maximum capacity and may have missing behavior information.
            • Report size getting too big, too many NtAllocateVirtualMemory calls found.
            • Report size getting too big, too many NtProtectVirtualMemory calls found.

            Simulations

            Behavior and APIs

            TimeTypeDescription
            14:12:06AutostartRun: HKCU\Software\Microsoft\Windows\CurrentVersion\Run Windows Update "C:\Users\user\Desktop\226dVJ2zRZ.exe" ..
            14:12:16AutostartRun: HKLM\Software\Microsoft\Windows\CurrentVersion\Run Windows Update "C:\Users\user\Desktop\226dVJ2zRZ.exe" ..
            14:12:24AutostartRun: HKCU64\Software\Microsoft\Windows\CurrentVersion\Run Windows Update "C:\Users\user\Desktop\226dVJ2zRZ.exe" ..
            14:12:33AutostartRun: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Java update.exe
            15:12:04API Interceptor444156x Sleep call for process: 226dVJ2zRZ.exe modified

            Joe Sandbox View / Context

            IPs

            MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
            3.66.38.117IsJb5hB84q.exeGet hashmaliciousNjratBrowse
              Terraria.exeGet hashmaliciousNjratBrowse
                rkIcS0Y2WY.exeGet hashmaliciousNjratBrowse
                  m5l9v13hIi.exeGet hashmaliciousNjratBrowse
                    QsKtlzYaKF.exeGet hashmaliciousNjratBrowse
                      dKe1GfZOs1.exeGet hashmaliciousNjratBrowse
                        bRxR.exeGet hashmaliciousAsyncRAT, DcRatBrowse
                          X5eo58PPCB.exeGet hashmaliciousNjratBrowse
                            ZuXcnAYgVp.exeGet hashmaliciousNjratBrowse
                              8AKGdJOQ8N.exeGet hashmaliciousNjratBrowse
                                uPMGLG7QnV.exeGet hashmaliciousNjratBrowse
                                  X3vWrCoPG6.exeGet hashmaliciousNjratBrowse
                                    7U23YeVgmF.exeGet hashmaliciousNjratBrowse
                                      KD9rMPUEBM.exeGet hashmaliciousNjratBrowse
                                        8fZNpRy9pN.exeGet hashmaliciousNjratBrowse
                                          2CVeP16GYU.exeGet hashmaliciousNjratBrowse
                                            QuX5A6qz9G.exeGet hashmaliciousNjratBrowse
                                              OperaSetup.exeGet hashmaliciousQuasarBrowse
                                                g8XyWsa2b6.exeGet hashmaliciousNjratBrowse
                                                  887F546123CD59024356557175BD77FE1144BA5C56D93.exeGet hashmaliciousNjratBrowse
                                                    18.197.239.109IsJb5hB84q.exeGet hashmaliciousNjratBrowse
                                                      rkIcS0Y2WY.exeGet hashmaliciousNjratBrowse
                                                        30b4CoDmKk.exeGet hashmaliciousNjratBrowse
                                                          N1aqZIb7KG.exeGet hashmaliciousNjratBrowse
                                                            dKe1GfZOs1.exeGet hashmaliciousNjratBrowse
                                                              bRxR.exeGet hashmaliciousAsyncRAT, DcRatBrowse
                                                                ZuXcnAYgVp.exeGet hashmaliciousNjratBrowse
                                                                  d09l64ZAW6.exeGet hashmaliciousNjratBrowse
                                                                    8AKGdJOQ8N.exeGet hashmaliciousNjratBrowse
                                                                      uPMGLG7QnV.exeGet hashmaliciousNjratBrowse
                                                                        X3vWrCoPG6.exeGet hashmaliciousNjratBrowse
                                                                          KD9rMPUEBM.exeGet hashmaliciousNjratBrowse
                                                                            8fZNpRy9pN.exeGet hashmaliciousNjratBrowse
                                                                              2CVeP16GYU.exeGet hashmaliciousNjratBrowse
                                                                                64EithtAyN.exeGet hashmaliciousNjratBrowse
                                                                                  QuX5A6qz9G.exeGet hashmaliciousNjratBrowse
                                                                                    TdxWv8SpDq.exeGet hashmaliciousNjratBrowse
                                                                                      OperaSetup.exeGet hashmaliciousQuasarBrowse
                                                                                        OperaSetup.exeGet hashmaliciousQuasarBrowse
                                                                                          887F546123CD59024356557175BD77FE1144BA5C56D93.exeGet hashmaliciousNjratBrowse

                                                                                            Domains

                                                                                            MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                            6.tcp.eu.ngrok.ioIsJb5hB84q.exeGet hashmaliciousNjratBrowse
                                                                                            • 3.66.38.117
                                                                                            Terraria.exeGet hashmaliciousNjratBrowse
                                                                                            • 3.66.38.117
                                                                                            myidJB8lDL.exeGet hashmaliciousNjratBrowse
                                                                                            • 3.69.115.178
                                                                                            rkIcS0Y2WY.exeGet hashmaliciousNjratBrowse
                                                                                            • 3.69.115.178
                                                                                            30b4CoDmKk.exeGet hashmaliciousNjratBrowse
                                                                                            • 18.197.239.109
                                                                                            N1aqZIb7KG.exeGet hashmaliciousNjratBrowse
                                                                                            • 3.68.171.119
                                                                                            m5l9v13hIi.exeGet hashmaliciousNjratBrowse
                                                                                            • 3.66.38.117
                                                                                            QsKtlzYaKF.exeGet hashmaliciousNjratBrowse
                                                                                            • 3.69.157.220
                                                                                            xZLQ8X9Cxo.exeGet hashmaliciousNjratBrowse
                                                                                            • 3.69.157.220
                                                                                            sCXwkZrcZ3.exeGet hashmaliciousNjratBrowse
                                                                                            • 3.68.171.119
                                                                                            dKe1GfZOs1.exeGet hashmaliciousNjratBrowse
                                                                                            • 3.69.157.220
                                                                                            bRxR.exeGet hashmaliciousAsyncRAT, DcRatBrowse
                                                                                            • 18.197.239.109
                                                                                            X5eo58PPCB.exeGet hashmaliciousNjratBrowse
                                                                                            • 3.69.157.220
                                                                                            ZuXcnAYgVp.exeGet hashmaliciousNjratBrowse
                                                                                            • 52.28.247.255
                                                                                            wiUnP1h5Ex.exeGet hashmaliciousNjratBrowse
                                                                                            • 3.69.115.178
                                                                                            BqFosj9Wcb.exeGet hashmaliciousNjratBrowse
                                                                                            • 52.28.247.255
                                                                                            d09l64ZAW6.exeGet hashmaliciousNjratBrowse
                                                                                            • 52.28.247.255
                                                                                            8AKGdJOQ8N.exeGet hashmaliciousNjratBrowse
                                                                                            • 3.68.171.119
                                                                                            uPMGLG7QnV.exeGet hashmaliciousNjratBrowse
                                                                                            • 3.66.38.117
                                                                                            X3vWrCoPG6.exeGet hashmaliciousNjratBrowse
                                                                                            • 3.68.171.119

                                                                                            ASNs

                                                                                            MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                            AMAZON-02UShttps://nifty-bronze-750.notion.site/EDC-Homes-4a021bfb10bd474cb450f22fb0fd8f2e?pvs=4Get hashmaliciousUnknownBrowse
                                                                                            • 99.84.191.43
                                                                                            https://www.valleylowvoltage.com/Get hashmaliciousUnknownBrowse
                                                                                            • 99.84.178.161
                                                                                            file.exeGet hashmaliciousPython StealerBrowse
                                                                                            • 54.241.95.51
                                                                                            balderGet hashmaliciousUnknownBrowse
                                                                                            • 34.249.145.219
                                                                                            https://bit.ly/3RPzJ7AGet hashmaliciousPorn ScamBrowse
                                                                                            • 3.162.103.56
                                                                                            https://click.e.berlitz.com/?qs=383d62fb0b169d710affe936c6b84e3f27c28ce0c141f027fe93d1d83576e1ed447c1afdd57147231008fc94712a812b2d436714d50c1a711d6055253ab8faffGet hashmaliciousUnknownBrowse
                                                                                            • 18.154.230.30
                                                                                            https://nhsdpadmin.brizy.siteGet hashmaliciousUnknownBrowse
                                                                                            • 13.248.211.84
                                                                                            https://click.e.berlitz.com/?qs=0e6b3a6ce0a34eb7973094c721dae2442940118341f6513204a5ddb76446816b05daee995a6f52579e9836b91afc4782fe5b268da8179778309b226517d36e97Get hashmaliciousUnknownBrowse
                                                                                            • 99.84.191.85
                                                                                            https://securemail.aexp.com/policyserver/Get hashmaliciousHTMLPhisherBrowse
                                                                                            • 13.249.46.65
                                                                                            http://finecaptcha.azurewebsites.netGet hashmaliciousUnknownBrowse
                                                                                            • 13.249.39.8
                                                                                            SecuriteInfo.com.BScope.Trojan.Snojan.2977.5011.exeGet hashmaliciousUnknownBrowse
                                                                                            • 3.64.163.50
                                                                                            SecuriteInfo.com.BScope.Trojan.Snojan.2977.5011.exeGet hashmaliciousUnknownBrowse
                                                                                            • 3.64.163.50
                                                                                            Transcription Message.htmlGet hashmaliciousHTMLPhisherBrowse
                                                                                            • 99.84.108.59
                                                                                            https://get.searchcurrentsite.com/ustats?p=uAOnqEfYkXSfCmjp%2FhZQMUhENQ9yFQXXt1XNbg6JhAMgmCjiFfWz07okQLqFjmUeYsKh91tOp5HWfv3hoE93H4yJaW5xgw%2BQgCo%2Btx%2BCinL6l%2B8fEsVCiVtE07%2BAzRbLH0Q5M7MMQcMkXr4ZUp8gLdouMpwxJ%2FULjKHLJr3Ep6MNTmL9ZVrSK3A4TVctQ1wyop10JNZheK9vVoxvtx0%2FWg%3D%3D&rhi=1ecf1a08-7ff9-4f8b-89ca-97405acfc53cGet hashmaliciousUnknownBrowse
                                                                                            • 99.84.191.43
                                                                                            https://yahu.pages.dev/Get hashmaliciousHTMLPhisherBrowse
                                                                                            • 52.95.122.74
                                                                                            k7t8NWviLo.elfGet hashmaliciousMiraiBrowse
                                                                                            • 54.78.51.24
                                                                                            https://bdjs.pages.dev/Get hashmaliciousUnknownBrowse
                                                                                            • 52.85.151.129
                                                                                            x86.elfGet hashmaliciousMiraiBrowse
                                                                                            • 52.28.120.136
                                                                                            arm.elfGet hashmaliciousMiraiBrowse
                                                                                            • 34.241.229.60
                                                                                            https://help-grow-8636-18.s3.us-east-2.amazonaws.com/Win0!0help!0secure057/index.htmlGet hashmaliciousUnknownBrowse
                                                                                            • 3.5.128.128
                                                                                            AMAZON-02UShttps://nifty-bronze-750.notion.site/EDC-Homes-4a021bfb10bd474cb450f22fb0fd8f2e?pvs=4Get hashmaliciousUnknownBrowse
                                                                                            • 99.84.191.43
                                                                                            https://www.valleylowvoltage.com/Get hashmaliciousUnknownBrowse
                                                                                            • 99.84.178.161
                                                                                            file.exeGet hashmaliciousPython StealerBrowse
                                                                                            • 54.241.95.51
                                                                                            balderGet hashmaliciousUnknownBrowse
                                                                                            • 34.249.145.219
                                                                                            https://bit.ly/3RPzJ7AGet hashmaliciousPorn ScamBrowse
                                                                                            • 3.162.103.56
                                                                                            https://click.e.berlitz.com/?qs=383d62fb0b169d710affe936c6b84e3f27c28ce0c141f027fe93d1d83576e1ed447c1afdd57147231008fc94712a812b2d436714d50c1a711d6055253ab8faffGet hashmaliciousUnknownBrowse
                                                                                            • 18.154.230.30
                                                                                            https://nhsdpadmin.brizy.siteGet hashmaliciousUnknownBrowse
                                                                                            • 13.248.211.84
                                                                                            https://click.e.berlitz.com/?qs=0e6b3a6ce0a34eb7973094c721dae2442940118341f6513204a5ddb76446816b05daee995a6f52579e9836b91afc4782fe5b268da8179778309b226517d36e97Get hashmaliciousUnknownBrowse
                                                                                            • 99.84.191.85
                                                                                            https://securemail.aexp.com/policyserver/Get hashmaliciousHTMLPhisherBrowse
                                                                                            • 13.249.46.65
                                                                                            http://finecaptcha.azurewebsites.netGet hashmaliciousUnknownBrowse
                                                                                            • 13.249.39.8
                                                                                            SecuriteInfo.com.BScope.Trojan.Snojan.2977.5011.exeGet hashmaliciousUnknownBrowse
                                                                                            • 3.64.163.50
                                                                                            SecuriteInfo.com.BScope.Trojan.Snojan.2977.5011.exeGet hashmaliciousUnknownBrowse
                                                                                            • 3.64.163.50
                                                                                            Transcription Message.htmlGet hashmaliciousHTMLPhisherBrowse
                                                                                            • 99.84.108.59
                                                                                            https://get.searchcurrentsite.com/ustats?p=uAOnqEfYkXSfCmjp%2FhZQMUhENQ9yFQXXt1XNbg6JhAMgmCjiFfWz07okQLqFjmUeYsKh91tOp5HWfv3hoE93H4yJaW5xgw%2BQgCo%2Btx%2BCinL6l%2B8fEsVCiVtE07%2BAzRbLH0Q5M7MMQcMkXr4ZUp8gLdouMpwxJ%2FULjKHLJr3Ep6MNTmL9ZVrSK3A4TVctQ1wyop10JNZheK9vVoxvtx0%2FWg%3D%3D&rhi=1ecf1a08-7ff9-4f8b-89ca-97405acfc53cGet hashmaliciousUnknownBrowse
                                                                                            • 99.84.191.43
                                                                                            https://yahu.pages.dev/Get hashmaliciousHTMLPhisherBrowse
                                                                                            • 52.95.122.74
                                                                                            k7t8NWviLo.elfGet hashmaliciousMiraiBrowse
                                                                                            • 54.78.51.24
                                                                                            https://bdjs.pages.dev/Get hashmaliciousUnknownBrowse
                                                                                            • 52.85.151.129
                                                                                            x86.elfGet hashmaliciousMiraiBrowse
                                                                                            • 52.28.120.136
                                                                                            arm.elfGet hashmaliciousMiraiBrowse
                                                                                            • 34.241.229.60
                                                                                            https://help-grow-8636-18.s3.us-east-2.amazonaws.com/Win0!0help!0secure057/index.htmlGet hashmaliciousUnknownBrowse
                                                                                            • 3.5.128.128

                                                                                            JA3 Fingerprints

                                                                                            No context

                                                                                            Dropped Files

                                                                                            No context

                                                                                            Created / dropped Files

                                                                                            C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\226dVJ2zRZ.exe.log

                                                                                            Download File
                                                                                            Process:C:\Users\user\Desktop\226dVJ2zRZ.exe
                                                                                            File Type:ASCII text, with CRLF line terminators
                                                                                            Category:dropped
                                                                                            Size (bytes):507
                                                                                            Entropy (8bit):5.344008188221104
                                                                                            Encrypted:false
                                                                                            SSDEEP:12:Q3La/hz92n4M0kvoDLI4MWuCqDLI4MWuPTAq1KDLI4M6:MLU84jE4K5E4KH1qE4j
                                                                                            MD5:285ADD706E818D58486213C030BD9ED5
                                                                                            SHA1:3593842190DB067FC23F4E3E7A8FC69263800A47
                                                                                            SHA-256:20B63D70AA9351A7ECC1E8B4A8099BC7D6A4500BA11DE6BCFB028D09475A6D7E
                                                                                            SHA-512:935832497DF8AD8A4676947C0BCEC89C312753E604B3C2AAAAA42CDF2DFEDD5151385B44589C8E304ABA26D9578DFF1FE841EDE6EB5E784208984584FB8B2201
                                                                                            Malicious:false
                                                                                            Reputation:low
                                                                                            Preview:1,"fusion","GAC",0..1,"WinRT","NotApp",1..2,"Microsoft.VisualBasic, Version=10.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a",0..2,"System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089",0..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System\920e3d1d70447c3c10e69e6df0766568\System.ni.dll",0..2,"System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a",0..

                                                                                            C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\Java update.exe.log

                                                                                            Download File
                                                                                            Process:C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Java update.exe
                                                                                            File Type:ASCII text, with CRLF line terminators
                                                                                            Category:dropped
                                                                                            Size (bytes):507
                                                                                            Entropy (8bit):5.344008188221104
                                                                                            Encrypted:false
                                                                                            SSDEEP:12:Q3La/hz92n4M0kvoDLI4MWuCqDLI4MWuPTAq1KDLI4M6:MLU84jE4K5E4KH1qE4j
                                                                                            MD5:285ADD706E818D58486213C030BD9ED5
                                                                                            SHA1:3593842190DB067FC23F4E3E7A8FC69263800A47
                                                                                            SHA-256:20B63D70AA9351A7ECC1E8B4A8099BC7D6A4500BA11DE6BCFB028D09475A6D7E
                                                                                            SHA-512:935832497DF8AD8A4676947C0BCEC89C312753E604B3C2AAAAA42CDF2DFEDD5151385B44589C8E304ABA26D9578DFF1FE841EDE6EB5E784208984584FB8B2201
                                                                                            Malicious:false
                                                                                            Reputation:low
                                                                                            Preview:1,"fusion","GAC",0..1,"WinRT","NotApp",1..2,"Microsoft.VisualBasic, Version=10.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a",0..2,"System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089",0..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System\920e3d1d70447c3c10e69e6df0766568\System.ni.dll",0..2,"System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a",0..

                                                                                            C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Java update.exe

                                                                                            Download File
                                                                                            Process:C:\Users\user\Desktop\226dVJ2zRZ.exe
                                                                                            File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                            Category:dropped
                                                                                            Size (bytes):44032
                                                                                            Entropy (8bit):5.605052869476255
                                                                                            Encrypted:false
                                                                                            SSDEEP:384:hZykdFI1STss7yKSXfSGSOEdrpS2dzsIij+ZsNO3PlpJKkkjh/TzF7pWnMbgreTf:znduk4smKSvSpPrkYuXQ/oNb+L
                                                                                            MD5:AF4B01A3849D9CC08F3B92F0246F0877
                                                                                            SHA1:193232901C159E23CCECE3758E8B9EF9586BCBAC
                                                                                            SHA-256:6C523EF93416B140BBA0A146CEC6FDFD44D95DB5505B913FC5D2837DFFE8F5FB
                                                                                            SHA-512:6343A6E83605929E8E565920B24C0826EA5526E8716951E411125EEF832CC8ABA26F2D8834B2122324D1458B0E56BD27B9489FEF060AF2E269B691175BB2EFA1
                                                                                            Malicious:true
                                                                                            Yara Hits:
                                                                                            • Rule: JoeSecurity_Njrat, Description: Yara detected Njrat, Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Java update.exe, Author: Joe Security
                                                                                            • Rule: Windows_Trojan_Njrat_30f3c220, Description: unknown, Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Java update.exe, Author: unknown
                                                                                            • Rule: CN_disclosed_20180208_c, Description: Detects malware from disclosed CN malware set, Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Java update.exe, Author: Florian Roth
                                                                                            • Rule: Njrat, Description: detect njRAT in memory, Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Java update.exe, Author: JPCERT/CC Incident Response Group
                                                                                            Antivirus:
                                                                                            • Antivirus: Avira, Detection: 100%
                                                                                            • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                            • Antivirus: ReversingLabs, Detection: 86%
                                                                                            • Antivirus: Virustotal, Detection: 81%, Browse
                                                                                            Reputation:low
                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......e................................. ........@.. ....................... ............@.................................4...W.................................................................................... ............... ..H............text........ ...................... ..`.rsrc...............................@..@.reloc..............................@..B................p.......H.......@y...I......T....x................................................(....*..(....*.s.........s.........s.........s.........s.........*.0..........~....o....*..0..........~....o....*..0..........~....o....*..0..........~....o....*..0..........~....o....*..0................,.........o....9....~....,,~.........(....o...., r...p......(....s....zs.........~.........(.....o....(...+..lu....%-.&.+.%.(.....o...............&r;..p..........o....o......(.......o....s....z~........

                                                                                            C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Java update.exe:Zone.Identifier

                                                                                            Download File
                                                                                            Process:C:\Users\user\Desktop\226dVJ2zRZ.exe
                                                                                            File Type:ASCII text, with CRLF line terminators
                                                                                            Category:dropped
                                                                                            Size (bytes):26
                                                                                            Entropy (8bit):3.95006375643621
                                                                                            Encrypted:false
                                                                                            SSDEEP:3:ggPYV:rPYV
                                                                                            MD5:187F488E27DB4AF347237FE461A079AD
                                                                                            SHA1:6693BA299EC1881249D59262276A0D2CB21F8E64
                                                                                            SHA-256:255A65D30841AB4082BD9D0EEA79D49C5EE88F56136157D8D6156AEF11C12309
                                                                                            SHA-512:89879F237C0C051EBE784D0690657A6827A312A82735DA42DAD5F744D734FC545BEC9642C19D14C05B2F01FF53BC731530C92F7327BB7DC9CDE1B60FB21CD64E
                                                                                            Malicious:false
                                                                                            Reputation:high, very likely benign file
                                                                                            Preview:[ZoneTransfer]....ZoneId=0

                                                                                            Static File Info

                                                                                            General

                                                                                            File type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                            Entropy (8bit):5.605052869476255
                                                                                            TrID:
                                                                                            • Win32 Executable (generic) Net Framework (10011505/4) 49.80%
                                                                                            • Win32 Executable (generic) a (10002005/4) 49.75%
                                                                                            • Generic CIL Executable (.NET, Mono, etc.) (73296/58) 0.36%
                                                                                            • Windows Screen Saver (13104/52) 0.07%
                                                                                            • Generic Win/DOS Executable (2004/3) 0.01%
                                                                                            File name:226dVJ2zRZ.exe
                                                                                            File size:44'032 bytes
                                                                                            MD5:af4b01a3849d9cc08f3b92f0246f0877
                                                                                            SHA1:193232901c159e23ccece3758e8b9ef9586bcbac
                                                                                            SHA256:6c523ef93416b140bba0a146cec6fdfd44d95db5505b913fc5d2837dffe8f5fb
                                                                                            SHA512:6343a6e83605929e8e565920b24c0826ea5526e8716951e411125eef832cc8aba26f2d8834b2122324d1458b0e56bd27b9489fef060af2e269b691175bb2efa1
                                                                                            SSDEEP:384:hZykdFI1STss7yKSXfSGSOEdrpS2dzsIij+ZsNO3PlpJKkkjh/TzF7pWnMbgreTf:znduk4smKSvSpPrkYuXQ/oNb+L
                                                                                            TLSH:F113D74CB694E174D5FF8BF1B4A2B2990B71A017A902D30F99F114D94BB3AC0A611EE7
                                                                                            File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......e................................. ........@.. ....................... ............@................................

                                                                                            File Icon

                                                                                            Icon Hash:90cececece8e8eb0

                                                                                            Static PE Info

                                                                                            General

                                                                                            Entrypoint:0x40c38e
                                                                                            Entrypoint Section:.text
                                                                                            Digitally signed:false
                                                                                            Imagebase:0x400000
                                                                                            Subsystem:windows gui
                                                                                            Image File Characteristics:EXECUTABLE_IMAGE, 32BIT_MACHINE
                                                                                            DLL Characteristics:DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                                                                                            Time Stamp:0x659AA29A [Sun Jan 7 13:09:46 2024 UTC]
                                                                                            TLS Callbacks:
                                                                                            CLR (.Net) Version:
                                                                                            OS Version Major:4
                                                                                            OS Version Minor:0
                                                                                            File Version Major:4
                                                                                            File Version Minor:0
                                                                                            Subsystem Version Major:4
                                                                                            Subsystem Version Minor:0
                                                                                            Import Hash:f34d5f2d4577ed6d9ceec516c1f5a744

                                                                                            Entrypoint Preview

                                                                                            Instruction
                                                                                            jmp dword ptr [00402000h]
                                                                                            add byte ptr [eax], al
                                                                                            add byte ptr [eax], al
                                                                                            add byte ptr [eax], al
                                                                                            add byte ptr [eax], al
                                                                                            add byte ptr [eax], al
                                                                                            add byte ptr [eax], al
                                                                                            add byte ptr [eax], al
                                                                                            add byte ptr [eax], al
                                                                                            add byte ptr [eax], al
                                                                                            add byte ptr [eax], al
                                                                                            add byte ptr [eax], al
                                                                                            add byte ptr [eax], al
                                                                                            add byte ptr [eax], al
                                                                                            add byte ptr [eax], al
                                                                                            add byte ptr [eax], al
                                                                                            add byte ptr [eax], al
                                                                                            add byte ptr [eax], al
                                                                                            add byte ptr [eax], al
                                                                                            add byte ptr [eax], al
                                                                                            add byte ptr [eax], al
                                                                                            add byte ptr [eax], al
                                                                                            add byte ptr [eax], al
                                                                                            add byte ptr [eax], al
                                                                                            add byte ptr [eax], al
                                                                                            add byte ptr [eax], al
                                                                                            add byte ptr [eax], al
                                                                                            add byte ptr [eax], al
                                                                                            add byte ptr [eax], al
                                                                                            add byte ptr [eax], al
                                                                                            add byte ptr [eax], al
                                                                                            add byte ptr [eax], al
                                                                                            add byte ptr [eax], al
                                                                                            add byte ptr [eax], al
                                                                                            add byte ptr [eax], al
                                                                                            add byte ptr [eax], al
                                                                                            add byte ptr [eax], al
                                                                                            add byte ptr [eax], al
                                                                                            add byte ptr [eax], al
                                                                                            add byte ptr [eax], al
                                                                                            add byte ptr [eax], al
                                                                                            add byte ptr [eax], al
                                                                                            add byte ptr [eax], al
                                                                                            add byte ptr [eax], al
                                                                                            add byte ptr [eax], al
                                                                                            add byte ptr [eax], al
                                                                                            add byte ptr [eax], al
                                                                                            add byte ptr [eax], al
                                                                                            add byte ptr [eax], al
                                                                                            add byte ptr [eax], al
                                                                                            add byte ptr [eax], al
                                                                                            add byte ptr [eax], al
                                                                                            add byte ptr [eax], al
                                                                                            add byte ptr [eax], al
                                                                                            add byte ptr [eax], al
                                                                                            add byte ptr [eax], al
                                                                                            add byte ptr [eax], al
                                                                                            add byte ptr [eax], al
                                                                                            add byte ptr [eax], al
                                                                                            add byte ptr [eax], al
                                                                                            add byte ptr [eax], al
                                                                                            add byte ptr [eax], al
                                                                                            add byte ptr [eax], al
                                                                                            add byte ptr [eax], al
                                                                                            add byte ptr [eax], al
                                                                                            add byte ptr [eax], al
                                                                                            add byte ptr [eax], al
                                                                                            add byte ptr [eax], al
                                                                                            add byte ptr [eax], al
                                                                                            add byte ptr [eax], al
                                                                                            add byte ptr [eax], al
                                                                                            add byte ptr [eax], al
                                                                                            add byte ptr [eax], al
                                                                                            add byte ptr [eax], al
                                                                                            add byte ptr [eax], al
                                                                                            add byte ptr [eax], al
                                                                                            add byte ptr [eax], al
                                                                                            add byte ptr [eax], al
                                                                                            add byte ptr [eax], al
                                                                                            add byte ptr [eax], al
                                                                                            add byte ptr [eax], al
                                                                                            add byte ptr [eax], al
                                                                                            add byte ptr [eax], al
                                                                                            add byte ptr [eax], al
                                                                                            add byte ptr [eax], al
                                                                                            add byte ptr [eax], al
                                                                                            add byte ptr [eax], al
                                                                                            add byte ptr [eax], al
                                                                                            add byte ptr [eax], al
                                                                                            add byte ptr [eax], al
                                                                                            add byte ptr [eax], al
                                                                                            add byte ptr [eax], al
                                                                                            add byte ptr [eax], al
                                                                                            add byte ptr [eax], al
                                                                                            add byte ptr [eax], al
                                                                                            add byte ptr [eax], al
                                                                                            add byte ptr [eax], al
                                                                                            add byte ptr [eax], al

                                                                                            Data Directories

                                                                                            NameVirtual AddressVirtual Size Is in Section
                                                                                            IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                                            IMAGE_DIRECTORY_ENTRY_IMPORT0xc3340x57.text
                                                                                            IMAGE_DIRECTORY_ENTRY_RESOURCE0xe0000x400.rsrc
                                                                                            IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                                            IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                                                            IMAGE_DIRECTORY_ENTRY_BASERELOC0x100000xc.reloc
                                                                                            IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                                                                            IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                                            IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                                            IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                                                            IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                                                                            IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                                            IMAGE_DIRECTORY_ENTRY_IAT0x20000x8.text
                                                                                            IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                                            IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x20080x48.text
                                                                                            IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                                                            Sections

                                                                                            NameVirtual AddressVirtual SizeRaw SizeXored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                                            .text0x20000xa3940xa400False0.4203982469512195data5.698117673503021IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                                                            .rsrc0xe0000x4000x400False0.3017578125data3.5160679793070893IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                            .reloc0x100000xc0x200False0.044921875data0.08153941234324169IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

                                                                                            Resources

                                                                                            NameRVASizeTypeLanguageCountryZLIB Complexity
                                                                                            RT_MANIFEST0xe0580x1eaXML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators0.5469387755102041

                                                                                            Imports

                                                                                            DLLImport
                                                                                            mscoree.dll_CorExeMain

                                                                                            Network Behavior

                                                                                            Snort IDS Alerts

                                                                                            TimestampProtocolSIDMessageSource PortDest PortSource IPDest IP
                                                                                            192.168.2.43.66.38.11749738144022825564 01/10/24-15:15:10.440491TCP2825564ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (act)4973814402192.168.2.43.66.38.117
                                                                                            192.168.2.43.69.157.22049729144022825563 01/10/24-15:12:05.997539TCP2825563ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf)4972914402192.168.2.43.69.157.220
                                                                                            192.168.2.43.69.157.22049729144022825564 01/10/24-15:12:59.702779TCP2825564ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (act)4972914402192.168.2.43.69.157.220
                                                                                            192.168.2.43.66.38.11749738144022033132 01/10/24-15:14:13.439792TCP2033132ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll)4973814402192.168.2.43.66.38.117
                                                                                            192.168.2.418.197.239.10949739144022033132 01/10/24-15:15:17.445649TCP2033132ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll)4973914402192.168.2.418.197.239.109
                                                                                            192.168.2.43.68.171.11949737144022825563 01/10/24-15:13:09.896188TCP2825563ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf)4973714402192.168.2.43.68.171.119
                                                                                            192.168.2.418.197.239.10949739144022825564 01/10/24-15:16:00.002281TCP2825564ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (act)4973914402192.168.2.418.197.239.109
                                                                                            192.168.2.43.68.171.11949737144022825564 01/10/24-15:14:03.879122TCP2825564ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (act)4973714402192.168.2.43.68.171.119
                                                                                            192.168.2.43.69.157.22049729144022033132 01/10/24-15:12:05.817254TCP2033132ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll)4972914402192.168.2.43.69.157.220
                                                                                            192.168.2.43.68.171.11949737144022033132 01/10/24-15:13:09.716753TCP2033132ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll)4973714402192.168.2.43.68.171.119

                                                                                            Network Port Distribution

                                                                                            TCP Packets

                                                                                            TimestampSource PortDest PortSource IPDest IP
                                                                                            Jan 10, 2024 15:12:05.368892908 CET4972914402192.168.2.43.69.157.220
                                                                                            Jan 10, 2024 15:12:05.551052094 CET14402497293.69.157.220192.168.2.4
                                                                                            Jan 10, 2024 15:12:05.551774979 CET4972914402192.168.2.43.69.157.220
                                                                                            Jan 10, 2024 15:12:05.817254066 CET4972914402192.168.2.43.69.157.220
                                                                                            Jan 10, 2024 15:12:05.997426987 CET14402497293.69.157.220192.168.2.4
                                                                                            Jan 10, 2024 15:12:05.997539043 CET4972914402192.168.2.43.69.157.220
                                                                                            Jan 10, 2024 15:12:06.177172899 CET14402497293.69.157.220192.168.2.4
                                                                                            Jan 10, 2024 15:12:11.678330898 CET4972914402192.168.2.43.69.157.220
                                                                                            Jan 10, 2024 15:12:11.857599974 CET14402497293.69.157.220192.168.2.4
                                                                                            Jan 10, 2024 15:12:26.916066885 CET14402497293.69.157.220192.168.2.4
                                                                                            Jan 10, 2024 15:12:26.916153908 CET4972914402192.168.2.43.69.157.220
                                                                                            Jan 10, 2024 15:12:42.097186089 CET14402497293.69.157.220192.168.2.4
                                                                                            Jan 10, 2024 15:12:42.097316980 CET4972914402192.168.2.43.69.157.220
                                                                                            Jan 10, 2024 15:12:56.546343088 CET4972914402192.168.2.43.69.157.220
                                                                                            Jan 10, 2024 15:12:56.725792885 CET14402497293.69.157.220192.168.2.4
                                                                                            Jan 10, 2024 15:12:59.702779055 CET4972914402192.168.2.43.69.157.220
                                                                                            Jan 10, 2024 15:12:59.882589102 CET14402497293.69.157.220192.168.2.4
                                                                                            Jan 10, 2024 15:13:07.105091095 CET14402497293.69.157.220192.168.2.4
                                                                                            Jan 10, 2024 15:13:07.105232954 CET4972914402192.168.2.43.69.157.220
                                                                                            Jan 10, 2024 15:13:09.296547890 CET4972914402192.168.2.43.69.157.220
                                                                                            Jan 10, 2024 15:13:09.470763922 CET4973714402192.168.2.43.68.171.119
                                                                                            Jan 10, 2024 15:13:09.475625992 CET14402497293.69.157.220192.168.2.4
                                                                                            Jan 10, 2024 15:13:09.650043964 CET14402497373.68.171.119192.168.2.4
                                                                                            Jan 10, 2024 15:13:09.650130033 CET4973714402192.168.2.43.68.171.119
                                                                                            Jan 10, 2024 15:13:09.716753006 CET4973714402192.168.2.43.68.171.119
                                                                                            Jan 10, 2024 15:13:09.896044016 CET14402497373.68.171.119192.168.2.4
                                                                                            Jan 10, 2024 15:13:09.896188021 CET4973714402192.168.2.43.68.171.119
                                                                                            Jan 10, 2024 15:13:10.075743914 CET14402497373.68.171.119192.168.2.4
                                                                                            Jan 10, 2024 15:13:10.577707052 CET4973714402192.168.2.43.68.171.119
                                                                                            Jan 10, 2024 15:13:10.757632017 CET14402497373.68.171.119192.168.2.4
                                                                                            Jan 10, 2024 15:13:10.921587944 CET4973714402192.168.2.43.68.171.119
                                                                                            Jan 10, 2024 15:13:11.100969076 CET14402497373.68.171.119192.168.2.4
                                                                                            Jan 10, 2024 15:13:12.374283075 CET4973714402192.168.2.43.68.171.119
                                                                                            Jan 10, 2024 15:13:12.553858042 CET14402497373.68.171.119192.168.2.4
                                                                                            Jan 10, 2024 15:13:12.553961992 CET4973714402192.168.2.43.68.171.119
                                                                                            Jan 10, 2024 15:13:12.733485937 CET14402497373.68.171.119192.168.2.4
                                                                                            Jan 10, 2024 15:13:13.206849098 CET4973714402192.168.2.43.68.171.119
                                                                                            Jan 10, 2024 15:13:13.386228085 CET14402497373.68.171.119192.168.2.4
                                                                                            Jan 10, 2024 15:13:13.386354923 CET4973714402192.168.2.43.68.171.119
                                                                                            Jan 10, 2024 15:13:13.565679073 CET14402497373.68.171.119192.168.2.4
                                                                                            Jan 10, 2024 15:13:13.565761089 CET4973714402192.168.2.43.68.171.119
                                                                                            Jan 10, 2024 15:13:13.745187998 CET14402497373.68.171.119192.168.2.4
                                                                                            Jan 10, 2024 15:13:13.745276928 CET4973714402192.168.2.43.68.171.119
                                                                                            Jan 10, 2024 15:13:13.924583912 CET14402497373.68.171.119192.168.2.4
                                                                                            Jan 10, 2024 15:13:13.924691916 CET4973714402192.168.2.43.68.171.119
                                                                                            Jan 10, 2024 15:13:14.104034901 CET14402497373.68.171.119192.168.2.4
                                                                                            Jan 10, 2024 15:13:14.104242086 CET4973714402192.168.2.43.68.171.119
                                                                                            Jan 10, 2024 15:13:14.284006119 CET14402497373.68.171.119192.168.2.4
                                                                                            Jan 10, 2024 15:13:14.284236908 CET4973714402192.168.2.43.68.171.119
                                                                                            Jan 10, 2024 15:13:14.463666916 CET14402497373.68.171.119192.168.2.4
                                                                                            Jan 10, 2024 15:13:14.463866949 CET4973714402192.168.2.43.68.171.119
                                                                                            Jan 10, 2024 15:13:14.643342018 CET14402497373.68.171.119192.168.2.4
                                                                                            Jan 10, 2024 15:13:14.643661976 CET4973714402192.168.2.43.68.171.119
                                                                                            Jan 10, 2024 15:13:14.823678017 CET14402497373.68.171.119192.168.2.4
                                                                                            Jan 10, 2024 15:13:14.823777914 CET4973714402192.168.2.43.68.171.119
                                                                                            Jan 10, 2024 15:13:15.003293037 CET14402497373.68.171.119192.168.2.4
                                                                                            Jan 10, 2024 15:13:15.003387928 CET4973714402192.168.2.43.68.171.119
                                                                                            Jan 10, 2024 15:13:15.182919979 CET14402497373.68.171.119192.168.2.4
                                                                                            Jan 10, 2024 15:13:15.183096886 CET4973714402192.168.2.43.68.171.119
                                                                                            Jan 10, 2024 15:13:15.362775087 CET14402497373.68.171.119192.168.2.4
                                                                                            Jan 10, 2024 15:13:15.362890005 CET4973714402192.168.2.43.68.171.119
                                                                                            Jan 10, 2024 15:13:15.542195082 CET14402497373.68.171.119192.168.2.4
                                                                                            Jan 10, 2024 15:13:15.542287111 CET4973714402192.168.2.43.68.171.119
                                                                                            Jan 10, 2024 15:13:15.722215891 CET14402497373.68.171.119192.168.2.4
                                                                                            Jan 10, 2024 15:13:15.722337961 CET4973714402192.168.2.43.68.171.119
                                                                                            Jan 10, 2024 15:13:15.904297113 CET14402497373.68.171.119192.168.2.4
                                                                                            Jan 10, 2024 15:13:15.904432058 CET4973714402192.168.2.43.68.171.119
                                                                                            Jan 10, 2024 15:13:16.083882093 CET14402497373.68.171.119192.168.2.4
                                                                                            Jan 10, 2024 15:13:16.083965063 CET4973714402192.168.2.43.68.171.119
                                                                                            Jan 10, 2024 15:13:16.264369965 CET14402497373.68.171.119192.168.2.4
                                                                                            Jan 10, 2024 15:13:16.264734983 CET4973714402192.168.2.43.68.171.119
                                                                                            Jan 10, 2024 15:13:16.444824934 CET14402497373.68.171.119192.168.2.4
                                                                                            Jan 10, 2024 15:13:16.445020914 CET4973714402192.168.2.43.68.171.119
                                                                                            Jan 10, 2024 15:13:16.624434948 CET14402497373.68.171.119192.168.2.4
                                                                                            Jan 10, 2024 15:13:16.624506950 CET4973714402192.168.2.43.68.171.119
                                                                                            Jan 10, 2024 15:13:16.806233883 CET14402497373.68.171.119192.168.2.4
                                                                                            Jan 10, 2024 15:13:16.806371927 CET4973714402192.168.2.43.68.171.119
                                                                                            Jan 10, 2024 15:13:16.987482071 CET14402497373.68.171.119192.168.2.4
                                                                                            Jan 10, 2024 15:13:16.987670898 CET4973714402192.168.2.43.68.171.119
                                                                                            Jan 10, 2024 15:13:17.167397976 CET14402497373.68.171.119192.168.2.4
                                                                                            Jan 10, 2024 15:13:17.167552948 CET4973714402192.168.2.43.68.171.119
                                                                                            Jan 10, 2024 15:13:17.347410917 CET14402497373.68.171.119192.168.2.4
                                                                                            Jan 10, 2024 15:13:17.347507954 CET4973714402192.168.2.43.68.171.119
                                                                                            Jan 10, 2024 15:13:17.526890039 CET14402497373.68.171.119192.168.2.4
                                                                                            Jan 10, 2024 15:13:17.527017117 CET4973714402192.168.2.43.68.171.119
                                                                                            Jan 10, 2024 15:13:17.706290960 CET14402497373.68.171.119192.168.2.4
                                                                                            Jan 10, 2024 15:13:17.706370115 CET4973714402192.168.2.43.68.171.119
                                                                                            Jan 10, 2024 15:13:17.886030912 CET14402497373.68.171.119192.168.2.4
                                                                                            Jan 10, 2024 15:13:17.886142969 CET4973714402192.168.2.43.68.171.119
                                                                                            Jan 10, 2024 15:13:18.065663099 CET14402497373.68.171.119192.168.2.4
                                                                                            Jan 10, 2024 15:13:18.065758944 CET4973714402192.168.2.43.68.171.119
                                                                                            Jan 10, 2024 15:13:18.245245934 CET14402497373.68.171.119192.168.2.4
                                                                                            Jan 10, 2024 15:13:18.245379925 CET4973714402192.168.2.43.68.171.119
                                                                                            Jan 10, 2024 15:13:18.425457954 CET14402497373.68.171.119192.168.2.4
                                                                                            Jan 10, 2024 15:13:18.425621986 CET4973714402192.168.2.43.68.171.119
                                                                                            Jan 10, 2024 15:13:18.606714010 CET14402497373.68.171.119192.168.2.4
                                                                                            Jan 10, 2024 15:13:18.606801987 CET4973714402192.168.2.43.68.171.119
                                                                                            Jan 10, 2024 15:13:18.786514997 CET14402497373.68.171.119192.168.2.4
                                                                                            Jan 10, 2024 15:13:18.786742926 CET4973714402192.168.2.43.68.171.119
                                                                                            Jan 10, 2024 15:13:18.966252089 CET14402497373.68.171.119192.168.2.4
                                                                                            Jan 10, 2024 15:13:18.966522932 CET4973714402192.168.2.43.68.171.119
                                                                                            Jan 10, 2024 15:13:19.146063089 CET14402497373.68.171.119192.168.2.4
                                                                                            Jan 10, 2024 15:13:19.146337986 CET4973714402192.168.2.43.68.171.119
                                                                                            Jan 10, 2024 15:13:19.325823069 CET14402497373.68.171.119192.168.2.4
                                                                                            Jan 10, 2024 15:13:19.325934887 CET4973714402192.168.2.43.68.171.119
                                                                                            Jan 10, 2024 15:13:19.506321907 CET14402497373.68.171.119192.168.2.4
                                                                                            Jan 10, 2024 15:13:19.506478071 CET4973714402192.168.2.43.68.171.119
                                                                                            Jan 10, 2024 15:13:19.691348076 CET14402497373.68.171.119192.168.2.4
                                                                                            Jan 10, 2024 15:13:19.691574097 CET4973714402192.168.2.43.68.171.119
                                                                                            Jan 10, 2024 15:13:19.871676922 CET14402497373.68.171.119192.168.2.4
                                                                                            Jan 10, 2024 15:13:19.871792078 CET4973714402192.168.2.43.68.171.119
                                                                                            Jan 10, 2024 15:13:20.054275036 CET14402497373.68.171.119192.168.2.4
                                                                                            Jan 10, 2024 15:13:20.054379940 CET4973714402192.168.2.43.68.171.119
                                                                                            Jan 10, 2024 15:13:20.238399982 CET14402497373.68.171.119192.168.2.4
                                                                                            Jan 10, 2024 15:13:20.238500118 CET4973714402192.168.2.43.68.171.119
                                                                                            Jan 10, 2024 15:13:20.418262959 CET14402497373.68.171.119192.168.2.4
                                                                                            Jan 10, 2024 15:13:20.418401957 CET4973714402192.168.2.43.68.171.119
                                                                                            Jan 10, 2024 15:13:20.597764015 CET14402497373.68.171.119192.168.2.4
                                                                                            Jan 10, 2024 15:13:20.598007917 CET4973714402192.168.2.43.68.171.119
                                                                                            Jan 10, 2024 15:13:20.778137922 CET14402497373.68.171.119192.168.2.4
                                                                                            Jan 10, 2024 15:13:20.778279066 CET4973714402192.168.2.43.68.171.119
                                                                                            Jan 10, 2024 15:13:20.957602024 CET14402497373.68.171.119192.168.2.4
                                                                                            Jan 10, 2024 15:13:20.957684040 CET4973714402192.168.2.43.68.171.119
                                                                                            Jan 10, 2024 15:13:21.137165070 CET14402497373.68.171.119192.168.2.4
                                                                                            Jan 10, 2024 15:13:21.137233019 CET4973714402192.168.2.43.68.171.119
                                                                                            Jan 10, 2024 15:13:21.316612959 CET14402497373.68.171.119192.168.2.4
                                                                                            Jan 10, 2024 15:13:21.316679955 CET4973714402192.168.2.43.68.171.119
                                                                                            Jan 10, 2024 15:13:21.497653008 CET14402497373.68.171.119192.168.2.4
                                                                                            Jan 10, 2024 15:13:21.497710943 CET4973714402192.168.2.43.68.171.119
                                                                                            Jan 10, 2024 15:13:21.677009106 CET14402497373.68.171.119192.168.2.4
                                                                                            Jan 10, 2024 15:13:21.678913116 CET4973714402192.168.2.43.68.171.119
                                                                                            Jan 10, 2024 15:13:21.858633995 CET14402497373.68.171.119192.168.2.4
                                                                                            Jan 10, 2024 15:13:21.858931065 CET4973714402192.168.2.43.68.171.119
                                                                                            Jan 10, 2024 15:13:22.039320946 CET14402497373.68.171.119192.168.2.4
                                                                                            Jan 10, 2024 15:13:22.042862892 CET4973714402192.168.2.43.68.171.119
                                                                                            Jan 10, 2024 15:13:22.222425938 CET14402497373.68.171.119192.168.2.4
                                                                                            Jan 10, 2024 15:13:22.222762108 CET4973714402192.168.2.43.68.171.119
                                                                                            Jan 10, 2024 15:13:22.402622938 CET14402497373.68.171.119192.168.2.4
                                                                                            Jan 10, 2024 15:13:22.402709961 CET4973714402192.168.2.43.68.171.119
                                                                                            Jan 10, 2024 15:13:22.582154989 CET14402497373.68.171.119192.168.2.4
                                                                                            Jan 10, 2024 15:13:22.582242966 CET4973714402192.168.2.43.68.171.119
                                                                                            Jan 10, 2024 15:13:22.762656927 CET14402497373.68.171.119192.168.2.4
                                                                                            Jan 10, 2024 15:13:23.889132023 CET4973714402192.168.2.43.68.171.119
                                                                                            Jan 10, 2024 15:13:24.068919897 CET14402497373.68.171.119192.168.2.4
                                                                                            Jan 10, 2024 15:13:25.269131899 CET4973714402192.168.2.43.68.171.119
                                                                                            Jan 10, 2024 15:13:25.448596954 CET14402497373.68.171.119192.168.2.4
                                                                                            Jan 10, 2024 15:13:25.448715925 CET4973714402192.168.2.43.68.171.119
                                                                                            Jan 10, 2024 15:13:25.630126953 CET14402497373.68.171.119192.168.2.4
                                                                                            Jan 10, 2024 15:13:25.630274057 CET4973714402192.168.2.43.68.171.119
                                                                                            Jan 10, 2024 15:13:25.814744949 CET14402497373.68.171.119192.168.2.4
                                                                                            Jan 10, 2024 15:13:25.814816952 CET4973714402192.168.2.43.68.171.119
                                                                                            Jan 10, 2024 15:13:25.994288921 CET14402497373.68.171.119192.168.2.4
                                                                                            Jan 10, 2024 15:13:25.994513988 CET4973714402192.168.2.43.68.171.119
                                                                                            Jan 10, 2024 15:13:26.176750898 CET14402497373.68.171.119192.168.2.4
                                                                                            Jan 10, 2024 15:13:26.176877022 CET4973714402192.168.2.43.68.171.119
                                                                                            Jan 10, 2024 15:13:26.357161999 CET14402497373.68.171.119192.168.2.4
                                                                                            Jan 10, 2024 15:13:26.357239962 CET4973714402192.168.2.43.68.171.119
                                                                                            Jan 10, 2024 15:13:26.536554098 CET14402497373.68.171.119192.168.2.4
                                                                                            Jan 10, 2024 15:13:26.536746979 CET4973714402192.168.2.43.68.171.119
                                                                                            Jan 10, 2024 15:13:26.717355967 CET14402497373.68.171.119192.168.2.4
                                                                                            Jan 10, 2024 15:13:26.717593908 CET4973714402192.168.2.43.68.171.119
                                                                                            Jan 10, 2024 15:13:26.898439884 CET14402497373.68.171.119192.168.2.4
                                                                                            Jan 10, 2024 15:13:26.898673058 CET4973714402192.168.2.43.68.171.119
                                                                                            Jan 10, 2024 15:13:27.077826977 CET14402497373.68.171.119192.168.2.4
                                                                                            Jan 10, 2024 15:13:27.078052044 CET4973714402192.168.2.43.68.171.119
                                                                                            Jan 10, 2024 15:13:27.260135889 CET14402497373.68.171.119192.168.2.4
                                                                                            Jan 10, 2024 15:13:27.260261059 CET4973714402192.168.2.43.68.171.119
                                                                                            Jan 10, 2024 15:13:27.442596912 CET14402497373.68.171.119192.168.2.4
                                                                                            Jan 10, 2024 15:13:27.442712069 CET4973714402192.168.2.43.68.171.119
                                                                                            Jan 10, 2024 15:13:27.621994972 CET14402497373.68.171.119192.168.2.4
                                                                                            Jan 10, 2024 15:13:27.622098923 CET4973714402192.168.2.43.68.171.119
                                                                                            Jan 10, 2024 15:13:27.801474094 CET14402497373.68.171.119192.168.2.4
                                                                                            Jan 10, 2024 15:13:27.801629066 CET4973714402192.168.2.43.68.171.119
                                                                                            Jan 10, 2024 15:13:27.982085943 CET14402497373.68.171.119192.168.2.4
                                                                                            Jan 10, 2024 15:13:27.982212067 CET4973714402192.168.2.43.68.171.119
                                                                                            Jan 10, 2024 15:13:28.163625956 CET14402497373.68.171.119192.168.2.4
                                                                                            Jan 10, 2024 15:13:28.163719893 CET4973714402192.168.2.43.68.171.119
                                                                                            Jan 10, 2024 15:13:28.344436884 CET14402497373.68.171.119192.168.2.4
                                                                                            Jan 10, 2024 15:13:28.344561100 CET4973714402192.168.2.43.68.171.119
                                                                                            Jan 10, 2024 15:13:28.524946928 CET14402497373.68.171.119192.168.2.4
                                                                                            Jan 10, 2024 15:13:28.525110960 CET4973714402192.168.2.43.68.171.119
                                                                                            Jan 10, 2024 15:13:28.706065893 CET14402497373.68.171.119192.168.2.4
                                                                                            Jan 10, 2024 15:13:28.706144094 CET4973714402192.168.2.43.68.171.119
                                                                                            Jan 10, 2024 15:13:28.887748957 CET14402497373.68.171.119192.168.2.4
                                                                                            Jan 10, 2024 15:13:28.887897968 CET4973714402192.168.2.43.68.171.119
                                                                                            Jan 10, 2024 15:13:29.071460962 CET14402497373.68.171.119192.168.2.4
                                                                                            Jan 10, 2024 15:13:29.071640968 CET4973714402192.168.2.43.68.171.119
                                                                                            Jan 10, 2024 15:13:29.252604008 CET14402497373.68.171.119192.168.2.4
                                                                                            Jan 10, 2024 15:13:29.252837896 CET4973714402192.168.2.43.68.171.119
                                                                                            Jan 10, 2024 15:13:29.438647032 CET14402497373.68.171.119192.168.2.4
                                                                                            Jan 10, 2024 15:13:29.438782930 CET4973714402192.168.2.43.68.171.119
                                                                                            Jan 10, 2024 15:13:29.618041039 CET14402497373.68.171.119192.168.2.4
                                                                                            Jan 10, 2024 15:13:29.618165970 CET4973714402192.168.2.43.68.171.119
                                                                                            Jan 10, 2024 15:13:29.803957939 CET14402497373.68.171.119192.168.2.4
                                                                                            Jan 10, 2024 15:13:29.804200888 CET4973714402192.168.2.43.68.171.119
                                                                                            Jan 10, 2024 15:13:29.983557940 CET14402497373.68.171.119192.168.2.4
                                                                                            Jan 10, 2024 15:13:29.983675957 CET4973714402192.168.2.43.68.171.119
                                                                                            Jan 10, 2024 15:13:30.162920952 CET14402497373.68.171.119192.168.2.4
                                                                                            Jan 10, 2024 15:13:30.163160086 CET4973714402192.168.2.43.68.171.119
                                                                                            Jan 10, 2024 15:13:30.342514038 CET14402497373.68.171.119192.168.2.4
                                                                                            Jan 10, 2024 15:13:30.342628002 CET4973714402192.168.2.43.68.171.119
                                                                                            Jan 10, 2024 15:13:30.522010088 CET14402497373.68.171.119192.168.2.4
                                                                                            Jan 10, 2024 15:13:30.522104979 CET4973714402192.168.2.43.68.171.119
                                                                                            Jan 10, 2024 15:13:30.710134983 CET14402497373.68.171.119192.168.2.4
                                                                                            Jan 10, 2024 15:13:30.710303068 CET4973714402192.168.2.43.68.171.119
                                                                                            Jan 10, 2024 15:13:30.889512062 CET14402497373.68.171.119192.168.2.4
                                                                                            Jan 10, 2024 15:13:30.889657021 CET4973714402192.168.2.43.68.171.119
                                                                                            Jan 10, 2024 15:13:31.069133997 CET14402497373.68.171.119192.168.2.4
                                                                                            Jan 10, 2024 15:13:31.069356918 CET4973714402192.168.2.43.68.171.119
                                                                                            Jan 10, 2024 15:13:31.248819113 CET14402497373.68.171.119192.168.2.4
                                                                                            Jan 10, 2024 15:13:31.249001026 CET4973714402192.168.2.43.68.171.119
                                                                                            Jan 10, 2024 15:13:31.428564072 CET14402497373.68.171.119192.168.2.4
                                                                                            Jan 10, 2024 15:13:31.428658962 CET4973714402192.168.2.43.68.171.119
                                                                                            Jan 10, 2024 15:13:31.608226061 CET14402497373.68.171.119192.168.2.4
                                                                                            Jan 10, 2024 15:13:31.608297110 CET4973714402192.168.2.43.68.171.119
                                                                                            Jan 10, 2024 15:13:31.800246954 CET14402497373.68.171.119192.168.2.4
                                                                                            Jan 10, 2024 15:13:31.800379038 CET4973714402192.168.2.43.68.171.119
                                                                                            Jan 10, 2024 15:13:31.979619026 CET14402497373.68.171.119192.168.2.4
                                                                                            Jan 10, 2024 15:13:31.979724884 CET4973714402192.168.2.43.68.171.119
                                                                                            Jan 10, 2024 15:13:32.163480043 CET14402497373.68.171.119192.168.2.4
                                                                                            Jan 10, 2024 15:13:32.163559914 CET4973714402192.168.2.43.68.171.119
                                                                                            Jan 10, 2024 15:13:32.345422029 CET14402497373.68.171.119192.168.2.4
                                                                                            Jan 10, 2024 15:13:32.345531940 CET4973714402192.168.2.43.68.171.119
                                                                                            Jan 10, 2024 15:13:32.524863958 CET14402497373.68.171.119192.168.2.4
                                                                                            Jan 10, 2024 15:13:32.524991035 CET4973714402192.168.2.43.68.171.119
                                                                                            Jan 10, 2024 15:13:32.706995964 CET14402497373.68.171.119192.168.2.4
                                                                                            Jan 10, 2024 15:13:32.707063913 CET4973714402192.168.2.43.68.171.119
                                                                                            Jan 10, 2024 15:13:32.886456966 CET14402497373.68.171.119192.168.2.4
                                                                                            Jan 10, 2024 15:13:32.886612892 CET4973714402192.168.2.43.68.171.119
                                                                                            Jan 10, 2024 15:13:33.065984011 CET14402497373.68.171.119192.168.2.4
                                                                                            Jan 10, 2024 15:13:33.066107988 CET4973714402192.168.2.43.68.171.119
                                                                                            Jan 10, 2024 15:13:33.245526075 CET14402497373.68.171.119192.168.2.4
                                                                                            Jan 10, 2024 15:13:33.245709896 CET4973714402192.168.2.43.68.171.119
                                                                                            Jan 10, 2024 15:13:33.426712990 CET14402497373.68.171.119192.168.2.4
                                                                                            Jan 10, 2024 15:13:33.426911116 CET4973714402192.168.2.43.68.171.119
                                                                                            Jan 10, 2024 15:13:33.607120991 CET14402497373.68.171.119192.168.2.4
                                                                                            Jan 10, 2024 15:13:33.607357979 CET4973714402192.168.2.43.68.171.119
                                                                                            Jan 10, 2024 15:13:33.786998034 CET14402497373.68.171.119192.168.2.4
                                                                                            Jan 10, 2024 15:13:33.787194967 CET4973714402192.168.2.43.68.171.119
                                                                                            Jan 10, 2024 15:13:33.967134953 CET14402497373.68.171.119192.168.2.4
                                                                                            Jan 10, 2024 15:13:33.967278004 CET4973714402192.168.2.43.68.171.119
                                                                                            Jan 10, 2024 15:13:34.149947882 CET14402497373.68.171.119192.168.2.4
                                                                                            Jan 10, 2024 15:13:34.150172949 CET4973714402192.168.2.43.68.171.119
                                                                                            Jan 10, 2024 15:13:34.329674006 CET14402497373.68.171.119192.168.2.4
                                                                                            Jan 10, 2024 15:13:34.329761982 CET4973714402192.168.2.43.68.171.119
                                                                                            Jan 10, 2024 15:13:34.509272099 CET14402497373.68.171.119192.168.2.4
                                                                                            Jan 10, 2024 15:13:34.509505033 CET4973714402192.168.2.43.68.171.119
                                                                                            Jan 10, 2024 15:13:34.701360941 CET14402497373.68.171.119192.168.2.4
                                                                                            Jan 10, 2024 15:13:34.701603889 CET4973714402192.168.2.43.68.171.119
                                                                                            Jan 10, 2024 15:13:34.880994081 CET14402497373.68.171.119192.168.2.4
                                                                                            Jan 10, 2024 15:13:34.881077051 CET4973714402192.168.2.43.68.171.119
                                                                                            Jan 10, 2024 15:13:35.060628891 CET14402497373.68.171.119192.168.2.4
                                                                                            Jan 10, 2024 15:13:35.060720921 CET4973714402192.168.2.43.68.171.119
                                                                                            Jan 10, 2024 15:13:35.245330095 CET14402497373.68.171.119192.168.2.4
                                                                                            Jan 10, 2024 15:13:35.245433092 CET4973714402192.168.2.43.68.171.119
                                                                                            Jan 10, 2024 15:13:35.424773932 CET14402497373.68.171.119192.168.2.4
                                                                                            Jan 10, 2024 15:13:35.424885988 CET4973714402192.168.2.43.68.171.119
                                                                                            Jan 10, 2024 15:13:35.604619980 CET14402497373.68.171.119192.168.2.4
                                                                                            Jan 10, 2024 15:13:35.604844093 CET4973714402192.168.2.43.68.171.119
                                                                                            Jan 10, 2024 15:13:35.785156012 CET14402497373.68.171.119192.168.2.4
                                                                                            Jan 10, 2024 15:13:35.785243988 CET4973714402192.168.2.43.68.171.119
                                                                                            Jan 10, 2024 15:13:35.964541912 CET14402497373.68.171.119192.168.2.4
                                                                                            Jan 10, 2024 15:13:35.964778900 CET4973714402192.168.2.43.68.171.119
                                                                                            Jan 10, 2024 15:13:36.146306992 CET14402497373.68.171.119192.168.2.4
                                                                                            Jan 10, 2024 15:13:36.146490097 CET4973714402192.168.2.43.68.171.119
                                                                                            Jan 10, 2024 15:13:36.326549053 CET14402497373.68.171.119192.168.2.4
                                                                                            Jan 10, 2024 15:13:36.326647997 CET4973714402192.168.2.43.68.171.119
                                                                                            Jan 10, 2024 15:13:36.506268978 CET14402497373.68.171.119192.168.2.4
                                                                                            Jan 10, 2024 15:13:36.506500959 CET4973714402192.168.2.43.68.171.119
                                                                                            Jan 10, 2024 15:13:36.686789036 CET14402497373.68.171.119192.168.2.4
                                                                                            Jan 10, 2024 15:13:36.686978102 CET4973714402192.168.2.43.68.171.119
                                                                                            Jan 10, 2024 15:13:36.869817019 CET14402497373.68.171.119192.168.2.4
                                                                                            Jan 10, 2024 15:13:36.870001078 CET4973714402192.168.2.43.68.171.119
                                                                                            Jan 10, 2024 15:13:37.049483061 CET14402497373.68.171.119192.168.2.4
                                                                                            Jan 10, 2024 15:13:37.049582005 CET4973714402192.168.2.43.68.171.119
                                                                                            Jan 10, 2024 15:13:37.229043007 CET14402497373.68.171.119192.168.2.4
                                                                                            Jan 10, 2024 15:13:37.229110003 CET4973714402192.168.2.43.68.171.119
                                                                                            Jan 10, 2024 15:13:37.410362005 CET14402497373.68.171.119192.168.2.4
                                                                                            Jan 10, 2024 15:13:37.410454035 CET4973714402192.168.2.43.68.171.119
                                                                                            Jan 10, 2024 15:13:37.589946985 CET14402497373.68.171.119192.168.2.4
                                                                                            Jan 10, 2024 15:13:37.590037107 CET4973714402192.168.2.43.68.171.119
                                                                                            Jan 10, 2024 15:13:37.769634962 CET14402497373.68.171.119192.168.2.4
                                                                                            Jan 10, 2024 15:13:37.769747019 CET4973714402192.168.2.43.68.171.119
                                                                                            Jan 10, 2024 15:13:37.949311018 CET14402497373.68.171.119192.168.2.4
                                                                                            Jan 10, 2024 15:13:37.949435949 CET4973714402192.168.2.43.68.171.119
                                                                                            Jan 10, 2024 15:13:38.130120993 CET14402497373.68.171.119192.168.2.4
                                                                                            Jan 10, 2024 15:13:38.130206108 CET4973714402192.168.2.43.68.171.119
                                                                                            Jan 10, 2024 15:13:38.309997082 CET14402497373.68.171.119192.168.2.4
                                                                                            Jan 10, 2024 15:13:38.310101986 CET4973714402192.168.2.43.68.171.119
                                                                                            Jan 10, 2024 15:13:38.489572048 CET14402497373.68.171.119192.168.2.4
                                                                                            Jan 10, 2024 15:13:38.489686966 CET4973714402192.168.2.43.68.171.119
                                                                                            Jan 10, 2024 15:13:38.669282913 CET14402497373.68.171.119192.168.2.4
                                                                                            Jan 10, 2024 15:13:38.669369936 CET4973714402192.168.2.43.68.171.119
                                                                                            Jan 10, 2024 15:13:38.848614931 CET14402497373.68.171.119192.168.2.4
                                                                                            Jan 10, 2024 15:13:38.848745108 CET4973714402192.168.2.43.68.171.119
                                                                                            Jan 10, 2024 15:13:39.029097080 CET14402497373.68.171.119192.168.2.4
                                                                                            Jan 10, 2024 15:13:39.029225111 CET4973714402192.168.2.43.68.171.119
                                                                                            Jan 10, 2024 15:13:39.209533930 CET14402497373.68.171.119192.168.2.4
                                                                                            Jan 10, 2024 15:13:39.209733009 CET4973714402192.168.2.43.68.171.119
                                                                                            Jan 10, 2024 15:13:39.396965027 CET14402497373.68.171.119192.168.2.4
                                                                                            Jan 10, 2024 15:13:39.397072077 CET4973714402192.168.2.43.68.171.119
                                                                                            Jan 10, 2024 15:13:39.577410936 CET14402497373.68.171.119192.168.2.4
                                                                                            Jan 10, 2024 15:13:39.577517033 CET4973714402192.168.2.43.68.171.119
                                                                                            Jan 10, 2024 15:13:39.757801056 CET14402497373.68.171.119192.168.2.4
                                                                                            Jan 10, 2024 15:13:39.757931948 CET4973714402192.168.2.43.68.171.119
                                                                                            Jan 10, 2024 15:13:39.938106060 CET14402497373.68.171.119192.168.2.4
                                                                                            Jan 10, 2024 15:13:39.938185930 CET4973714402192.168.2.43.68.171.119
                                                                                            Jan 10, 2024 15:13:40.121503115 CET14402497373.68.171.119192.168.2.4
                                                                                            Jan 10, 2024 15:13:40.121629000 CET4973714402192.168.2.43.68.171.119
                                                                                            Jan 10, 2024 15:13:40.304383993 CET14402497373.68.171.119192.168.2.4
                                                                                            Jan 10, 2024 15:13:40.304465055 CET4973714402192.168.2.43.68.171.119
                                                                                            Jan 10, 2024 15:13:40.486604929 CET14402497373.68.171.119192.168.2.4
                                                                                            Jan 10, 2024 15:13:42.987366915 CET4973714402192.168.2.43.68.171.119
                                                                                            Jan 10, 2024 15:13:43.167879105 CET14402497373.68.171.119192.168.2.4
                                                                                            Jan 10, 2024 15:13:43.167968035 CET4973714402192.168.2.43.68.171.119
                                                                                            Jan 10, 2024 15:13:43.348408937 CET14402497373.68.171.119192.168.2.4
                                                                                            Jan 10, 2024 15:13:43.348509073 CET4973714402192.168.2.43.68.171.119
                                                                                            Jan 10, 2024 15:13:43.537746906 CET14402497373.68.171.119192.168.2.4
                                                                                            Jan 10, 2024 15:13:43.537913084 CET4973714402192.168.2.43.68.171.119
                                                                                            Jan 10, 2024 15:13:43.718410969 CET14402497373.68.171.119192.168.2.4
                                                                                            Jan 10, 2024 15:13:43.718487024 CET4973714402192.168.2.43.68.171.119
                                                                                            Jan 10, 2024 15:13:43.898868084 CET14402497373.68.171.119192.168.2.4
                                                                                            Jan 10, 2024 15:13:43.898962021 CET4973714402192.168.2.43.68.171.119
                                                                                            Jan 10, 2024 15:13:44.079236031 CET14402497373.68.171.119192.168.2.4
                                                                                            Jan 10, 2024 15:13:44.079380989 CET4973714402192.168.2.43.68.171.119
                                                                                            Jan 10, 2024 15:13:44.259550095 CET14402497373.68.171.119192.168.2.4
                                                                                            Jan 10, 2024 15:13:44.259641886 CET4973714402192.168.2.43.68.171.119
                                                                                            Jan 10, 2024 15:13:44.440566063 CET14402497373.68.171.119192.168.2.4
                                                                                            Jan 10, 2024 15:13:44.440675974 CET4973714402192.168.2.43.68.171.119
                                                                                            Jan 10, 2024 15:13:44.621155977 CET14402497373.68.171.119192.168.2.4
                                                                                            Jan 10, 2024 15:13:44.621253014 CET4973714402192.168.2.43.68.171.119
                                                                                            Jan 10, 2024 15:13:44.801549911 CET14402497373.68.171.119192.168.2.4
                                                                                            Jan 10, 2024 15:13:44.801637888 CET4973714402192.168.2.43.68.171.119
                                                                                            Jan 10, 2024 15:13:44.981908083 CET14402497373.68.171.119192.168.2.4
                                                                                            Jan 10, 2024 15:13:44.982001066 CET4973714402192.168.2.43.68.171.119
                                                                                            Jan 10, 2024 15:13:45.164566994 CET14402497373.68.171.119192.168.2.4
                                                                                            Jan 10, 2024 15:13:45.164696932 CET4973714402192.168.2.43.68.171.119
                                                                                            Jan 10, 2024 15:13:45.345488071 CET14402497373.68.171.119192.168.2.4
                                                                                            Jan 10, 2024 15:13:45.345583916 CET4973714402192.168.2.43.68.171.119
                                                                                            Jan 10, 2024 15:13:45.526513100 CET14402497373.68.171.119192.168.2.4
                                                                                            Jan 10, 2024 15:13:45.526634932 CET4973714402192.168.2.43.68.171.119
                                                                                            Jan 10, 2024 15:13:45.708165884 CET14402497373.68.171.119192.168.2.4
                                                                                            Jan 10, 2024 15:13:45.708291054 CET4973714402192.168.2.43.68.171.119
                                                                                            Jan 10, 2024 15:13:45.888530016 CET14402497373.68.171.119192.168.2.4
                                                                                            Jan 10, 2024 15:13:45.888710976 CET4973714402192.168.2.43.68.171.119
                                                                                            Jan 10, 2024 15:13:46.068898916 CET14402497373.68.171.119192.168.2.4
                                                                                            Jan 10, 2024 15:13:46.069022894 CET4973714402192.168.2.43.68.171.119
                                                                                            Jan 10, 2024 15:13:46.249674082 CET14402497373.68.171.119192.168.2.4
                                                                                            Jan 10, 2024 15:13:46.249777079 CET4973714402192.168.2.43.68.171.119
                                                                                            Jan 10, 2024 15:13:46.433933973 CET14402497373.68.171.119192.168.2.4
                                                                                            Jan 10, 2024 15:13:46.434072971 CET4973714402192.168.2.43.68.171.119
                                                                                            Jan 10, 2024 15:13:46.614284039 CET14402497373.68.171.119192.168.2.4
                                                                                            Jan 10, 2024 15:13:46.614367962 CET4973714402192.168.2.43.68.171.119
                                                                                            Jan 10, 2024 15:13:46.794740915 CET14402497373.68.171.119192.168.2.4
                                                                                            Jan 10, 2024 15:13:46.794943094 CET4973714402192.168.2.43.68.171.119
                                                                                            Jan 10, 2024 15:13:46.975625038 CET14402497373.68.171.119192.168.2.4
                                                                                            Jan 10, 2024 15:13:46.975722075 CET4973714402192.168.2.43.68.171.119
                                                                                            Jan 10, 2024 15:13:47.156516075 CET14402497373.68.171.119192.168.2.4
                                                                                            Jan 10, 2024 15:13:47.156625032 CET4973714402192.168.2.43.68.171.119
                                                                                            Jan 10, 2024 15:13:47.337030888 CET14402497373.68.171.119192.168.2.4
                                                                                            Jan 10, 2024 15:13:47.337166071 CET4973714402192.168.2.43.68.171.119
                                                                                            Jan 10, 2024 15:13:47.518074989 CET14402497373.68.171.119192.168.2.4
                                                                                            Jan 10, 2024 15:13:47.518224001 CET4973714402192.168.2.43.68.171.119
                                                                                            Jan 10, 2024 15:13:47.699371099 CET14402497373.68.171.119192.168.2.4
                                                                                            Jan 10, 2024 15:13:47.699503899 CET4973714402192.168.2.43.68.171.119
                                                                                            Jan 10, 2024 15:13:47.879937887 CET14402497373.68.171.119192.168.2.4
                                                                                            Jan 10, 2024 15:13:47.880073071 CET4973714402192.168.2.43.68.171.119
                                                                                            Jan 10, 2024 15:13:48.064600945 CET14402497373.68.171.119192.168.2.4
                                                                                            Jan 10, 2024 15:13:48.064806938 CET4973714402192.168.2.43.68.171.119
                                                                                            Jan 10, 2024 15:13:48.245331049 CET14402497373.68.171.119192.168.2.4
                                                                                            Jan 10, 2024 15:13:48.245474100 CET4973714402192.168.2.43.68.171.119
                                                                                            Jan 10, 2024 15:13:48.427570105 CET14402497373.68.171.119192.168.2.4
                                                                                            Jan 10, 2024 15:13:48.427650928 CET4973714402192.168.2.43.68.171.119
                                                                                            Jan 10, 2024 15:13:48.608341932 CET14402497373.68.171.119192.168.2.4
                                                                                            Jan 10, 2024 15:13:48.608656883 CET4973714402192.168.2.43.68.171.119
                                                                                            Jan 10, 2024 15:13:48.789679050 CET14402497373.68.171.119192.168.2.4
                                                                                            Jan 10, 2024 15:13:48.789766073 CET4973714402192.168.2.43.68.171.119
                                                                                            Jan 10, 2024 15:13:48.970136881 CET14402497373.68.171.119192.168.2.4
                                                                                            Jan 10, 2024 15:13:48.970217943 CET4973714402192.168.2.43.68.171.119
                                                                                            Jan 10, 2024 15:13:49.150814056 CET14402497373.68.171.119192.168.2.4
                                                                                            Jan 10, 2024 15:13:49.150923014 CET4973714402192.168.2.43.68.171.119
                                                                                            Jan 10, 2024 15:13:49.346752882 CET14402497373.68.171.119192.168.2.4
                                                                                            Jan 10, 2024 15:13:49.346882105 CET4973714402192.168.2.43.68.171.119
                                                                                            Jan 10, 2024 15:13:49.527863979 CET14402497373.68.171.119192.168.2.4
                                                                                            Jan 10, 2024 15:13:49.527936935 CET4973714402192.168.2.43.68.171.119
                                                                                            Jan 10, 2024 15:13:49.708304882 CET14402497373.68.171.119192.168.2.4
                                                                                            Jan 10, 2024 15:13:49.708496094 CET4973714402192.168.2.43.68.171.119
                                                                                            Jan 10, 2024 15:13:49.888920069 CET14402497373.68.171.119192.168.2.4
                                                                                            Jan 10, 2024 15:13:49.889128923 CET4973714402192.168.2.43.68.171.119
                                                                                            Jan 10, 2024 15:13:50.069921970 CET14402497373.68.171.119192.168.2.4
                                                                                            Jan 10, 2024 15:13:50.070209980 CET4973714402192.168.2.43.68.171.119
                                                                                            Jan 10, 2024 15:13:50.250722885 CET14402497373.68.171.119192.168.2.4
                                                                                            Jan 10, 2024 15:13:50.250936985 CET4973714402192.168.2.43.68.171.119
                                                                                            Jan 10, 2024 15:13:50.431284904 CET14402497373.68.171.119192.168.2.4
                                                                                            Jan 10, 2024 15:13:50.431446075 CET4973714402192.168.2.43.68.171.119
                                                                                            Jan 10, 2024 15:13:50.611921072 CET14402497373.68.171.119192.168.2.4
                                                                                            Jan 10, 2024 15:13:50.612121105 CET4973714402192.168.2.43.68.171.119
                                                                                            Jan 10, 2024 15:13:50.792838097 CET14402497373.68.171.119192.168.2.4
                                                                                            Jan 10, 2024 15:13:50.792922020 CET4973714402192.168.2.43.68.171.119
                                                                                            Jan 10, 2024 15:13:50.973249912 CET14402497373.68.171.119192.168.2.4
                                                                                            Jan 10, 2024 15:13:50.973330975 CET4973714402192.168.2.43.68.171.119
                                                                                            Jan 10, 2024 15:13:51.153798103 CET14402497373.68.171.119192.168.2.4
                                                                                            Jan 10, 2024 15:13:51.153903008 CET4973714402192.168.2.43.68.171.119
                                                                                            Jan 10, 2024 15:13:51.336808920 CET14402497373.68.171.119192.168.2.4
                                                                                            Jan 10, 2024 15:13:51.336874962 CET4973714402192.168.2.43.68.171.119
                                                                                            Jan 10, 2024 15:13:51.517616034 CET14402497373.68.171.119192.168.2.4
                                                                                            Jan 10, 2024 15:13:51.517738104 CET4973714402192.168.2.43.68.171.119
                                                                                            Jan 10, 2024 15:13:51.698242903 CET14402497373.68.171.119192.168.2.4
                                                                                            Jan 10, 2024 15:13:51.698419094 CET4973714402192.168.2.43.68.171.119
                                                                                            Jan 10, 2024 15:13:51.880265951 CET14402497373.68.171.119192.168.2.4
                                                                                            Jan 10, 2024 15:13:51.880327940 CET4973714402192.168.2.43.68.171.119
                                                                                            Jan 10, 2024 15:13:52.061240911 CET14402497373.68.171.119192.168.2.4
                                                                                            Jan 10, 2024 15:13:52.061330080 CET4973714402192.168.2.43.68.171.119
                                                                                            Jan 10, 2024 15:13:52.241583109 CET14402497373.68.171.119192.168.2.4
                                                                                            Jan 10, 2024 15:13:52.241674900 CET4973714402192.168.2.43.68.171.119
                                                                                            Jan 10, 2024 15:13:52.421858072 CET14402497373.68.171.119192.168.2.4
                                                                                            Jan 10, 2024 15:13:52.421921968 CET4973714402192.168.2.43.68.171.119
                                                                                            Jan 10, 2024 15:13:52.602077961 CET14402497373.68.171.119192.168.2.4
                                                                                            Jan 10, 2024 15:13:52.602166891 CET4973714402192.168.2.43.68.171.119
                                                                                            Jan 10, 2024 15:13:52.783701897 CET14402497373.68.171.119192.168.2.4
                                                                                            Jan 10, 2024 15:13:52.783814907 CET4973714402192.168.2.43.68.171.119
                                                                                            Jan 10, 2024 15:13:52.964196920 CET14402497373.68.171.119192.168.2.4
                                                                                            Jan 10, 2024 15:13:52.964334011 CET4973714402192.168.2.43.68.171.119
                                                                                            Jan 10, 2024 15:13:53.144850969 CET14402497373.68.171.119192.168.2.4
                                                                                            Jan 10, 2024 15:13:53.145050049 CET4973714402192.168.2.43.68.171.119
                                                                                            Jan 10, 2024 15:13:53.325377941 CET14402497373.68.171.119192.168.2.4
                                                                                            Jan 10, 2024 15:13:53.325473070 CET4973714402192.168.2.43.68.171.119
                                                                                            Jan 10, 2024 15:13:53.505976915 CET14402497373.68.171.119192.168.2.4
                                                                                            Jan 10, 2024 15:13:53.506134987 CET4973714402192.168.2.43.68.171.119
                                                                                            Jan 10, 2024 15:13:53.686431885 CET14402497373.68.171.119192.168.2.4
                                                                                            Jan 10, 2024 15:13:53.686610937 CET4973714402192.168.2.43.68.171.119
                                                                                            Jan 10, 2024 15:13:53.867777109 CET14402497373.68.171.119192.168.2.4
                                                                                            Jan 10, 2024 15:13:53.867885113 CET4973714402192.168.2.43.68.171.119
                                                                                            Jan 10, 2024 15:13:54.048861027 CET14402497373.68.171.119192.168.2.4
                                                                                            Jan 10, 2024 15:13:54.048994064 CET4973714402192.168.2.43.68.171.119
                                                                                            Jan 10, 2024 15:13:54.229269981 CET14402497373.68.171.119192.168.2.4
                                                                                            Jan 10, 2024 15:13:54.229346991 CET4973714402192.168.2.43.68.171.119
                                                                                            Jan 10, 2024 15:13:54.410955906 CET14402497373.68.171.119192.168.2.4
                                                                                            Jan 10, 2024 15:13:54.411128044 CET4973714402192.168.2.43.68.171.119
                                                                                            Jan 10, 2024 15:13:54.591742039 CET14402497373.68.171.119192.168.2.4
                                                                                            Jan 10, 2024 15:13:54.591916084 CET4973714402192.168.2.43.68.171.119
                                                                                            Jan 10, 2024 15:13:54.772238970 CET14402497373.68.171.119192.168.2.4
                                                                                            Jan 10, 2024 15:13:54.772314072 CET4973714402192.168.2.43.68.171.119
                                                                                            Jan 10, 2024 15:13:54.954672098 CET14402497373.68.171.119192.168.2.4
                                                                                            Jan 10, 2024 15:13:54.954845905 CET4973714402192.168.2.43.68.171.119
                                                                                            Jan 10, 2024 15:13:55.135193110 CET14402497373.68.171.119192.168.2.4
                                                                                            Jan 10, 2024 15:13:55.135287046 CET4973714402192.168.2.43.68.171.119
                                                                                            Jan 10, 2024 15:13:55.321448088 CET14402497373.68.171.119192.168.2.4
                                                                                            Jan 10, 2024 15:13:55.321528912 CET4973714402192.168.2.43.68.171.119
                                                                                            Jan 10, 2024 15:13:55.503530025 CET14402497373.68.171.119192.168.2.4
                                                                                            Jan 10, 2024 15:13:55.503832102 CET4973714402192.168.2.43.68.171.119
                                                                                            Jan 10, 2024 15:13:55.684175968 CET14402497373.68.171.119192.168.2.4
                                                                                            Jan 10, 2024 15:13:55.684458017 CET4973714402192.168.2.43.68.171.119
                                                                                            Jan 10, 2024 15:13:55.865372896 CET14402497373.68.171.119192.168.2.4
                                                                                            Jan 10, 2024 15:13:55.865609884 CET4973714402192.168.2.43.68.171.119
                                                                                            Jan 10, 2024 15:13:56.046008110 CET14402497373.68.171.119192.168.2.4
                                                                                            Jan 10, 2024 15:13:56.046128035 CET4973714402192.168.2.43.68.171.119
                                                                                            Jan 10, 2024 15:13:56.229414940 CET14402497373.68.171.119192.168.2.4
                                                                                            Jan 10, 2024 15:13:56.229546070 CET4973714402192.168.2.43.68.171.119
                                                                                            Jan 10, 2024 15:13:56.410068989 CET14402497373.68.171.119192.168.2.4
                                                                                            Jan 10, 2024 15:13:56.410301924 CET4973714402192.168.2.43.68.171.119
                                                                                            Jan 10, 2024 15:13:56.600225925 CET14402497373.68.171.119192.168.2.4
                                                                                            Jan 10, 2024 15:13:56.600447893 CET4973714402192.168.2.43.68.171.119
                                                                                            Jan 10, 2024 15:13:56.781582117 CET14402497373.68.171.119192.168.2.4
                                                                                            Jan 10, 2024 15:13:56.781963110 CET4973714402192.168.2.43.68.171.119
                                                                                            Jan 10, 2024 15:13:56.963294983 CET14402497373.68.171.119192.168.2.4
                                                                                            Jan 10, 2024 15:13:56.963548899 CET4973714402192.168.2.43.68.171.119
                                                                                            Jan 10, 2024 15:13:57.145057917 CET14402497373.68.171.119192.168.2.4
                                                                                            Jan 10, 2024 15:13:57.145155907 CET4973714402192.168.2.43.68.171.119
                                                                                            Jan 10, 2024 15:13:57.328752041 CET14402497373.68.171.119192.168.2.4
                                                                                            Jan 10, 2024 15:13:57.328984976 CET4973714402192.168.2.43.68.171.119
                                                                                            Jan 10, 2024 15:13:57.509388924 CET14402497373.68.171.119192.168.2.4
                                                                                            Jan 10, 2024 15:13:57.509552956 CET4973714402192.168.2.43.68.171.119
                                                                                            Jan 10, 2024 15:13:57.689874887 CET14402497373.68.171.119192.168.2.4
                                                                                            Jan 10, 2024 15:13:57.689946890 CET4973714402192.168.2.43.68.171.119
                                                                                            Jan 10, 2024 15:13:57.870207071 CET14402497373.68.171.119192.168.2.4
                                                                                            Jan 10, 2024 15:13:57.870399952 CET4973714402192.168.2.43.68.171.119
                                                                                            Jan 10, 2024 15:13:58.050714016 CET14402497373.68.171.119192.168.2.4
                                                                                            Jan 10, 2024 15:13:58.050889015 CET4973714402192.168.2.43.68.171.119
                                                                                            Jan 10, 2024 15:13:58.232144117 CET14402497373.68.171.119192.168.2.4
                                                                                            Jan 10, 2024 15:13:58.232301950 CET4973714402192.168.2.43.68.171.119
                                                                                            Jan 10, 2024 15:13:58.417645931 CET14402497373.68.171.119192.168.2.4
                                                                                            Jan 10, 2024 15:14:00.752736092 CET4973714402192.168.2.43.68.171.119
                                                                                            Jan 10, 2024 15:14:00.933067083 CET14402497373.68.171.119192.168.2.4
                                                                                            Jan 10, 2024 15:14:00.979501963 CET4973714402192.168.2.43.68.171.119
                                                                                            Jan 10, 2024 15:14:01.159960985 CET14402497373.68.171.119192.168.2.4
                                                                                            Jan 10, 2024 15:14:01.160044909 CET4973714402192.168.2.43.68.171.119
                                                                                            Jan 10, 2024 15:14:01.340462923 CET14402497373.68.171.119192.168.2.4
                                                                                            Jan 10, 2024 15:14:01.340636969 CET4973714402192.168.2.43.68.171.119
                                                                                            Jan 10, 2024 15:14:01.523085117 CET14402497373.68.171.119192.168.2.4
                                                                                            Jan 10, 2024 15:14:01.523174047 CET4973714402192.168.2.43.68.171.119
                                                                                            Jan 10, 2024 15:14:01.703387976 CET14402497373.68.171.119192.168.2.4
                                                                                            Jan 10, 2024 15:14:01.703525066 CET4973714402192.168.2.43.68.171.119
                                                                                            Jan 10, 2024 15:14:01.884453058 CET14402497373.68.171.119192.168.2.4
                                                                                            Jan 10, 2024 15:14:01.884685040 CET4973714402192.168.2.43.68.171.119
                                                                                            Jan 10, 2024 15:14:02.065105915 CET14402497373.68.171.119192.168.2.4
                                                                                            Jan 10, 2024 15:14:02.065258026 CET4973714402192.168.2.43.68.171.119
                                                                                            Jan 10, 2024 15:14:02.245819092 CET14402497373.68.171.119192.168.2.4
                                                                                            Jan 10, 2024 15:14:02.246016979 CET4973714402192.168.2.43.68.171.119
                                                                                            Jan 10, 2024 15:14:02.428774118 CET14402497373.68.171.119192.168.2.4
                                                                                            Jan 10, 2024 15:14:02.428925037 CET4973714402192.168.2.43.68.171.119
                                                                                            Jan 10, 2024 15:14:02.609117985 CET14402497373.68.171.119192.168.2.4
                                                                                            Jan 10, 2024 15:14:02.609227896 CET4973714402192.168.2.43.68.171.119
                                                                                            Jan 10, 2024 15:14:02.791522980 CET14402497373.68.171.119192.168.2.4
                                                                                            Jan 10, 2024 15:14:02.791618109 CET4973714402192.168.2.43.68.171.119
                                                                                            Jan 10, 2024 15:14:02.971856117 CET14402497373.68.171.119192.168.2.4
                                                                                            Jan 10, 2024 15:14:02.972007990 CET4973714402192.168.2.43.68.171.119
                                                                                            Jan 10, 2024 15:14:03.152472019 CET14402497373.68.171.119192.168.2.4
                                                                                            Jan 10, 2024 15:14:03.152683973 CET4973714402192.168.2.43.68.171.119
                                                                                            Jan 10, 2024 15:14:03.333239079 CET14402497373.68.171.119192.168.2.4
                                                                                            Jan 10, 2024 15:14:03.333343983 CET4973714402192.168.2.43.68.171.119
                                                                                            Jan 10, 2024 15:14:03.515058041 CET14402497373.68.171.119192.168.2.4
                                                                                            Jan 10, 2024 15:14:03.515209913 CET4973714402192.168.2.43.68.171.119
                                                                                            Jan 10, 2024 15:14:03.696882963 CET14402497373.68.171.119192.168.2.4
                                                                                            Jan 10, 2024 15:14:03.697084904 CET4973714402192.168.2.43.68.171.119
                                                                                            Jan 10, 2024 15:14:03.878964901 CET14402497373.68.171.119192.168.2.4
                                                                                            Jan 10, 2024 15:14:03.879122019 CET4973714402192.168.2.43.68.171.119
                                                                                            Jan 10, 2024 15:14:04.059423923 CET14402497373.68.171.119192.168.2.4
                                                                                            Jan 10, 2024 15:14:04.059578896 CET4973714402192.168.2.43.68.171.119
                                                                                            Jan 10, 2024 15:14:04.239898920 CET14402497373.68.171.119192.168.2.4
                                                                                            Jan 10, 2024 15:14:04.239999056 CET4973714402192.168.2.43.68.171.119
                                                                                            Jan 10, 2024 15:14:04.420469999 CET14402497373.68.171.119192.168.2.4
                                                                                            Jan 10, 2024 15:14:04.420546055 CET4973714402192.168.2.43.68.171.119
                                                                                            Jan 10, 2024 15:14:04.602159023 CET14402497373.68.171.119192.168.2.4
                                                                                            Jan 10, 2024 15:14:04.602253914 CET4973714402192.168.2.43.68.171.119
                                                                                            Jan 10, 2024 15:14:04.783238888 CET14402497373.68.171.119192.168.2.4
                                                                                            Jan 10, 2024 15:14:04.783334970 CET4973714402192.168.2.43.68.171.119
                                                                                            Jan 10, 2024 15:14:04.965012074 CET14402497373.68.171.119192.168.2.4
                                                                                            Jan 10, 2024 15:14:04.965115070 CET4973714402192.168.2.43.68.171.119
                                                                                            Jan 10, 2024 15:14:05.145804882 CET14402497373.68.171.119192.168.2.4
                                                                                            Jan 10, 2024 15:14:05.145947933 CET4973714402192.168.2.43.68.171.119
                                                                                            Jan 10, 2024 15:14:05.329071999 CET14402497373.68.171.119192.168.2.4
                                                                                            Jan 10, 2024 15:14:05.329212904 CET4973714402192.168.2.43.68.171.119
                                                                                            Jan 10, 2024 15:14:05.517935038 CET14402497373.68.171.119192.168.2.4
                                                                                            Jan 10, 2024 15:14:05.518023014 CET4973714402192.168.2.43.68.171.119
                                                                                            Jan 10, 2024 15:14:05.698858023 CET14402497373.68.171.119192.168.2.4
                                                                                            Jan 10, 2024 15:14:05.698951006 CET4973714402192.168.2.43.68.171.119
                                                                                            Jan 10, 2024 15:14:05.879679918 CET14402497373.68.171.119192.168.2.4
                                                                                            Jan 10, 2024 15:14:05.879771948 CET4973714402192.168.2.43.68.171.119
                                                                                            Jan 10, 2024 15:14:06.059905052 CET14402497373.68.171.119192.168.2.4
                                                                                            Jan 10, 2024 15:14:06.060094118 CET4973714402192.168.2.43.68.171.119
                                                                                            Jan 10, 2024 15:14:06.241967916 CET14402497373.68.171.119192.168.2.4
                                                                                            Jan 10, 2024 15:14:06.242166042 CET4973714402192.168.2.43.68.171.119
                                                                                            Jan 10, 2024 15:14:06.422389984 CET14402497373.68.171.119192.168.2.4
                                                                                            Jan 10, 2024 15:14:06.422631025 CET4973714402192.168.2.43.68.171.119
                                                                                            Jan 10, 2024 15:14:06.602808952 CET14402497373.68.171.119192.168.2.4
                                                                                            Jan 10, 2024 15:14:06.602909088 CET4973714402192.168.2.43.68.171.119
                                                                                            Jan 10, 2024 15:14:06.784588099 CET14402497373.68.171.119192.168.2.4
                                                                                            Jan 10, 2024 15:14:06.784713984 CET4973714402192.168.2.43.68.171.119
                                                                                            Jan 10, 2024 15:14:06.965055943 CET14402497373.68.171.119192.168.2.4
                                                                                            Jan 10, 2024 15:14:06.965169907 CET4973714402192.168.2.43.68.171.119
                                                                                            Jan 10, 2024 15:14:07.145565987 CET14402497373.68.171.119192.168.2.4
                                                                                            Jan 10, 2024 15:14:07.145662069 CET4973714402192.168.2.43.68.171.119
                                                                                            Jan 10, 2024 15:14:07.325984001 CET14402497373.68.171.119192.168.2.4
                                                                                            Jan 10, 2024 15:14:07.326078892 CET4973714402192.168.2.43.68.171.119
                                                                                            Jan 10, 2024 15:14:07.506499052 CET14402497373.68.171.119192.168.2.4
                                                                                            Jan 10, 2024 15:14:07.506752014 CET4973714402192.168.2.43.68.171.119
                                                                                            Jan 10, 2024 15:14:07.687448978 CET14402497373.68.171.119192.168.2.4
                                                                                            Jan 10, 2024 15:14:07.687536955 CET4973714402192.168.2.43.68.171.119
                                                                                            Jan 10, 2024 15:14:07.868446112 CET14402497373.68.171.119192.168.2.4
                                                                                            Jan 10, 2024 15:14:07.868535995 CET4973714402192.168.2.43.68.171.119
                                                                                            Jan 10, 2024 15:14:08.049287081 CET14402497373.68.171.119192.168.2.4
                                                                                            Jan 10, 2024 15:14:08.049357891 CET4973714402192.168.2.43.68.171.119
                                                                                            Jan 10, 2024 15:14:08.229775906 CET14402497373.68.171.119192.168.2.4
                                                                                            Jan 10, 2024 15:14:08.230067968 CET4973714402192.168.2.43.68.171.119
                                                                                            Jan 10, 2024 15:14:08.410248995 CET14402497373.68.171.119192.168.2.4
                                                                                            Jan 10, 2024 15:14:08.410316944 CET4973714402192.168.2.43.68.171.119
                                                                                            Jan 10, 2024 15:14:08.590707064 CET14402497373.68.171.119192.168.2.4
                                                                                            Jan 10, 2024 15:14:08.590811014 CET4973714402192.168.2.43.68.171.119
                                                                                            Jan 10, 2024 15:14:08.771469116 CET14402497373.68.171.119192.168.2.4
                                                                                            Jan 10, 2024 15:14:08.771677971 CET4973714402192.168.2.43.68.171.119
                                                                                            Jan 10, 2024 15:14:08.951904058 CET14402497373.68.171.119192.168.2.4
                                                                                            Jan 10, 2024 15:14:08.951998949 CET4973714402192.168.2.43.68.171.119
                                                                                            Jan 10, 2024 15:14:09.132153988 CET14402497373.68.171.119192.168.2.4
                                                                                            Jan 10, 2024 15:14:09.132221937 CET4973714402192.168.2.43.68.171.119
                                                                                            Jan 10, 2024 15:14:09.314167976 CET14402497373.68.171.119192.168.2.4
                                                                                            Jan 10, 2024 15:14:09.314273119 CET4973714402192.168.2.43.68.171.119
                                                                                            Jan 10, 2024 15:14:09.495346069 CET14402497373.68.171.119192.168.2.4
                                                                                            Jan 10, 2024 15:14:09.495474100 CET4973714402192.168.2.43.68.171.119
                                                                                            Jan 10, 2024 15:14:09.676038027 CET14402497373.68.171.119192.168.2.4
                                                                                            Jan 10, 2024 15:14:09.676120043 CET4973714402192.168.2.43.68.171.119
                                                                                            Jan 10, 2024 15:14:09.857520103 CET14402497373.68.171.119192.168.2.4
                                                                                            Jan 10, 2024 15:14:09.857624054 CET4973714402192.168.2.43.68.171.119
                                                                                            Jan 10, 2024 15:14:10.037779093 CET14402497373.68.171.119192.168.2.4
                                                                                            Jan 10, 2024 15:14:10.037919998 CET4973714402192.168.2.43.68.171.119
                                                                                            Jan 10, 2024 15:14:10.218194962 CET14402497373.68.171.119192.168.2.4
                                                                                            Jan 10, 2024 15:14:10.218341112 CET4973714402192.168.2.43.68.171.119
                                                                                            Jan 10, 2024 15:14:10.399048090 CET14402497373.68.171.119192.168.2.4
                                                                                            Jan 10, 2024 15:14:10.399306059 CET4973714402192.168.2.43.68.171.119
                                                                                            Jan 10, 2024 15:14:10.580348015 CET14402497373.68.171.119192.168.2.4
                                                                                            Jan 10, 2024 15:14:10.580482006 CET4973714402192.168.2.43.68.171.119
                                                                                            Jan 10, 2024 15:14:10.760915995 CET14402497373.68.171.119192.168.2.4
                                                                                            Jan 10, 2024 15:14:10.760992050 CET4973714402192.168.2.43.68.171.119
                                                                                            Jan 10, 2024 15:14:10.941250086 CET14402497373.68.171.119192.168.2.4
                                                                                            Jan 10, 2024 15:14:10.941361904 CET4973714402192.168.2.43.68.171.119
                                                                                            Jan 10, 2024 15:14:11.104753017 CET14402497373.68.171.119192.168.2.4
                                                                                            Jan 10, 2024 15:14:11.104829073 CET4973714402192.168.2.43.68.171.119
                                                                                            Jan 10, 2024 15:14:11.121742964 CET14402497373.68.171.119192.168.2.4
                                                                                            Jan 10, 2024 15:14:11.300504923 CET14402497373.68.171.119192.168.2.4
                                                                                            Jan 10, 2024 15:14:13.216320992 CET4973814402192.168.2.43.66.38.117
                                                                                            Jan 10, 2024 15:14:13.395160913 CET14402497383.66.38.117192.168.2.4
                                                                                            Jan 10, 2024 15:14:13.395276070 CET4973814402192.168.2.43.66.38.117
                                                                                            Jan 10, 2024 15:14:13.439791918 CET4973814402192.168.2.43.66.38.117
                                                                                            Jan 10, 2024 15:14:13.618525028 CET14402497383.66.38.117192.168.2.4
                                                                                            Jan 10, 2024 15:14:13.618660927 CET4973814402192.168.2.43.66.38.117
                                                                                            Jan 10, 2024 15:14:13.797374010 CET14402497383.66.38.117192.168.2.4
                                                                                            Jan 10, 2024 15:14:13.797481060 CET4973814402192.168.2.43.66.38.117
                                                                                            Jan 10, 2024 15:14:13.976162910 CET14402497383.66.38.117192.168.2.4
                                                                                            Jan 10, 2024 15:14:13.976278067 CET4973814402192.168.2.43.66.38.117
                                                                                            Jan 10, 2024 15:14:14.155035973 CET14402497383.66.38.117192.168.2.4
                                                                                            Jan 10, 2024 15:14:14.155128002 CET4973814402192.168.2.43.66.38.117
                                                                                            Jan 10, 2024 15:14:14.334060907 CET14402497383.66.38.117192.168.2.4
                                                                                            Jan 10, 2024 15:14:14.334175110 CET4973814402192.168.2.43.66.38.117
                                                                                            Jan 10, 2024 15:14:14.512918949 CET14402497383.66.38.117192.168.2.4
                                                                                            Jan 10, 2024 15:14:14.513201952 CET4973814402192.168.2.43.66.38.117
                                                                                            Jan 10, 2024 15:14:14.691998005 CET14402497383.66.38.117192.168.2.4
                                                                                            Jan 10, 2024 15:14:14.692090988 CET4973814402192.168.2.43.66.38.117
                                                                                            Jan 10, 2024 15:14:14.870763063 CET14402497383.66.38.117192.168.2.4
                                                                                            Jan 10, 2024 15:14:14.870881081 CET4973814402192.168.2.43.66.38.117
                                                                                            Jan 10, 2024 15:14:15.050153971 CET14402497383.66.38.117192.168.2.4
                                                                                            Jan 10, 2024 15:14:15.050241947 CET4973814402192.168.2.43.66.38.117
                                                                                            Jan 10, 2024 15:14:15.228948116 CET14402497383.66.38.117192.168.2.4
                                                                                            Jan 10, 2024 15:14:15.229021072 CET4973814402192.168.2.43.66.38.117
                                                                                            Jan 10, 2024 15:14:15.408956051 CET14402497383.66.38.117192.168.2.4
                                                                                            Jan 10, 2024 15:14:15.409054995 CET4973814402192.168.2.43.66.38.117
                                                                                            Jan 10, 2024 15:14:15.587770939 CET14402497383.66.38.117192.168.2.4
                                                                                            Jan 10, 2024 15:14:15.587873936 CET4973814402192.168.2.43.66.38.117
                                                                                            Jan 10, 2024 15:14:15.766525030 CET14402497383.66.38.117192.168.2.4
                                                                                            Jan 10, 2024 15:14:15.766621113 CET4973814402192.168.2.43.66.38.117
                                                                                            Jan 10, 2024 15:14:15.945306063 CET14402497383.66.38.117192.168.2.4
                                                                                            Jan 10, 2024 15:14:15.945385933 CET4973814402192.168.2.43.66.38.117
                                                                                            Jan 10, 2024 15:14:16.124252081 CET14402497383.66.38.117192.168.2.4
                                                                                            Jan 10, 2024 15:14:18.033493042 CET4973814402192.168.2.43.66.38.117
                                                                                            Jan 10, 2024 15:14:18.212363005 CET14402497383.66.38.117192.168.2.4
                                                                                            Jan 10, 2024 15:14:18.212626934 CET4973814402192.168.2.43.66.38.117
                                                                                            Jan 10, 2024 15:14:18.392405987 CET14402497383.66.38.117192.168.2.4
                                                                                            Jan 10, 2024 15:14:18.392551899 CET4973814402192.168.2.43.66.38.117
                                                                                            Jan 10, 2024 15:14:18.571723938 CET14402497383.66.38.117192.168.2.4
                                                                                            Jan 10, 2024 15:14:18.571923971 CET4973814402192.168.2.43.66.38.117
                                                                                            Jan 10, 2024 15:14:18.750714064 CET14402497383.66.38.117192.168.2.4
                                                                                            Jan 10, 2024 15:14:18.750835896 CET4973814402192.168.2.43.66.38.117
                                                                                            Jan 10, 2024 15:14:18.929940939 CET14402497383.66.38.117192.168.2.4
                                                                                            Jan 10, 2024 15:14:18.930021048 CET4973814402192.168.2.43.66.38.117
                                                                                            Jan 10, 2024 15:14:19.109668970 CET14402497383.66.38.117192.168.2.4
                                                                                            Jan 10, 2024 15:14:19.109749079 CET4973814402192.168.2.43.66.38.117
                                                                                            Jan 10, 2024 15:14:19.288466930 CET14402497383.66.38.117192.168.2.4
                                                                                            Jan 10, 2024 15:14:19.288644075 CET4973814402192.168.2.43.66.38.117
                                                                                            Jan 10, 2024 15:14:19.467340946 CET14402497383.66.38.117192.168.2.4
                                                                                            Jan 10, 2024 15:14:19.467441082 CET4973814402192.168.2.43.66.38.117
                                                                                            Jan 10, 2024 15:14:19.646222115 CET14402497383.66.38.117192.168.2.4
                                                                                            Jan 10, 2024 15:14:19.646398067 CET4973814402192.168.2.43.66.38.117
                                                                                            Jan 10, 2024 15:14:19.825303078 CET14402497383.66.38.117192.168.2.4
                                                                                            Jan 10, 2024 15:14:19.825417995 CET4973814402192.168.2.43.66.38.117
                                                                                            Jan 10, 2024 15:14:20.004347086 CET14402497383.66.38.117192.168.2.4
                                                                                            Jan 10, 2024 15:14:20.004448891 CET4973814402192.168.2.43.66.38.117
                                                                                            Jan 10, 2024 15:14:20.183171034 CET14402497383.66.38.117192.168.2.4
                                                                                            Jan 10, 2024 15:14:20.183383942 CET4973814402192.168.2.43.66.38.117
                                                                                            Jan 10, 2024 15:14:20.362442017 CET14402497383.66.38.117192.168.2.4
                                                                                            Jan 10, 2024 15:14:20.362535000 CET4973814402192.168.2.43.66.38.117
                                                                                            Jan 10, 2024 15:14:20.541383028 CET14402497383.66.38.117192.168.2.4
                                                                                            Jan 10, 2024 15:14:20.541599989 CET4973814402192.168.2.43.66.38.117
                                                                                            Jan 10, 2024 15:14:20.720442057 CET14402497383.66.38.117192.168.2.4
                                                                                            Jan 10, 2024 15:14:20.720550060 CET4973814402192.168.2.43.66.38.117
                                                                                            Jan 10, 2024 15:14:20.899719954 CET14402497383.66.38.117192.168.2.4
                                                                                            Jan 10, 2024 15:14:20.899823904 CET4973814402192.168.2.43.66.38.117
                                                                                            Jan 10, 2024 15:14:21.078869104 CET14402497383.66.38.117192.168.2.4
                                                                                            Jan 10, 2024 15:14:21.078974009 CET4973814402192.168.2.43.66.38.117
                                                                                            Jan 10, 2024 15:14:21.258147001 CET14402497383.66.38.117192.168.2.4
                                                                                            Jan 10, 2024 15:14:21.258264065 CET4973814402192.168.2.43.66.38.117
                                                                                            Jan 10, 2024 15:14:21.437674046 CET14402497383.66.38.117192.168.2.4
                                                                                            Jan 10, 2024 15:14:21.437820911 CET4973814402192.168.2.43.66.38.117
                                                                                            Jan 10, 2024 15:14:21.616791010 CET14402497383.66.38.117192.168.2.4
                                                                                            Jan 10, 2024 15:14:21.616909027 CET4973814402192.168.2.43.66.38.117
                                                                                            Jan 10, 2024 15:14:21.796248913 CET14402497383.66.38.117192.168.2.4
                                                                                            Jan 10, 2024 15:14:21.796349049 CET4973814402192.168.2.43.66.38.117
                                                                                            Jan 10, 2024 15:14:21.975366116 CET14402497383.66.38.117192.168.2.4
                                                                                            Jan 10, 2024 15:14:21.975460052 CET4973814402192.168.2.43.66.38.117
                                                                                            Jan 10, 2024 15:14:22.154561996 CET14402497383.66.38.117192.168.2.4
                                                                                            Jan 10, 2024 15:14:22.154676914 CET4973814402192.168.2.43.66.38.117
                                                                                            Jan 10, 2024 15:14:22.334568024 CET14402497383.66.38.117192.168.2.4
                                                                                            Jan 10, 2024 15:14:22.334685087 CET4973814402192.168.2.43.66.38.117
                                                                                            Jan 10, 2024 15:14:22.513933897 CET14402497383.66.38.117192.168.2.4
                                                                                            Jan 10, 2024 15:14:22.514003992 CET4973814402192.168.2.43.66.38.117
                                                                                            Jan 10, 2024 15:14:22.695650101 CET14402497383.66.38.117192.168.2.4
                                                                                            Jan 10, 2024 15:14:22.695735931 CET4973814402192.168.2.43.66.38.117
                                                                                            Jan 10, 2024 15:14:22.874491930 CET14402497383.66.38.117192.168.2.4
                                                                                            Jan 10, 2024 15:14:22.874607086 CET4973814402192.168.2.43.66.38.117
                                                                                            Jan 10, 2024 15:14:23.053497076 CET14402497383.66.38.117192.168.2.4
                                                                                            Jan 10, 2024 15:14:23.053685904 CET4973814402192.168.2.43.66.38.117
                                                                                            Jan 10, 2024 15:14:23.232981920 CET14402497383.66.38.117192.168.2.4
                                                                                            Jan 10, 2024 15:14:23.233066082 CET4973814402192.168.2.43.66.38.117
                                                                                            Jan 10, 2024 15:14:23.412082911 CET14402497383.66.38.117192.168.2.4
                                                                                            Jan 10, 2024 15:14:23.412261963 CET4973814402192.168.2.43.66.38.117
                                                                                            Jan 10, 2024 15:14:23.591264963 CET14402497383.66.38.117192.168.2.4
                                                                                            Jan 10, 2024 15:14:23.591459990 CET4973814402192.168.2.43.66.38.117
                                                                                            Jan 10, 2024 15:14:23.771740913 CET14402497383.66.38.117192.168.2.4
                                                                                            Jan 10, 2024 15:14:23.771815062 CET4973814402192.168.2.43.66.38.117
                                                                                            Jan 10, 2024 15:14:23.950539112 CET14402497383.66.38.117192.168.2.4
                                                                                            Jan 10, 2024 15:14:23.950706005 CET4973814402192.168.2.43.66.38.117
                                                                                            Jan 10, 2024 15:14:24.130086899 CET14402497383.66.38.117192.168.2.4
                                                                                            Jan 10, 2024 15:14:24.130182981 CET4973814402192.168.2.43.66.38.117
                                                                                            Jan 10, 2024 15:14:24.309956074 CET14402497383.66.38.117192.168.2.4
                                                                                            Jan 10, 2024 15:14:24.310074091 CET4973814402192.168.2.43.66.38.117
                                                                                            Jan 10, 2024 15:14:24.488974094 CET14402497383.66.38.117192.168.2.4
                                                                                            Jan 10, 2024 15:14:24.489065886 CET4973814402192.168.2.43.66.38.117
                                                                                            Jan 10, 2024 15:14:24.667891979 CET14402497383.66.38.117192.168.2.4
                                                                                            Jan 10, 2024 15:14:24.667999029 CET4973814402192.168.2.43.66.38.117
                                                                                            Jan 10, 2024 15:14:24.847759008 CET14402497383.66.38.117192.168.2.4
                                                                                            Jan 10, 2024 15:14:24.847901106 CET4973814402192.168.2.43.66.38.117
                                                                                            Jan 10, 2024 15:14:25.026654959 CET14402497383.66.38.117192.168.2.4
                                                                                            Jan 10, 2024 15:14:25.026768923 CET4973814402192.168.2.43.66.38.117
                                                                                            Jan 10, 2024 15:14:25.205462933 CET14402497383.66.38.117192.168.2.4
                                                                                            Jan 10, 2024 15:14:25.205538988 CET4973814402192.168.2.43.66.38.117
                                                                                            Jan 10, 2024 15:14:25.384303093 CET14402497383.66.38.117192.168.2.4
                                                                                            Jan 10, 2024 15:14:25.384377956 CET4973814402192.168.2.43.66.38.117
                                                                                            Jan 10, 2024 15:14:25.563218117 CET14402497383.66.38.117192.168.2.4
                                                                                            Jan 10, 2024 15:14:25.563316107 CET4973814402192.168.2.43.66.38.117
                                                                                            Jan 10, 2024 15:14:25.742386103 CET14402497383.66.38.117192.168.2.4
                                                                                            Jan 10, 2024 15:14:25.744931936 CET4973814402192.168.2.43.66.38.117
                                                                                            Jan 10, 2024 15:14:25.923784018 CET14402497383.66.38.117192.168.2.4
                                                                                            Jan 10, 2024 15:14:25.926413059 CET4973814402192.168.2.43.66.38.117
                                                                                            Jan 10, 2024 15:14:26.105424881 CET14402497383.66.38.117192.168.2.4
                                                                                            Jan 10, 2024 15:14:26.105504990 CET4973814402192.168.2.43.66.38.117
                                                                                            Jan 10, 2024 15:14:26.285978079 CET14402497383.66.38.117192.168.2.4
                                                                                            Jan 10, 2024 15:14:26.288626909 CET4973814402192.168.2.43.66.38.117
                                                                                            Jan 10, 2024 15:14:26.467731953 CET14402497383.66.38.117192.168.2.4
                                                                                            Jan 10, 2024 15:14:26.467890024 CET4973814402192.168.2.43.66.38.117
                                                                                            Jan 10, 2024 15:14:26.646950006 CET14402497383.66.38.117192.168.2.4
                                                                                            Jan 10, 2024 15:14:26.647042036 CET4973814402192.168.2.43.66.38.117
                                                                                            Jan 10, 2024 15:14:26.826195002 CET14402497383.66.38.117192.168.2.4
                                                                                            Jan 10, 2024 15:14:26.826319933 CET4973814402192.168.2.43.66.38.117
                                                                                            Jan 10, 2024 15:14:27.005439043 CET14402497383.66.38.117192.168.2.4
                                                                                            Jan 10, 2024 15:14:27.005578995 CET4973814402192.168.2.43.66.38.117
                                                                                            Jan 10, 2024 15:14:27.184746027 CET14402497383.66.38.117192.168.2.4
                                                                                            Jan 10, 2024 15:14:27.184889078 CET4973814402192.168.2.43.66.38.117
                                                                                            Jan 10, 2024 15:14:27.364150047 CET14402497383.66.38.117192.168.2.4
                                                                                            Jan 10, 2024 15:14:27.364257097 CET4973814402192.168.2.43.66.38.117
                                                                                            Jan 10, 2024 15:14:27.543662071 CET14402497383.66.38.117192.168.2.4
                                                                                            Jan 10, 2024 15:14:27.543773890 CET4973814402192.168.2.43.66.38.117
                                                                                            Jan 10, 2024 15:14:27.722800970 CET14402497383.66.38.117192.168.2.4
                                                                                            Jan 10, 2024 15:14:27.722995043 CET4973814402192.168.2.43.66.38.117
                                                                                            Jan 10, 2024 15:14:27.902069092 CET14402497383.66.38.117192.168.2.4
                                                                                            Jan 10, 2024 15:14:27.902267933 CET4973814402192.168.2.43.66.38.117
                                                                                            Jan 10, 2024 15:14:28.081538916 CET14402497383.66.38.117192.168.2.4
                                                                                            Jan 10, 2024 15:14:28.081619024 CET4973814402192.168.2.43.66.38.117
                                                                                            Jan 10, 2024 15:14:28.260411978 CET14402497383.66.38.117192.168.2.4
                                                                                            Jan 10, 2024 15:14:28.260648966 CET4973814402192.168.2.43.66.38.117
                                                                                            Jan 10, 2024 15:14:28.439582109 CET14402497383.66.38.117192.168.2.4
                                                                                            Jan 10, 2024 15:14:28.439769030 CET4973814402192.168.2.43.66.38.117
                                                                                            Jan 10, 2024 15:14:28.619004011 CET14402497383.66.38.117192.168.2.4
                                                                                            Jan 10, 2024 15:14:28.619122982 CET4973814402192.168.2.43.66.38.117
                                                                                            Jan 10, 2024 15:14:28.798207045 CET14402497383.66.38.117192.168.2.4
                                                                                            Jan 10, 2024 15:14:28.798336983 CET4973814402192.168.2.43.66.38.117
                                                                                            Jan 10, 2024 15:14:28.977164984 CET14402497383.66.38.117192.168.2.4
                                                                                            Jan 10, 2024 15:14:28.977251053 CET4973814402192.168.2.43.66.38.117
                                                                                            Jan 10, 2024 15:14:29.156626940 CET14402497383.66.38.117192.168.2.4
                                                                                            Jan 10, 2024 15:14:29.156778097 CET4973814402192.168.2.43.66.38.117
                                                                                            Jan 10, 2024 15:14:29.336642027 CET14402497383.66.38.117192.168.2.4
                                                                                            Jan 10, 2024 15:14:29.336767912 CET4973814402192.168.2.43.66.38.117
                                                                                            Jan 10, 2024 15:14:29.515599012 CET14402497383.66.38.117192.168.2.4
                                                                                            Jan 10, 2024 15:14:29.515692949 CET4973814402192.168.2.43.66.38.117
                                                                                            Jan 10, 2024 15:14:29.694535971 CET14402497383.66.38.117192.168.2.4
                                                                                            Jan 10, 2024 15:14:29.694616079 CET4973814402192.168.2.43.66.38.117
                                                                                            Jan 10, 2024 15:14:29.873514891 CET14402497383.66.38.117192.168.2.4
                                                                                            Jan 10, 2024 15:14:29.873614073 CET4973814402192.168.2.43.66.38.117
                                                                                            Jan 10, 2024 15:14:30.052527905 CET14402497383.66.38.117192.168.2.4
                                                                                            Jan 10, 2024 15:14:30.052620888 CET4973814402192.168.2.43.66.38.117
                                                                                            Jan 10, 2024 15:14:30.232424021 CET14402497383.66.38.117192.168.2.4
                                                                                            Jan 10, 2024 15:14:30.232541084 CET4973814402192.168.2.43.66.38.117
                                                                                            Jan 10, 2024 15:14:30.412086964 CET14402497383.66.38.117192.168.2.4
                                                                                            Jan 10, 2024 15:14:30.412195921 CET4973814402192.168.2.43.66.38.117
                                                                                            Jan 10, 2024 15:14:30.591111898 CET14402497383.66.38.117192.168.2.4
                                                                                            Jan 10, 2024 15:14:30.591291904 CET4973814402192.168.2.43.66.38.117
                                                                                            Jan 10, 2024 15:14:30.770498991 CET14402497383.66.38.117192.168.2.4
                                                                                            Jan 10, 2024 15:14:30.770616055 CET4973814402192.168.2.43.66.38.117
                                                                                            Jan 10, 2024 15:14:30.950196981 CET14402497383.66.38.117192.168.2.4
                                                                                            Jan 10, 2024 15:14:30.950421095 CET4973814402192.168.2.43.66.38.117
                                                                                            Jan 10, 2024 15:14:31.129582882 CET14402497383.66.38.117192.168.2.4
                                                                                            Jan 10, 2024 15:14:31.129705906 CET4973814402192.168.2.43.66.38.117
                                                                                            Jan 10, 2024 15:14:31.309909105 CET14402497383.66.38.117192.168.2.4
                                                                                            Jan 10, 2024 15:14:31.310010910 CET4973814402192.168.2.43.66.38.117
                                                                                            Jan 10, 2024 15:14:31.489438057 CET14402497383.66.38.117192.168.2.4
                                                                                            Jan 10, 2024 15:14:31.489546061 CET4973814402192.168.2.43.66.38.117
                                                                                            Jan 10, 2024 15:14:31.668931961 CET14402497383.66.38.117192.168.2.4
                                                                                            Jan 10, 2024 15:14:31.669114113 CET4973814402192.168.2.43.66.38.117
                                                                                            Jan 10, 2024 15:14:31.848829031 CET14402497383.66.38.117192.168.2.4
                                                                                            Jan 10, 2024 15:14:31.849020958 CET4973814402192.168.2.43.66.38.117
                                                                                            Jan 10, 2024 15:14:32.028110981 CET14402497383.66.38.117192.168.2.4
                                                                                            Jan 10, 2024 15:14:32.028201103 CET4973814402192.168.2.43.66.38.117
                                                                                            Jan 10, 2024 15:14:32.208161116 CET14402497383.66.38.117192.168.2.4
                                                                                            Jan 10, 2024 15:14:32.208472967 CET4973814402192.168.2.43.66.38.117
                                                                                            Jan 10, 2024 15:14:32.389024973 CET14402497383.66.38.117192.168.2.4
                                                                                            Jan 10, 2024 15:14:32.389115095 CET4973814402192.168.2.43.66.38.117
                                                                                            Jan 10, 2024 15:14:32.568183899 CET14402497383.66.38.117192.168.2.4
                                                                                            Jan 10, 2024 15:14:32.568289995 CET4973814402192.168.2.43.66.38.117
                                                                                            Jan 10, 2024 15:14:32.747478962 CET14402497383.66.38.117192.168.2.4
                                                                                            Jan 10, 2024 15:14:32.747572899 CET4973814402192.168.2.43.66.38.117
                                                                                            Jan 10, 2024 15:14:32.926700115 CET14402497383.66.38.117192.168.2.4
                                                                                            Jan 10, 2024 15:14:32.926800013 CET4973814402192.168.2.43.66.38.117
                                                                                            Jan 10, 2024 15:14:33.105993032 CET14402497383.66.38.117192.168.2.4
                                                                                            Jan 10, 2024 15:14:33.106152058 CET4973814402192.168.2.43.66.38.117
                                                                                            Jan 10, 2024 15:14:33.285079956 CET14402497383.66.38.117192.168.2.4
                                                                                            Jan 10, 2024 15:14:33.285185099 CET4973814402192.168.2.43.66.38.117
                                                                                            Jan 10, 2024 15:14:33.463968039 CET14402497383.66.38.117192.168.2.4
                                                                                            Jan 10, 2024 15:14:33.722616911 CET4973814402192.168.2.43.66.38.117
                                                                                            Jan 10, 2024 15:14:33.901540995 CET14402497383.66.38.117192.168.2.4
                                                                                            Jan 10, 2024 15:14:33.901657104 CET4973814402192.168.2.43.66.38.117
                                                                                            Jan 10, 2024 15:14:34.080503941 CET14402497383.66.38.117192.168.2.4
                                                                                            Jan 10, 2024 15:14:35.478859901 CET4973814402192.168.2.43.66.38.117
                                                                                            Jan 10, 2024 15:14:35.657675028 CET14402497383.66.38.117192.168.2.4
                                                                                            Jan 10, 2024 15:14:35.657776117 CET4973814402192.168.2.43.66.38.117
                                                                                            Jan 10, 2024 15:14:35.837178946 CET14402497383.66.38.117192.168.2.4
                                                                                            Jan 10, 2024 15:14:35.837364912 CET4973814402192.168.2.43.66.38.117
                                                                                            Jan 10, 2024 15:14:36.017931938 CET14402497383.66.38.117192.168.2.4
                                                                                            Jan 10, 2024 15:14:36.018007040 CET4973814402192.168.2.43.66.38.117
                                                                                            Jan 10, 2024 15:14:36.196959019 CET14402497383.66.38.117192.168.2.4
                                                                                            Jan 10, 2024 15:14:36.197068930 CET4973814402192.168.2.43.66.38.117
                                                                                            Jan 10, 2024 15:14:36.376066923 CET14402497383.66.38.117192.168.2.4
                                                                                            Jan 10, 2024 15:14:36.376173973 CET4973814402192.168.2.43.66.38.117
                                                                                            Jan 10, 2024 15:14:36.554956913 CET14402497383.66.38.117192.168.2.4
                                                                                            Jan 10, 2024 15:14:36.555085897 CET4973814402192.168.2.43.66.38.117
                                                                                            Jan 10, 2024 15:14:36.734503984 CET14402497383.66.38.117192.168.2.4
                                                                                            Jan 10, 2024 15:14:36.734592915 CET4973814402192.168.2.43.66.38.117
                                                                                            Jan 10, 2024 15:14:36.913369894 CET14402497383.66.38.117192.168.2.4
                                                                                            Jan 10, 2024 15:14:36.913539886 CET4973814402192.168.2.43.66.38.117
                                                                                            Jan 10, 2024 15:14:37.092509031 CET14402497383.66.38.117192.168.2.4
                                                                                            Jan 10, 2024 15:14:37.092684984 CET4973814402192.168.2.43.66.38.117
                                                                                            Jan 10, 2024 15:14:37.272702932 CET14402497383.66.38.117192.168.2.4
                                                                                            Jan 10, 2024 15:14:37.272888899 CET4973814402192.168.2.43.66.38.117
                                                                                            Jan 10, 2024 15:14:37.451950073 CET14402497383.66.38.117192.168.2.4
                                                                                            Jan 10, 2024 15:14:37.452033043 CET4973814402192.168.2.43.66.38.117
                                                                                            Jan 10, 2024 15:14:37.630925894 CET14402497383.66.38.117192.168.2.4
                                                                                            Jan 10, 2024 15:14:37.631014109 CET4973814402192.168.2.43.66.38.117
                                                                                            Jan 10, 2024 15:14:37.809989929 CET14402497383.66.38.117192.168.2.4
                                                                                            Jan 10, 2024 15:14:37.810071945 CET4973814402192.168.2.43.66.38.117
                                                                                            Jan 10, 2024 15:14:37.988924026 CET14402497383.66.38.117192.168.2.4
                                                                                            Jan 10, 2024 15:14:37.989012957 CET4973814402192.168.2.43.66.38.117
                                                                                            Jan 10, 2024 15:14:38.167937994 CET14402497383.66.38.117192.168.2.4
                                                                                            Jan 10, 2024 15:14:38.168054104 CET4973814402192.168.2.43.66.38.117
                                                                                            Jan 10, 2024 15:14:38.347070932 CET14402497383.66.38.117192.168.2.4
                                                                                            Jan 10, 2024 15:14:38.347172022 CET4973814402192.168.2.43.66.38.117
                                                                                            Jan 10, 2024 15:14:38.526040077 CET14402497383.66.38.117192.168.2.4
                                                                                            Jan 10, 2024 15:14:38.526246071 CET4973814402192.168.2.43.66.38.117
                                                                                            Jan 10, 2024 15:14:38.705526114 CET14402497383.66.38.117192.168.2.4
                                                                                            Jan 10, 2024 15:14:38.705638885 CET4973814402192.168.2.43.66.38.117
                                                                                            Jan 10, 2024 15:14:38.884905100 CET14402497383.66.38.117192.168.2.4
                                                                                            Jan 10, 2024 15:14:38.884982109 CET4973814402192.168.2.43.66.38.117
                                                                                            Jan 10, 2024 15:14:39.064143896 CET14402497383.66.38.117192.168.2.4
                                                                                            Jan 10, 2024 15:14:39.064254999 CET4973814402192.168.2.43.66.38.117
                                                                                            Jan 10, 2024 15:14:39.243048906 CET14402497383.66.38.117192.168.2.4
                                                                                            Jan 10, 2024 15:14:39.243244886 CET4973814402192.168.2.43.66.38.117
                                                                                            Jan 10, 2024 15:14:39.423561096 CET14402497383.66.38.117192.168.2.4
                                                                                            Jan 10, 2024 15:14:39.423739910 CET4973814402192.168.2.43.66.38.117
                                                                                            Jan 10, 2024 15:14:39.602504015 CET14402497383.66.38.117192.168.2.4
                                                                                            Jan 10, 2024 15:14:39.602669954 CET4973814402192.168.2.43.66.38.117
                                                                                            Jan 10, 2024 15:14:39.781810999 CET14402497383.66.38.117192.168.2.4
                                                                                            Jan 10, 2024 15:14:39.781913996 CET4973814402192.168.2.43.66.38.117
                                                                                            Jan 10, 2024 15:14:39.960628033 CET14402497383.66.38.117192.168.2.4
                                                                                            Jan 10, 2024 15:14:39.960716009 CET4973814402192.168.2.43.66.38.117
                                                                                            Jan 10, 2024 15:14:40.139535904 CET14402497383.66.38.117192.168.2.4
                                                                                            Jan 10, 2024 15:14:40.139673948 CET4973814402192.168.2.43.66.38.117
                                                                                            Jan 10, 2024 15:14:40.318485022 CET14402497383.66.38.117192.168.2.4
                                                                                            Jan 10, 2024 15:14:40.318811893 CET4973814402192.168.2.43.66.38.117
                                                                                            Jan 10, 2024 15:14:40.497818947 CET14402497383.66.38.117192.168.2.4
                                                                                            Jan 10, 2024 15:14:40.497932911 CET4973814402192.168.2.43.66.38.117
                                                                                            Jan 10, 2024 15:14:40.677524090 CET14402497383.66.38.117192.168.2.4
                                                                                            Jan 10, 2024 15:14:40.677627087 CET4973814402192.168.2.43.66.38.117
                                                                                            Jan 10, 2024 15:14:40.857878923 CET14402497383.66.38.117192.168.2.4
                                                                                            Jan 10, 2024 15:14:40.858071089 CET4973814402192.168.2.43.66.38.117
                                                                                            Jan 10, 2024 15:14:41.037287951 CET14402497383.66.38.117192.168.2.4
                                                                                            Jan 10, 2024 15:14:41.037440062 CET4973814402192.168.2.43.66.38.117
                                                                                            Jan 10, 2024 15:14:41.217384100 CET14402497383.66.38.117192.168.2.4
                                                                                            Jan 10, 2024 15:14:41.217576981 CET4973814402192.168.2.43.66.38.117
                                                                                            Jan 10, 2024 15:14:41.396555901 CET14402497383.66.38.117192.168.2.4
                                                                                            Jan 10, 2024 15:14:41.396646976 CET4973814402192.168.2.43.66.38.117
                                                                                            Jan 10, 2024 15:14:41.576015949 CET14402497383.66.38.117192.168.2.4
                                                                                            Jan 10, 2024 15:14:41.576190948 CET4973814402192.168.2.43.66.38.117
                                                                                            Jan 10, 2024 15:14:41.755198956 CET14402497383.66.38.117192.168.2.4
                                                                                            Jan 10, 2024 15:14:41.755279064 CET4973814402192.168.2.43.66.38.117
                                                                                            Jan 10, 2024 15:14:41.934652090 CET14402497383.66.38.117192.168.2.4
                                                                                            Jan 10, 2024 15:14:41.934773922 CET4973814402192.168.2.43.66.38.117
                                                                                            Jan 10, 2024 15:14:42.114171982 CET14402497383.66.38.117192.168.2.4
                                                                                            Jan 10, 2024 15:14:42.114270926 CET4973814402192.168.2.43.66.38.117
                                                                                            Jan 10, 2024 15:14:42.293106079 CET14402497383.66.38.117192.168.2.4
                                                                                            Jan 10, 2024 15:14:42.293195963 CET4973814402192.168.2.43.66.38.117
                                                                                            Jan 10, 2024 15:14:42.472413063 CET14402497383.66.38.117192.168.2.4
                                                                                            Jan 10, 2024 15:14:42.472512960 CET4973814402192.168.2.43.66.38.117
                                                                                            Jan 10, 2024 15:14:42.651335955 CET14402497383.66.38.117192.168.2.4
                                                                                            Jan 10, 2024 15:14:42.651480913 CET4973814402192.168.2.43.66.38.117
                                                                                            Jan 10, 2024 15:14:42.830085993 CET14402497383.66.38.117192.168.2.4
                                                                                            Jan 10, 2024 15:14:42.830204010 CET4973814402192.168.2.43.66.38.117
                                                                                            Jan 10, 2024 15:14:43.009186983 CET14402497383.66.38.117192.168.2.4
                                                                                            Jan 10, 2024 15:14:43.009331942 CET4973814402192.168.2.43.66.38.117
                                                                                            Jan 10, 2024 15:14:43.188333988 CET14402497383.66.38.117192.168.2.4
                                                                                            Jan 10, 2024 15:14:43.188419104 CET4973814402192.168.2.43.66.38.117
                                                                                            Jan 10, 2024 15:14:43.367856026 CET14402497383.66.38.117192.168.2.4
                                                                                            Jan 10, 2024 15:14:43.367968082 CET4973814402192.168.2.43.66.38.117
                                                                                            Jan 10, 2024 15:14:43.546767950 CET14402497383.66.38.117192.168.2.4
                                                                                            Jan 10, 2024 15:14:43.546866894 CET4973814402192.168.2.43.66.38.117
                                                                                            Jan 10, 2024 15:14:43.725718021 CET14402497383.66.38.117192.168.2.4
                                                                                            Jan 10, 2024 15:14:43.725936890 CET4973814402192.168.2.43.66.38.117
                                                                                            Jan 10, 2024 15:14:43.905213118 CET14402497383.66.38.117192.168.2.4
                                                                                            Jan 10, 2024 15:14:43.905330896 CET4973814402192.168.2.43.66.38.117
                                                                                            Jan 10, 2024 15:14:44.084295034 CET14402497383.66.38.117192.168.2.4
                                                                                            Jan 10, 2024 15:14:44.084434032 CET4973814402192.168.2.43.66.38.117
                                                                                            Jan 10, 2024 15:14:44.263427019 CET14402497383.66.38.117192.168.2.4
                                                                                            Jan 10, 2024 15:14:44.263540983 CET4973814402192.168.2.43.66.38.117
                                                                                            Jan 10, 2024 15:14:44.442521095 CET14402497383.66.38.117192.168.2.4
                                                                                            Jan 10, 2024 15:14:44.442615986 CET4973814402192.168.2.43.66.38.117
                                                                                            Jan 10, 2024 15:14:44.621471882 CET14402497383.66.38.117192.168.2.4
                                                                                            Jan 10, 2024 15:14:44.621555090 CET4973814402192.168.2.43.66.38.117
                                                                                            Jan 10, 2024 15:14:44.800575972 CET14402497383.66.38.117192.168.2.4
                                                                                            Jan 10, 2024 15:14:44.800789118 CET4973814402192.168.2.43.66.38.117
                                                                                            Jan 10, 2024 15:14:44.980218887 CET14402497383.66.38.117192.168.2.4
                                                                                            Jan 10, 2024 15:14:44.980432034 CET4973814402192.168.2.43.66.38.117
                                                                                            Jan 10, 2024 15:14:45.159472942 CET14402497383.66.38.117192.168.2.4
                                                                                            Jan 10, 2024 15:14:45.159569979 CET4973814402192.168.2.43.66.38.117
                                                                                            Jan 10, 2024 15:14:45.338705063 CET14402497383.66.38.117192.168.2.4
                                                                                            Jan 10, 2024 15:14:45.338808060 CET4973814402192.168.2.43.66.38.117
                                                                                            Jan 10, 2024 15:14:45.517792940 CET14402497383.66.38.117192.168.2.4
                                                                                            Jan 10, 2024 15:14:45.517915010 CET4973814402192.168.2.43.66.38.117
                                                                                            Jan 10, 2024 15:14:45.696858883 CET14402497383.66.38.117192.168.2.4
                                                                                            Jan 10, 2024 15:14:45.696935892 CET4973814402192.168.2.43.66.38.117
                                                                                            Jan 10, 2024 15:14:45.875888109 CET14402497383.66.38.117192.168.2.4
                                                                                            Jan 10, 2024 15:14:45.876091957 CET4973814402192.168.2.43.66.38.117
                                                                                            Jan 10, 2024 15:14:46.055016041 CET14402497383.66.38.117192.168.2.4
                                                                                            Jan 10, 2024 15:14:46.055135012 CET4973814402192.168.2.43.66.38.117
                                                                                            Jan 10, 2024 15:14:46.234191895 CET14402497383.66.38.117192.168.2.4
                                                                                            Jan 10, 2024 15:14:46.234530926 CET4973814402192.168.2.43.66.38.117
                                                                                            Jan 10, 2024 15:14:46.413666010 CET14402497383.66.38.117192.168.2.4
                                                                                            Jan 10, 2024 15:14:46.413887024 CET4973814402192.168.2.43.66.38.117
                                                                                            Jan 10, 2024 15:14:46.593983889 CET14402497383.66.38.117192.168.2.4
                                                                                            Jan 10, 2024 15:14:46.594093084 CET4973814402192.168.2.43.66.38.117
                                                                                            Jan 10, 2024 15:14:46.774512053 CET14402497383.66.38.117192.168.2.4
                                                                                            Jan 10, 2024 15:14:46.774899960 CET4973814402192.168.2.43.66.38.117
                                                                                            Jan 10, 2024 15:14:46.954070091 CET14402497383.66.38.117192.168.2.4
                                                                                            Jan 10, 2024 15:14:46.954171896 CET4973814402192.168.2.43.66.38.117
                                                                                            Jan 10, 2024 15:14:47.134033918 CET14402497383.66.38.117192.168.2.4
                                                                                            Jan 10, 2024 15:14:47.134474039 CET4973814402192.168.2.43.66.38.117
                                                                                            Jan 10, 2024 15:14:47.356276989 CET14402497383.66.38.117192.168.2.4
                                                                                            Jan 10, 2024 15:14:47.356391907 CET4973814402192.168.2.43.66.38.117
                                                                                            Jan 10, 2024 15:14:47.616287947 CET14402497383.66.38.117192.168.2.4
                                                                                            Jan 10, 2024 15:14:47.616406918 CET4973814402192.168.2.43.66.38.117
                                                                                            Jan 10, 2024 15:14:47.795216084 CET14402497383.66.38.117192.168.2.4
                                                                                            Jan 10, 2024 15:14:47.795403004 CET4973814402192.168.2.43.66.38.117
                                                                                            Jan 10, 2024 15:14:47.974298000 CET14402497383.66.38.117192.168.2.4
                                                                                            Jan 10, 2024 15:14:47.974468946 CET4973814402192.168.2.43.66.38.117
                                                                                            Jan 10, 2024 15:14:48.153265953 CET14402497383.66.38.117192.168.2.4
                                                                                            Jan 10, 2024 15:14:48.153482914 CET4973814402192.168.2.43.66.38.117
                                                                                            Jan 10, 2024 15:14:48.332578897 CET14402497383.66.38.117192.168.2.4
                                                                                            Jan 10, 2024 15:14:48.332801104 CET4973814402192.168.2.43.66.38.117
                                                                                            Jan 10, 2024 15:14:48.511893034 CET14402497383.66.38.117192.168.2.4
                                                                                            Jan 10, 2024 15:14:48.512001991 CET4973814402192.168.2.43.66.38.117
                                                                                            Jan 10, 2024 15:14:48.691654921 CET14402497383.66.38.117192.168.2.4
                                                                                            Jan 10, 2024 15:14:48.691837072 CET4973814402192.168.2.43.66.38.117
                                                                                            Jan 10, 2024 15:14:48.871239901 CET14402497383.66.38.117192.168.2.4
                                                                                            Jan 10, 2024 15:14:48.871397972 CET4973814402192.168.2.43.66.38.117
                                                                                            Jan 10, 2024 15:14:49.050998926 CET14402497383.66.38.117192.168.2.4
                                                                                            Jan 10, 2024 15:14:49.051299095 CET4973814402192.168.2.43.66.38.117
                                                                                            Jan 10, 2024 15:14:49.230384111 CET14402497383.66.38.117192.168.2.4
                                                                                            Jan 10, 2024 15:14:49.230676889 CET4973814402192.168.2.43.66.38.117
                                                                                            Jan 10, 2024 15:14:49.410082102 CET14402497383.66.38.117192.168.2.4
                                                                                            Jan 10, 2024 15:14:49.410375118 CET4973814402192.168.2.43.66.38.117
                                                                                            Jan 10, 2024 15:14:49.589447021 CET14402497383.66.38.117192.168.2.4
                                                                                            Jan 10, 2024 15:14:49.589643002 CET4973814402192.168.2.43.66.38.117
                                                                                            Jan 10, 2024 15:14:49.769248962 CET14402497383.66.38.117192.168.2.4
                                                                                            Jan 10, 2024 15:14:49.769324064 CET4973814402192.168.2.43.66.38.117
                                                                                            Jan 10, 2024 15:14:49.949752092 CET14402497383.66.38.117192.168.2.4
                                                                                            Jan 10, 2024 15:14:49.949841022 CET4973814402192.168.2.43.66.38.117
                                                                                            Jan 10, 2024 15:14:50.128880978 CET14402497383.66.38.117192.168.2.4
                                                                                            Jan 10, 2024 15:14:50.128969908 CET4973814402192.168.2.43.66.38.117
                                                                                            Jan 10, 2024 15:14:50.307935953 CET14402497383.66.38.117192.168.2.4
                                                                                            Jan 10, 2024 15:14:50.308001995 CET4973814402192.168.2.43.66.38.117
                                                                                            Jan 10, 2024 15:14:50.486989021 CET14402497383.66.38.117192.168.2.4
                                                                                            Jan 10, 2024 15:14:50.487051964 CET4973814402192.168.2.43.66.38.117
                                                                                            Jan 10, 2024 15:14:50.665968895 CET14402497383.66.38.117192.168.2.4
                                                                                            Jan 10, 2024 15:14:50.666414976 CET4973814402192.168.2.43.66.38.117
                                                                                            Jan 10, 2024 15:14:50.845179081 CET14402497383.66.38.117192.168.2.4
                                                                                            Jan 10, 2024 15:14:52.870600939 CET4973814402192.168.2.43.66.38.117
                                                                                            Jan 10, 2024 15:14:53.049518108 CET14402497383.66.38.117192.168.2.4
                                                                                            Jan 10, 2024 15:14:53.049612045 CET4973814402192.168.2.43.66.38.117
                                                                                            Jan 10, 2024 15:14:53.228758097 CET14402497383.66.38.117192.168.2.4
                                                                                            Jan 10, 2024 15:14:53.228880882 CET4973814402192.168.2.43.66.38.117
                                                                                            Jan 10, 2024 15:14:53.409694910 CET14402497383.66.38.117192.168.2.4
                                                                                            Jan 10, 2024 15:14:53.409820080 CET4973814402192.168.2.43.66.38.117
                                                                                            Jan 10, 2024 15:14:53.588752985 CET14402497383.66.38.117192.168.2.4
                                                                                            Jan 10, 2024 15:14:53.588963032 CET4973814402192.168.2.43.66.38.117
                                                                                            Jan 10, 2024 15:14:53.768050909 CET14402497383.66.38.117192.168.2.4
                                                                                            Jan 10, 2024 15:14:53.768188953 CET4973814402192.168.2.43.66.38.117
                                                                                            Jan 10, 2024 15:14:53.947676897 CET14402497383.66.38.117192.168.2.4
                                                                                            Jan 10, 2024 15:14:53.947877884 CET4973814402192.168.2.43.66.38.117
                                                                                            Jan 10, 2024 15:14:54.126808882 CET14402497383.66.38.117192.168.2.4
                                                                                            Jan 10, 2024 15:14:54.126950979 CET4973814402192.168.2.43.66.38.117
                                                                                            Jan 10, 2024 15:14:54.306627989 CET14402497383.66.38.117192.168.2.4
                                                                                            Jan 10, 2024 15:14:54.306783915 CET4973814402192.168.2.43.66.38.117
                                                                                            Jan 10, 2024 15:14:54.485795975 CET14402497383.66.38.117192.168.2.4
                                                                                            Jan 10, 2024 15:14:54.485934019 CET4973814402192.168.2.43.66.38.117
                                                                                            Jan 10, 2024 15:14:54.664881945 CET14402497383.66.38.117192.168.2.4
                                                                                            Jan 10, 2024 15:14:54.665010929 CET4973814402192.168.2.43.66.38.117
                                                                                            Jan 10, 2024 15:14:54.844517946 CET14402497383.66.38.117192.168.2.4
                                                                                            Jan 10, 2024 15:14:54.844646931 CET4973814402192.168.2.43.66.38.117
                                                                                            Jan 10, 2024 15:14:55.024924994 CET14402497383.66.38.117192.168.2.4
                                                                                            Jan 10, 2024 15:14:55.025177002 CET4973814402192.168.2.43.66.38.117
                                                                                            Jan 10, 2024 15:14:55.204108953 CET14402497383.66.38.117192.168.2.4
                                                                                            Jan 10, 2024 15:14:55.204189062 CET4973814402192.168.2.43.66.38.117
                                                                                            Jan 10, 2024 15:14:55.383234024 CET14402497383.66.38.117192.168.2.4
                                                                                            Jan 10, 2024 15:14:55.383574963 CET4973814402192.168.2.43.66.38.117
                                                                                            Jan 10, 2024 15:14:55.563417912 CET14402497383.66.38.117192.168.2.4
                                                                                            Jan 10, 2024 15:14:55.563529015 CET4973814402192.168.2.43.66.38.117
                                                                                            Jan 10, 2024 15:14:55.742927074 CET14402497383.66.38.117192.168.2.4
                                                                                            Jan 10, 2024 15:14:55.743016005 CET4973814402192.168.2.43.66.38.117
                                                                                            Jan 10, 2024 15:14:55.922410965 CET14402497383.66.38.117192.168.2.4
                                                                                            Jan 10, 2024 15:14:55.922523975 CET4973814402192.168.2.43.66.38.117
                                                                                            Jan 10, 2024 15:14:56.101660013 CET14402497383.66.38.117192.168.2.4
                                                                                            Jan 10, 2024 15:14:56.101824999 CET4973814402192.168.2.43.66.38.117
                                                                                            Jan 10, 2024 15:14:56.280769110 CET14402497383.66.38.117192.168.2.4
                                                                                            Jan 10, 2024 15:14:56.280924082 CET4973814402192.168.2.43.66.38.117
                                                                                            Jan 10, 2024 15:14:56.459805012 CET14402497383.66.38.117192.168.2.4
                                                                                            Jan 10, 2024 15:14:56.459935904 CET4973814402192.168.2.43.66.38.117
                                                                                            Jan 10, 2024 15:14:56.638932943 CET14402497383.66.38.117192.168.2.4
                                                                                            Jan 10, 2024 15:14:56.639054060 CET4973814402192.168.2.43.66.38.117
                                                                                            Jan 10, 2024 15:14:56.818156004 CET14402497383.66.38.117192.168.2.4
                                                                                            Jan 10, 2024 15:14:56.818339109 CET4973814402192.168.2.43.66.38.117
                                                                                            Jan 10, 2024 15:14:56.997230053 CET14402497383.66.38.117192.168.2.4
                                                                                            Jan 10, 2024 15:14:56.997355938 CET4973814402192.168.2.43.66.38.117
                                                                                            Jan 10, 2024 15:14:57.176239967 CET14402497383.66.38.117192.168.2.4
                                                                                            Jan 10, 2024 15:14:57.176434040 CET4973814402192.168.2.43.66.38.117
                                                                                            Jan 10, 2024 15:14:57.355565071 CET14402497383.66.38.117192.168.2.4
                                                                                            Jan 10, 2024 15:14:57.355669022 CET4973814402192.168.2.43.66.38.117
                                                                                            Jan 10, 2024 15:14:57.534545898 CET14402497383.66.38.117192.168.2.4
                                                                                            Jan 10, 2024 15:14:57.534660101 CET4973814402192.168.2.43.66.38.117
                                                                                            Jan 10, 2024 15:14:57.713449955 CET14402497383.66.38.117192.168.2.4
                                                                                            Jan 10, 2024 15:14:57.713582993 CET4973814402192.168.2.43.66.38.117
                                                                                            Jan 10, 2024 15:14:57.892422915 CET14402497383.66.38.117192.168.2.4
                                                                                            Jan 10, 2024 15:14:57.892520905 CET4973814402192.168.2.43.66.38.117
                                                                                            Jan 10, 2024 15:14:58.071315050 CET14402497383.66.38.117192.168.2.4
                                                                                            Jan 10, 2024 15:14:58.071433067 CET4973814402192.168.2.43.66.38.117
                                                                                            Jan 10, 2024 15:14:58.251483917 CET14402497383.66.38.117192.168.2.4
                                                                                            Jan 10, 2024 15:14:58.251647949 CET4973814402192.168.2.43.66.38.117
                                                                                            Jan 10, 2024 15:14:58.430721045 CET14402497383.66.38.117192.168.2.4
                                                                                            Jan 10, 2024 15:14:58.430886984 CET4973814402192.168.2.43.66.38.117
                                                                                            Jan 10, 2024 15:14:58.610342979 CET14402497383.66.38.117192.168.2.4
                                                                                            Jan 10, 2024 15:14:58.610496998 CET4973814402192.168.2.43.66.38.117
                                                                                            Jan 10, 2024 15:14:58.789674044 CET14402497383.66.38.117192.168.2.4
                                                                                            Jan 10, 2024 15:14:58.789830923 CET4973814402192.168.2.43.66.38.117
                                                                                            Jan 10, 2024 15:14:58.971577883 CET14402497383.66.38.117192.168.2.4
                                                                                            Jan 10, 2024 15:14:58.971681118 CET4973814402192.168.2.43.66.38.117
                                                                                            Jan 10, 2024 15:14:59.150907040 CET14402497383.66.38.117192.168.2.4
                                                                                            Jan 10, 2024 15:14:59.151088953 CET4973814402192.168.2.43.66.38.117
                                                                                            Jan 10, 2024 15:14:59.330099106 CET14402497383.66.38.117192.168.2.4
                                                                                            Jan 10, 2024 15:14:59.330337048 CET4973814402192.168.2.43.66.38.117
                                                                                            Jan 10, 2024 15:14:59.509452105 CET14402497383.66.38.117192.168.2.4
                                                                                            Jan 10, 2024 15:14:59.509670019 CET4973814402192.168.2.43.66.38.117
                                                                                            Jan 10, 2024 15:14:59.688540936 CET14402497383.66.38.117192.168.2.4
                                                                                            Jan 10, 2024 15:14:59.688719034 CET4973814402192.168.2.43.66.38.117
                                                                                            Jan 10, 2024 15:14:59.867588043 CET14402497383.66.38.117192.168.2.4
                                                                                            Jan 10, 2024 15:14:59.867717981 CET4973814402192.168.2.43.66.38.117
                                                                                            Jan 10, 2024 15:15:00.046617985 CET14402497383.66.38.117192.168.2.4
                                                                                            Jan 10, 2024 15:15:00.046850920 CET4973814402192.168.2.43.66.38.117
                                                                                            Jan 10, 2024 15:15:00.225766897 CET14402497383.66.38.117192.168.2.4
                                                                                            Jan 10, 2024 15:15:00.226042032 CET4973814402192.168.2.43.66.38.117
                                                                                            Jan 10, 2024 15:15:00.405251980 CET14402497383.66.38.117192.168.2.4
                                                                                            Jan 10, 2024 15:15:00.405333996 CET4973814402192.168.2.43.66.38.117
                                                                                            Jan 10, 2024 15:15:00.584368944 CET14402497383.66.38.117192.168.2.4
                                                                                            Jan 10, 2024 15:15:00.584503889 CET4973814402192.168.2.43.66.38.117
                                                                                            Jan 10, 2024 15:15:00.763402939 CET14402497383.66.38.117192.168.2.4
                                                                                            Jan 10, 2024 15:15:00.763551950 CET4973814402192.168.2.43.66.38.117
                                                                                            Jan 10, 2024 15:15:00.942332983 CET14402497383.66.38.117192.168.2.4
                                                                                            Jan 10, 2024 15:15:00.942410946 CET4973814402192.168.2.43.66.38.117
                                                                                            Jan 10, 2024 15:15:01.121193886 CET14402497383.66.38.117192.168.2.4
                                                                                            Jan 10, 2024 15:15:01.121273994 CET4973814402192.168.2.43.66.38.117
                                                                                            Jan 10, 2024 15:15:01.300379038 CET14402497383.66.38.117192.168.2.4
                                                                                            Jan 10, 2024 15:15:01.300498009 CET4973814402192.168.2.43.66.38.117
                                                                                            Jan 10, 2024 15:15:01.480385065 CET14402497383.66.38.117192.168.2.4
                                                                                            Jan 10, 2024 15:15:01.480556965 CET4973814402192.168.2.43.66.38.117
                                                                                            Jan 10, 2024 15:15:01.659593105 CET14402497383.66.38.117192.168.2.4
                                                                                            Jan 10, 2024 15:15:01.659778118 CET4973814402192.168.2.43.66.38.117
                                                                                            Jan 10, 2024 15:15:01.838583946 CET14402497383.66.38.117192.168.2.4
                                                                                            Jan 10, 2024 15:15:01.838684082 CET4973814402192.168.2.43.66.38.117
                                                                                            Jan 10, 2024 15:15:02.017703056 CET14402497383.66.38.117192.168.2.4
                                                                                            Jan 10, 2024 15:15:02.017908096 CET4973814402192.168.2.43.66.38.117
                                                                                            Jan 10, 2024 15:15:02.196794033 CET14402497383.66.38.117192.168.2.4
                                                                                            Jan 10, 2024 15:15:02.196861982 CET4973814402192.168.2.43.66.38.117
                                                                                            Jan 10, 2024 15:15:02.375916004 CET14402497383.66.38.117192.168.2.4
                                                                                            Jan 10, 2024 15:15:02.376091957 CET4973814402192.168.2.43.66.38.117
                                                                                            Jan 10, 2024 15:15:02.555332899 CET14402497383.66.38.117192.168.2.4
                                                                                            Jan 10, 2024 15:15:02.555553913 CET4973814402192.168.2.43.66.38.117
                                                                                            Jan 10, 2024 15:15:02.735200882 CET14402497383.66.38.117192.168.2.4
                                                                                            Jan 10, 2024 15:15:02.735610962 CET4973814402192.168.2.43.66.38.117
                                                                                            Jan 10, 2024 15:15:02.915122032 CET14402497383.66.38.117192.168.2.4
                                                                                            Jan 10, 2024 15:15:02.915235043 CET4973814402192.168.2.43.66.38.117
                                                                                            Jan 10, 2024 15:15:03.095180035 CET14402497383.66.38.117192.168.2.4
                                                                                            Jan 10, 2024 15:15:03.095412016 CET4973814402192.168.2.43.66.38.117
                                                                                            Jan 10, 2024 15:15:03.514775038 CET4973814402192.168.2.43.66.38.117
                                                                                            Jan 10, 2024 15:15:03.693866014 CET14402497383.66.38.117192.168.2.4
                                                                                            Jan 10, 2024 15:15:03.694087029 CET4973814402192.168.2.43.66.38.117
                                                                                            Jan 10, 2024 15:15:03.873140097 CET14402497383.66.38.117192.168.2.4
                                                                                            Jan 10, 2024 15:15:03.873226881 CET4973814402192.168.2.43.66.38.117
                                                                                            Jan 10, 2024 15:15:04.052149057 CET14402497383.66.38.117192.168.2.4
                                                                                            Jan 10, 2024 15:15:04.052314043 CET4973814402192.168.2.43.66.38.117
                                                                                            Jan 10, 2024 15:15:04.231261015 CET14402497383.66.38.117192.168.2.4
                                                                                            Jan 10, 2024 15:15:04.231358051 CET4973814402192.168.2.43.66.38.117
                                                                                            Jan 10, 2024 15:15:04.410422087 CET14402497383.66.38.117192.168.2.4
                                                                                            Jan 10, 2024 15:15:04.410620928 CET4973814402192.168.2.43.66.38.117
                                                                                            Jan 10, 2024 15:15:04.589627028 CET14402497383.66.38.117192.168.2.4
                                                                                            Jan 10, 2024 15:15:04.589724064 CET4973814402192.168.2.43.66.38.117
                                                                                            Jan 10, 2024 15:15:04.768896103 CET14402497383.66.38.117192.168.2.4
                                                                                            Jan 10, 2024 15:15:04.769000053 CET4973814402192.168.2.43.66.38.117
                                                                                            Jan 10, 2024 15:15:04.948093891 CET14402497383.66.38.117192.168.2.4
                                                                                            Jan 10, 2024 15:15:04.948340893 CET4973814402192.168.2.43.66.38.117
                                                                                            Jan 10, 2024 15:15:05.127428055 CET14402497383.66.38.117192.168.2.4
                                                                                            Jan 10, 2024 15:15:05.127572060 CET4973814402192.168.2.43.66.38.117
                                                                                            Jan 10, 2024 15:15:05.306514978 CET14402497383.66.38.117192.168.2.4
                                                                                            Jan 10, 2024 15:15:05.306771994 CET4973814402192.168.2.43.66.38.117
                                                                                            Jan 10, 2024 15:15:05.485651016 CET14402497383.66.38.117192.168.2.4
                                                                                            Jan 10, 2024 15:15:05.485769987 CET4973814402192.168.2.43.66.38.117
                                                                                            Jan 10, 2024 15:15:05.664699078 CET14402497383.66.38.117192.168.2.4
                                                                                            Jan 10, 2024 15:15:05.664863110 CET4973814402192.168.2.43.66.38.117
                                                                                            Jan 10, 2024 15:15:05.843806028 CET14402497383.66.38.117192.168.2.4
                                                                                            Jan 10, 2024 15:15:05.843929052 CET4973814402192.168.2.43.66.38.117
                                                                                            Jan 10, 2024 15:15:06.027770996 CET14402497383.66.38.117192.168.2.4
                                                                                            Jan 10, 2024 15:15:06.027848005 CET4973814402192.168.2.43.66.38.117
                                                                                            Jan 10, 2024 15:15:06.206525087 CET14402497383.66.38.117192.168.2.4
                                                                                            Jan 10, 2024 15:15:06.206629038 CET4973814402192.168.2.43.66.38.117
                                                                                            Jan 10, 2024 15:15:06.385478973 CET14402497383.66.38.117192.168.2.4
                                                                                            Jan 10, 2024 15:15:06.385662079 CET4973814402192.168.2.43.66.38.117
                                                                                            Jan 10, 2024 15:15:06.564343929 CET14402497383.66.38.117192.168.2.4
                                                                                            Jan 10, 2024 15:15:06.564445019 CET4973814402192.168.2.43.66.38.117
                                                                                            Jan 10, 2024 15:15:06.743192911 CET14402497383.66.38.117192.168.2.4
                                                                                            Jan 10, 2024 15:15:06.743269920 CET4973814402192.168.2.43.66.38.117
                                                                                            Jan 10, 2024 15:15:06.922082901 CET14402497383.66.38.117192.168.2.4
                                                                                            Jan 10, 2024 15:15:06.922373056 CET4973814402192.168.2.43.66.38.117
                                                                                            Jan 10, 2024 15:15:07.101670027 CET14402497383.66.38.117192.168.2.4
                                                                                            Jan 10, 2024 15:15:07.102044106 CET4973814402192.168.2.43.66.38.117
                                                                                            Jan 10, 2024 15:15:07.281126976 CET14402497383.66.38.117192.168.2.4
                                                                                            Jan 10, 2024 15:15:07.281230927 CET4973814402192.168.2.43.66.38.117
                                                                                            Jan 10, 2024 15:15:07.460532904 CET14402497383.66.38.117192.168.2.4
                                                                                            Jan 10, 2024 15:15:07.460643053 CET4973814402192.168.2.43.66.38.117
                                                                                            Jan 10, 2024 15:15:07.640439034 CET14402497383.66.38.117192.168.2.4
                                                                                            Jan 10, 2024 15:15:07.640515089 CET4973814402192.168.2.43.66.38.117
                                                                                            Jan 10, 2024 15:15:07.820267916 CET14402497383.66.38.117192.168.2.4
                                                                                            Jan 10, 2024 15:15:07.820518970 CET4973814402192.168.2.43.66.38.117
                                                                                            Jan 10, 2024 15:15:07.999955893 CET14402497383.66.38.117192.168.2.4
                                                                                            Jan 10, 2024 15:15:08.000065088 CET4973814402192.168.2.43.66.38.117
                                                                                            Jan 10, 2024 15:15:08.180154085 CET14402497383.66.38.117192.168.2.4
                                                                                            Jan 10, 2024 15:15:10.440490961 CET4973814402192.168.2.43.66.38.117
                                                                                            Jan 10, 2024 15:15:10.622299910 CET14402497383.66.38.117192.168.2.4
                                                                                            Jan 10, 2024 15:15:10.622548103 CET4973814402192.168.2.43.66.38.117
                                                                                            Jan 10, 2024 15:15:10.803999901 CET14402497383.66.38.117192.168.2.4
                                                                                            Jan 10, 2024 15:15:10.804166079 CET4973814402192.168.2.43.66.38.117
                                                                                            Jan 10, 2024 15:15:10.983364105 CET14402497383.66.38.117192.168.2.4
                                                                                            Jan 10, 2024 15:15:10.983448029 CET4973814402192.168.2.43.66.38.117
                                                                                            Jan 10, 2024 15:15:11.164237022 CET14402497383.66.38.117192.168.2.4
                                                                                            Jan 10, 2024 15:15:11.164340973 CET4973814402192.168.2.43.66.38.117
                                                                                            Jan 10, 2024 15:15:11.344507933 CET14402497383.66.38.117192.168.2.4
                                                                                            Jan 10, 2024 15:15:11.344614029 CET4973814402192.168.2.43.66.38.117
                                                                                            Jan 10, 2024 15:15:11.523612976 CET14402497383.66.38.117192.168.2.4
                                                                                            Jan 10, 2024 15:15:11.523891926 CET4973814402192.168.2.43.66.38.117
                                                                                            Jan 10, 2024 15:15:11.703480959 CET14402497383.66.38.117192.168.2.4
                                                                                            Jan 10, 2024 15:15:11.703728914 CET4973814402192.168.2.43.66.38.117
                                                                                            Jan 10, 2024 15:15:11.882683039 CET14402497383.66.38.117192.168.2.4
                                                                                            Jan 10, 2024 15:15:11.882929087 CET4973814402192.168.2.43.66.38.117
                                                                                            Jan 10, 2024 15:15:12.062308073 CET14402497383.66.38.117192.168.2.4
                                                                                            Jan 10, 2024 15:15:12.062551975 CET4973814402192.168.2.43.66.38.117
                                                                                            Jan 10, 2024 15:15:12.241722107 CET14402497383.66.38.117192.168.2.4
                                                                                            Jan 10, 2024 15:15:12.241812944 CET4973814402192.168.2.43.66.38.117
                                                                                            Jan 10, 2024 15:15:12.420748949 CET14402497383.66.38.117192.168.2.4
                                                                                            Jan 10, 2024 15:15:12.420962095 CET4973814402192.168.2.43.66.38.117
                                                                                            Jan 10, 2024 15:15:12.602174997 CET14402497383.66.38.117192.168.2.4
                                                                                            Jan 10, 2024 15:15:12.602432013 CET4973814402192.168.2.43.66.38.117
                                                                                            Jan 10, 2024 15:15:12.781825066 CET14402497383.66.38.117192.168.2.4
                                                                                            Jan 10, 2024 15:15:12.781935930 CET4973814402192.168.2.43.66.38.117
                                                                                            Jan 10, 2024 15:15:12.961591005 CET14402497383.66.38.117192.168.2.4
                                                                                            Jan 10, 2024 15:15:12.961692095 CET4973814402192.168.2.43.66.38.117
                                                                                            Jan 10, 2024 15:15:13.140963078 CET14402497383.66.38.117192.168.2.4
                                                                                            Jan 10, 2024 15:15:13.141159058 CET4973814402192.168.2.43.66.38.117
                                                                                            Jan 10, 2024 15:15:13.320482969 CET14402497383.66.38.117192.168.2.4
                                                                                            Jan 10, 2024 15:15:13.320588112 CET4973814402192.168.2.43.66.38.117
                                                                                            Jan 10, 2024 15:15:13.499614000 CET14402497383.66.38.117192.168.2.4
                                                                                            Jan 10, 2024 15:15:13.499870062 CET4973814402192.168.2.43.66.38.117
                                                                                            Jan 10, 2024 15:15:13.680526972 CET14402497383.66.38.117192.168.2.4
                                                                                            Jan 10, 2024 15:15:13.680670977 CET4973814402192.168.2.43.66.38.117
                                                                                            Jan 10, 2024 15:15:13.859776974 CET14402497383.66.38.117192.168.2.4
                                                                                            Jan 10, 2024 15:15:13.859869957 CET4973814402192.168.2.43.66.38.117
                                                                                            Jan 10, 2024 15:15:14.040863037 CET14402497383.66.38.117192.168.2.4
                                                                                            Jan 10, 2024 15:15:14.041040897 CET4973814402192.168.2.43.66.38.117
                                                                                            Jan 10, 2024 15:15:14.223875999 CET14402497383.66.38.117192.168.2.4
                                                                                            Jan 10, 2024 15:15:14.224055052 CET4973814402192.168.2.43.66.38.117
                                                                                            Jan 10, 2024 15:15:14.403538942 CET14402497383.66.38.117192.168.2.4
                                                                                            Jan 10, 2024 15:15:14.403821945 CET4973814402192.168.2.43.66.38.117
                                                                                            Jan 10, 2024 15:15:14.584604025 CET14402497383.66.38.117192.168.2.4
                                                                                            Jan 10, 2024 15:15:14.584723949 CET4973814402192.168.2.43.66.38.117
                                                                                            Jan 10, 2024 15:15:14.763966084 CET14402497383.66.38.117192.168.2.4
                                                                                            Jan 10, 2024 15:15:14.764317036 CET4973814402192.168.2.43.66.38.117
                                                                                            Jan 10, 2024 15:15:14.943773031 CET14402497383.66.38.117192.168.2.4
                                                                                            Jan 10, 2024 15:15:14.944101095 CET4973814402192.168.2.43.66.38.117
                                                                                            Jan 10, 2024 15:15:15.106596947 CET14402497383.66.38.117192.168.2.4
                                                                                            Jan 10, 2024 15:15:15.106703043 CET4973814402192.168.2.43.66.38.117
                                                                                            Jan 10, 2024 15:15:15.124664068 CET14402497383.66.38.117192.168.2.4
                                                                                            Jan 10, 2024 15:15:15.285964966 CET14402497383.66.38.117192.168.2.4
                                                                                            Jan 10, 2024 15:15:17.221107006 CET4973914402192.168.2.418.197.239.109
                                                                                            Jan 10, 2024 15:15:17.401118994 CET144024973918.197.239.109192.168.2.4
                                                                                            Jan 10, 2024 15:15:17.401362896 CET4973914402192.168.2.418.197.239.109
                                                                                            Jan 10, 2024 15:15:17.445648909 CET4973914402192.168.2.418.197.239.109
                                                                                            Jan 10, 2024 15:15:17.625195980 CET144024973918.197.239.109192.168.2.4
                                                                                            Jan 10, 2024 15:15:17.625461102 CET4973914402192.168.2.418.197.239.109
                                                                                            Jan 10, 2024 15:15:17.805160046 CET144024973918.197.239.109192.168.2.4
                                                                                            Jan 10, 2024 15:15:17.805262089 CET4973914402192.168.2.418.197.239.109
                                                                                            Jan 10, 2024 15:15:17.987899065 CET144024973918.197.239.109192.168.2.4
                                                                                            Jan 10, 2024 15:15:17.988033056 CET4973914402192.168.2.418.197.239.109
                                                                                            Jan 10, 2024 15:15:18.168236971 CET144024973918.197.239.109192.168.2.4
                                                                                            Jan 10, 2024 15:15:18.168498039 CET4973914402192.168.2.418.197.239.109
                                                                                            Jan 10, 2024 15:15:18.347755909 CET144024973918.197.239.109192.168.2.4
                                                                                            Jan 10, 2024 15:15:18.348073006 CET4973914402192.168.2.418.197.239.109
                                                                                            Jan 10, 2024 15:15:18.527578115 CET144024973918.197.239.109192.168.2.4
                                                                                            Jan 10, 2024 15:15:18.527667999 CET4973914402192.168.2.418.197.239.109
                                                                                            Jan 10, 2024 15:15:18.706799984 CET144024973918.197.239.109192.168.2.4
                                                                                            Jan 10, 2024 15:15:18.706902981 CET4973914402192.168.2.418.197.239.109
                                                                                            Jan 10, 2024 15:15:18.886164904 CET144024973918.197.239.109192.168.2.4
                                                                                            Jan 10, 2024 15:15:18.886358976 CET4973914402192.168.2.418.197.239.109
                                                                                            Jan 10, 2024 15:15:19.066154003 CET144024973918.197.239.109192.168.2.4
                                                                                            Jan 10, 2024 15:15:19.066354036 CET4973914402192.168.2.418.197.239.109
                                                                                            Jan 10, 2024 15:15:19.245505095 CET144024973918.197.239.109192.168.2.4
                                                                                            Jan 10, 2024 15:15:19.245810032 CET4973914402192.168.2.418.197.239.109
                                                                                            Jan 10, 2024 15:15:19.424881935 CET144024973918.197.239.109192.168.2.4
                                                                                            Jan 10, 2024 15:15:19.425040007 CET4973914402192.168.2.418.197.239.109
                                                                                            Jan 10, 2024 15:15:19.604698896 CET144024973918.197.239.109192.168.2.4
                                                                                            Jan 10, 2024 15:15:19.604892015 CET4973914402192.168.2.418.197.239.109
                                                                                            Jan 10, 2024 15:15:19.784075975 CET144024973918.197.239.109192.168.2.4
                                                                                            Jan 10, 2024 15:15:19.784205914 CET4973914402192.168.2.418.197.239.109
                                                                                            Jan 10, 2024 15:15:19.963438034 CET144024973918.197.239.109192.168.2.4
                                                                                            Jan 10, 2024 15:15:19.963577986 CET4973914402192.168.2.418.197.239.109
                                                                                            Jan 10, 2024 15:15:20.143218040 CET144024973918.197.239.109192.168.2.4
                                                                                            Jan 10, 2024 15:15:20.143402100 CET4973914402192.168.2.418.197.239.109
                                                                                            Jan 10, 2024 15:15:20.322835922 CET144024973918.197.239.109192.168.2.4
                                                                                            Jan 10, 2024 15:15:20.322981119 CET4973914402192.168.2.418.197.239.109
                                                                                            Jan 10, 2024 15:15:20.502712011 CET144024973918.197.239.109192.168.2.4
                                                                                            Jan 10, 2024 15:15:20.502844095 CET4973914402192.168.2.418.197.239.109
                                                                                            Jan 10, 2024 15:15:20.682127953 CET144024973918.197.239.109192.168.2.4
                                                                                            Jan 10, 2024 15:15:20.682245970 CET4973914402192.168.2.418.197.239.109
                                                                                            Jan 10, 2024 15:15:20.862031937 CET144024973918.197.239.109192.168.2.4
                                                                                            Jan 10, 2024 15:15:20.862281084 CET4973914402192.168.2.418.197.239.109
                                                                                            Jan 10, 2024 15:15:21.041928053 CET144024973918.197.239.109192.168.2.4
                                                                                            Jan 10, 2024 15:15:21.042042971 CET4973914402192.168.2.418.197.239.109
                                                                                            Jan 10, 2024 15:15:21.221466064 CET144024973918.197.239.109192.168.2.4
                                                                                            Jan 10, 2024 15:15:21.221565008 CET4973914402192.168.2.418.197.239.109
                                                                                            Jan 10, 2024 15:15:21.406342983 CET144024973918.197.239.109192.168.2.4
                                                                                            Jan 10, 2024 15:15:21.406491041 CET4973914402192.168.2.418.197.239.109
                                                                                            Jan 10, 2024 15:15:21.586025953 CET144024973918.197.239.109192.168.2.4
                                                                                            Jan 10, 2024 15:15:21.586124897 CET4973914402192.168.2.418.197.239.109
                                                                                            Jan 10, 2024 15:15:21.765424967 CET144024973918.197.239.109192.168.2.4
                                                                                            Jan 10, 2024 15:15:21.765566111 CET4973914402192.168.2.418.197.239.109
                                                                                            Jan 10, 2024 15:15:21.945209980 CET144024973918.197.239.109192.168.2.4
                                                                                            Jan 10, 2024 15:15:21.945390940 CET4973914402192.168.2.418.197.239.109
                                                                                            Jan 10, 2024 15:15:22.124975920 CET144024973918.197.239.109192.168.2.4
                                                                                            Jan 10, 2024 15:15:22.125096083 CET4973914402192.168.2.418.197.239.109
                                                                                            Jan 10, 2024 15:15:22.305322886 CET144024973918.197.239.109192.168.2.4
                                                                                            Jan 10, 2024 15:15:22.305619955 CET4973914402192.168.2.418.197.239.109
                                                                                            Jan 10, 2024 15:15:22.484774113 CET144024973918.197.239.109192.168.2.4
                                                                                            Jan 10, 2024 15:15:22.484915018 CET4973914402192.168.2.418.197.239.109
                                                                                            Jan 10, 2024 15:15:22.664242983 CET144024973918.197.239.109192.168.2.4
                                                                                            Jan 10, 2024 15:15:22.664477110 CET4973914402192.168.2.418.197.239.109
                                                                                            Jan 10, 2024 15:15:22.843609095 CET144024973918.197.239.109192.168.2.4
                                                                                            Jan 10, 2024 15:15:22.843748093 CET4973914402192.168.2.418.197.239.109
                                                                                            Jan 10, 2024 15:15:23.023557901 CET144024973918.197.239.109192.168.2.4
                                                                                            Jan 10, 2024 15:15:23.023725986 CET4973914402192.168.2.418.197.239.109
                                                                                            Jan 10, 2024 15:15:23.203461885 CET144024973918.197.239.109192.168.2.4
                                                                                            Jan 10, 2024 15:15:23.203584909 CET4973914402192.168.2.418.197.239.109
                                                                                            Jan 10, 2024 15:15:23.383666039 CET144024973918.197.239.109192.168.2.4
                                                                                            Jan 10, 2024 15:15:23.383979082 CET4973914402192.168.2.418.197.239.109
                                                                                            Jan 10, 2024 15:15:23.563431978 CET144024973918.197.239.109192.168.2.4
                                                                                            Jan 10, 2024 15:15:23.563566923 CET4973914402192.168.2.418.197.239.109
                                                                                            Jan 10, 2024 15:15:23.742690086 CET144024973918.197.239.109192.168.2.4
                                                                                            Jan 10, 2024 15:15:23.742813110 CET4973914402192.168.2.418.197.239.109
                                                                                            Jan 10, 2024 15:15:23.922015905 CET144024973918.197.239.109192.168.2.4
                                                                                            Jan 10, 2024 15:15:23.922169924 CET4973914402192.168.2.418.197.239.109
                                                                                            Jan 10, 2024 15:15:24.102041006 CET144024973918.197.239.109192.168.2.4
                                                                                            Jan 10, 2024 15:15:24.102277040 CET4973914402192.168.2.418.197.239.109
                                                                                            Jan 10, 2024 15:15:24.281796932 CET144024973918.197.239.109192.168.2.4
                                                                                            Jan 10, 2024 15:15:24.281867981 CET4973914402192.168.2.418.197.239.109
                                                                                            Jan 10, 2024 15:15:24.461003065 CET144024973918.197.239.109192.168.2.4
                                                                                            Jan 10, 2024 15:15:24.461107969 CET4973914402192.168.2.418.197.239.109
                                                                                            Jan 10, 2024 15:15:24.641737938 CET144024973918.197.239.109192.168.2.4
                                                                                            Jan 10, 2024 15:15:24.641844034 CET4973914402192.168.2.418.197.239.109
                                                                                            Jan 10, 2024 15:15:24.820981979 CET144024973918.197.239.109192.168.2.4
                                                                                            Jan 10, 2024 15:15:24.821046114 CET4973914402192.168.2.418.197.239.109
                                                                                            Jan 10, 2024 15:15:25.000039101 CET144024973918.197.239.109192.168.2.4
                                                                                            Jan 10, 2024 15:15:25.000150919 CET4973914402192.168.2.418.197.239.109
                                                                                            Jan 10, 2024 15:15:25.179305077 CET144024973918.197.239.109192.168.2.4
                                                                                            Jan 10, 2024 15:15:25.179395914 CET4973914402192.168.2.418.197.239.109
                                                                                            Jan 10, 2024 15:15:25.358711004 CET144024973918.197.239.109192.168.2.4
                                                                                            Jan 10, 2024 15:15:25.359086037 CET4973914402192.168.2.418.197.239.109
                                                                                            Jan 10, 2024 15:15:25.538364887 CET144024973918.197.239.109192.168.2.4
                                                                                            Jan 10, 2024 15:15:25.538584948 CET4973914402192.168.2.418.197.239.109
                                                                                            Jan 10, 2024 15:15:25.718910933 CET144024973918.197.239.109192.168.2.4
                                                                                            Jan 10, 2024 15:15:25.718976021 CET4973914402192.168.2.418.197.239.109
                                                                                            Jan 10, 2024 15:15:25.898327112 CET144024973918.197.239.109192.168.2.4
                                                                                            Jan 10, 2024 15:15:25.908659935 CET4973914402192.168.2.418.197.239.109
                                                                                            Jan 10, 2024 15:15:26.090292931 CET144024973918.197.239.109192.168.2.4
                                                                                            Jan 10, 2024 15:15:28.144501925 CET4973914402192.168.2.418.197.239.109
                                                                                            Jan 10, 2024 15:15:28.323976994 CET144024973918.197.239.109192.168.2.4
                                                                                            Jan 10, 2024 15:15:28.324181080 CET4973914402192.168.2.418.197.239.109
                                                                                            Jan 10, 2024 15:15:28.503554106 CET144024973918.197.239.109192.168.2.4
                                                                                            Jan 10, 2024 15:15:28.503681898 CET4973914402192.168.2.418.197.239.109
                                                                                            Jan 10, 2024 15:15:28.682857037 CET144024973918.197.239.109192.168.2.4
                                                                                            Jan 10, 2024 15:15:28.683141947 CET4973914402192.168.2.418.197.239.109
                                                                                            Jan 10, 2024 15:15:28.862363100 CET144024973918.197.239.109192.168.2.4
                                                                                            Jan 10, 2024 15:15:28.862726927 CET4973914402192.168.2.418.197.239.109
                                                                                            Jan 10, 2024 15:15:29.041799068 CET144024973918.197.239.109192.168.2.4
                                                                                            Jan 10, 2024 15:15:29.041939020 CET4973914402192.168.2.418.197.239.109
                                                                                            Jan 10, 2024 15:15:29.221101046 CET144024973918.197.239.109192.168.2.4
                                                                                            Jan 10, 2024 15:15:29.221251965 CET4973914402192.168.2.418.197.239.109
                                                                                            Jan 10, 2024 15:15:29.400291920 CET144024973918.197.239.109192.168.2.4
                                                                                            Jan 10, 2024 15:15:29.400415897 CET4973914402192.168.2.418.197.239.109
                                                                                            Jan 10, 2024 15:15:29.579965115 CET144024973918.197.239.109192.168.2.4
                                                                                            Jan 10, 2024 15:15:29.580049038 CET4973914402192.168.2.418.197.239.109
                                                                                            Jan 10, 2024 15:15:29.759232044 CET144024973918.197.239.109192.168.2.4
                                                                                            Jan 10, 2024 15:15:29.759566069 CET4973914402192.168.2.418.197.239.109
                                                                                            Jan 10, 2024 15:15:29.938666105 CET144024973918.197.239.109192.168.2.4
                                                                                            Jan 10, 2024 15:15:29.938760042 CET4973914402192.168.2.418.197.239.109
                                                                                            Jan 10, 2024 15:15:30.117988110 CET144024973918.197.239.109192.168.2.4
                                                                                            Jan 10, 2024 15:15:30.118098021 CET4973914402192.168.2.418.197.239.109
                                                                                            Jan 10, 2024 15:15:30.297060966 CET144024973918.197.239.109192.168.2.4
                                                                                            Jan 10, 2024 15:15:30.297282934 CET4973914402192.168.2.418.197.239.109
                                                                                            Jan 10, 2024 15:15:30.478054047 CET144024973918.197.239.109192.168.2.4
                                                                                            Jan 10, 2024 15:15:30.478142977 CET4973914402192.168.2.418.197.239.109
                                                                                            Jan 10, 2024 15:15:30.657171965 CET144024973918.197.239.109192.168.2.4
                                                                                            Jan 10, 2024 15:15:30.657248974 CET4973914402192.168.2.418.197.239.109
                                                                                            Jan 10, 2024 15:15:30.839623928 CET144024973918.197.239.109192.168.2.4
                                                                                            Jan 10, 2024 15:15:30.839818001 CET4973914402192.168.2.418.197.239.109
                                                                                            Jan 10, 2024 15:15:31.018996000 CET144024973918.197.239.109192.168.2.4
                                                                                            Jan 10, 2024 15:15:31.019093037 CET4973914402192.168.2.418.197.239.109
                                                                                            Jan 10, 2024 15:15:31.198127031 CET144024973918.197.239.109192.168.2.4
                                                                                            Jan 10, 2024 15:15:31.198244095 CET4973914402192.168.2.418.197.239.109
                                                                                            Jan 10, 2024 15:15:31.377435923 CET144024973918.197.239.109192.168.2.4
                                                                                            Jan 10, 2024 15:15:31.377583981 CET4973914402192.168.2.418.197.239.109
                                                                                            Jan 10, 2024 15:15:31.557276964 CET144024973918.197.239.109192.168.2.4
                                                                                            Jan 10, 2024 15:15:31.557534933 CET4973914402192.168.2.418.197.239.109
                                                                                            Jan 10, 2024 15:15:31.736566067 CET144024973918.197.239.109192.168.2.4
                                                                                            Jan 10, 2024 15:15:31.736706972 CET4973914402192.168.2.418.197.239.109
                                                                                            Jan 10, 2024 15:15:31.915756941 CET144024973918.197.239.109192.168.2.4
                                                                                            Jan 10, 2024 15:15:31.915988922 CET4973914402192.168.2.418.197.239.109
                                                                                            Jan 10, 2024 15:15:32.095468044 CET144024973918.197.239.109192.168.2.4
                                                                                            Jan 10, 2024 15:15:32.095875025 CET4973914402192.168.2.418.197.239.109
                                                                                            Jan 10, 2024 15:15:32.275032997 CET144024973918.197.239.109192.168.2.4
                                                                                            Jan 10, 2024 15:15:32.275248051 CET4973914402192.168.2.418.197.239.109
                                                                                            Jan 10, 2024 15:15:32.454272985 CET144024973918.197.239.109192.168.2.4
                                                                                            Jan 10, 2024 15:15:32.454368114 CET4973914402192.168.2.418.197.239.109
                                                                                            Jan 10, 2024 15:15:32.633447886 CET144024973918.197.239.109192.168.2.4
                                                                                            Jan 10, 2024 15:15:32.633584976 CET4973914402192.168.2.418.197.239.109
                                                                                            Jan 10, 2024 15:15:32.812640905 CET144024973918.197.239.109192.168.2.4
                                                                                            Jan 10, 2024 15:15:32.812741041 CET4973914402192.168.2.418.197.239.109
                                                                                            Jan 10, 2024 15:15:32.991808891 CET144024973918.197.239.109192.168.2.4
                                                                                            Jan 10, 2024 15:15:32.992096901 CET4973914402192.168.2.418.197.239.109
                                                                                            Jan 10, 2024 15:15:33.171323061 CET144024973918.197.239.109192.168.2.4
                                                                                            Jan 10, 2024 15:15:33.171463013 CET4973914402192.168.2.418.197.239.109
                                                                                            Jan 10, 2024 15:15:33.350625992 CET144024973918.197.239.109192.168.2.4
                                                                                            Jan 10, 2024 15:15:33.350713015 CET4973914402192.168.2.418.197.239.109
                                                                                            Jan 10, 2024 15:15:33.530241013 CET144024973918.197.239.109192.168.2.4
                                                                                            Jan 10, 2024 15:15:33.530371904 CET4973914402192.168.2.418.197.239.109
                                                                                            Jan 10, 2024 15:15:33.709634066 CET144024973918.197.239.109192.168.2.4
                                                                                            Jan 10, 2024 15:15:33.709813118 CET4973914402192.168.2.418.197.239.109
                                                                                            Jan 10, 2024 15:15:33.888906956 CET144024973918.197.239.109192.168.2.4
                                                                                            Jan 10, 2024 15:15:33.889024973 CET4973914402192.168.2.418.197.239.109
                                                                                            Jan 10, 2024 15:15:34.071063042 CET144024973918.197.239.109192.168.2.4
                                                                                            Jan 10, 2024 15:15:34.071223974 CET4973914402192.168.2.418.197.239.109
                                                                                            Jan 10, 2024 15:15:34.250426054 CET144024973918.197.239.109192.168.2.4
                                                                                            Jan 10, 2024 15:15:34.250530005 CET4973914402192.168.2.418.197.239.109
                                                                                            Jan 10, 2024 15:15:34.432171106 CET144024973918.197.239.109192.168.2.4
                                                                                            Jan 10, 2024 15:15:34.432277918 CET4973914402192.168.2.418.197.239.109
                                                                                            Jan 10, 2024 15:15:34.611423016 CET144024973918.197.239.109192.168.2.4
                                                                                            Jan 10, 2024 15:15:34.611548901 CET4973914402192.168.2.418.197.239.109
                                                                                            Jan 10, 2024 15:15:34.790709019 CET144024973918.197.239.109192.168.2.4
                                                                                            Jan 10, 2024 15:15:34.790910006 CET4973914402192.168.2.418.197.239.109
                                                                                            Jan 10, 2024 15:15:34.970206976 CET144024973918.197.239.109192.168.2.4
                                                                                            Jan 10, 2024 15:15:34.970321894 CET4973914402192.168.2.418.197.239.109
                                                                                            Jan 10, 2024 15:15:35.149539948 CET144024973918.197.239.109192.168.2.4
                                                                                            Jan 10, 2024 15:15:35.149657965 CET4973914402192.168.2.418.197.239.109
                                                                                            Jan 10, 2024 15:15:35.328902960 CET144024973918.197.239.109192.168.2.4
                                                                                            Jan 10, 2024 15:15:35.329197884 CET4973914402192.168.2.418.197.239.109
                                                                                            Jan 10, 2024 15:15:35.508383989 CET144024973918.197.239.109192.168.2.4
                                                                                            Jan 10, 2024 15:15:35.508733034 CET4973914402192.168.2.418.197.239.109
                                                                                            Jan 10, 2024 15:15:35.687870979 CET144024973918.197.239.109192.168.2.4
                                                                                            Jan 10, 2024 15:15:35.688220024 CET4973914402192.168.2.418.197.239.109
                                                                                            Jan 10, 2024 15:15:35.868518114 CET144024973918.197.239.109192.168.2.4
                                                                                            Jan 10, 2024 15:15:35.868748903 CET4973914402192.168.2.418.197.239.109
                                                                                            Jan 10, 2024 15:15:36.091768980 CET144024973918.197.239.109192.168.2.4
                                                                                            Jan 10, 2024 15:15:36.091928959 CET4973914402192.168.2.418.197.239.109
                                                                                            Jan 10, 2024 15:15:36.355614901 CET144024973918.197.239.109192.168.2.4
                                                                                            Jan 10, 2024 15:15:36.355768919 CET4973914402192.168.2.418.197.239.109
                                                                                            Jan 10, 2024 15:15:36.555608988 CET144024973918.197.239.109192.168.2.4
                                                                                            Jan 10, 2024 15:15:36.555757046 CET4973914402192.168.2.418.197.239.109
                                                                                            Jan 10, 2024 15:15:36.898369074 CET144024973918.197.239.109192.168.2.4
                                                                                            Jan 10, 2024 15:15:36.898711920 CET4973914402192.168.2.418.197.239.109
                                                                                            Jan 10, 2024 15:15:37.267555952 CET144024973918.197.239.109192.168.2.4
                                                                                            Jan 10, 2024 15:15:37.267693996 CET4973914402192.168.2.418.197.239.109
                                                                                            Jan 10, 2024 15:15:37.635613918 CET144024973918.197.239.109192.168.2.4
                                                                                            Jan 10, 2024 15:15:37.635746002 CET4973914402192.168.2.418.197.239.109
                                                                                            Jan 10, 2024 15:15:37.999685049 CET144024973918.197.239.109192.168.2.4
                                                                                            Jan 10, 2024 15:15:37.999957085 CET4973914402192.168.2.418.197.239.109
                                                                                            Jan 10, 2024 15:15:38.180481911 CET144024973918.197.239.109192.168.2.4
                                                                                            Jan 10, 2024 15:15:38.180756092 CET4973914402192.168.2.418.197.239.109
                                                                                            Jan 10, 2024 15:15:38.361854076 CET144024973918.197.239.109192.168.2.4
                                                                                            Jan 10, 2024 15:15:38.361965895 CET4973914402192.168.2.418.197.239.109
                                                                                            Jan 10, 2024 15:15:38.541074038 CET144024973918.197.239.109192.168.2.4
                                                                                            Jan 10, 2024 15:15:38.541202068 CET4973914402192.168.2.418.197.239.109
                                                                                            Jan 10, 2024 15:15:38.721755981 CET144024973918.197.239.109192.168.2.4
                                                                                            Jan 10, 2024 15:15:38.721966028 CET4973914402192.168.2.418.197.239.109
                                                                                            Jan 10, 2024 15:15:38.901109934 CET144024973918.197.239.109192.168.2.4
                                                                                            Jan 10, 2024 15:15:38.901302099 CET4973914402192.168.2.418.197.239.109
                                                                                            Jan 10, 2024 15:15:39.080404997 CET144024973918.197.239.109192.168.2.4
                                                                                            Jan 10, 2024 15:15:39.080530882 CET4973914402192.168.2.418.197.239.109
                                                                                            Jan 10, 2024 15:15:39.259744883 CET144024973918.197.239.109192.168.2.4
                                                                                            Jan 10, 2024 15:15:39.259948969 CET4973914402192.168.2.418.197.239.109
                                                                                            Jan 10, 2024 15:15:39.439342022 CET144024973918.197.239.109192.168.2.4
                                                                                            Jan 10, 2024 15:15:39.439450026 CET4973914402192.168.2.418.197.239.109
                                                                                            Jan 10, 2024 15:15:39.618894100 CET144024973918.197.239.109192.168.2.4
                                                                                            Jan 10, 2024 15:15:39.618993044 CET4973914402192.168.2.418.197.239.109
                                                                                            Jan 10, 2024 15:15:39.798054934 CET144024973918.197.239.109192.168.2.4
                                                                                            Jan 10, 2024 15:15:39.798178911 CET4973914402192.168.2.418.197.239.109
                                                                                            Jan 10, 2024 15:15:39.977729082 CET144024973918.197.239.109192.168.2.4
                                                                                            Jan 10, 2024 15:15:39.977868080 CET4973914402192.168.2.418.197.239.109
                                                                                            Jan 10, 2024 15:15:40.157234907 CET144024973918.197.239.109192.168.2.4
                                                                                            Jan 10, 2024 15:15:40.157309055 CET4973914402192.168.2.418.197.239.109
                                                                                            Jan 10, 2024 15:15:40.336783886 CET144024973918.197.239.109192.168.2.4
                                                                                            Jan 10, 2024 15:15:40.336894035 CET4973914402192.168.2.418.197.239.109
                                                                                            Jan 10, 2024 15:15:40.516129971 CET144024973918.197.239.109192.168.2.4
                                                                                            Jan 10, 2024 15:15:40.516225100 CET4973914402192.168.2.418.197.239.109
                                                                                            Jan 10, 2024 15:15:40.696134090 CET144024973918.197.239.109192.168.2.4
                                                                                            Jan 10, 2024 15:15:40.696219921 CET4973914402192.168.2.418.197.239.109
                                                                                            Jan 10, 2024 15:15:40.875418901 CET144024973918.197.239.109192.168.2.4
                                                                                            Jan 10, 2024 15:15:40.875549078 CET4973914402192.168.2.418.197.239.109
                                                                                            Jan 10, 2024 15:15:41.054744005 CET144024973918.197.239.109192.168.2.4
                                                                                            Jan 10, 2024 15:15:41.054920912 CET4973914402192.168.2.418.197.239.109
                                                                                            Jan 10, 2024 15:15:41.234424114 CET144024973918.197.239.109192.168.2.4
                                                                                            Jan 10, 2024 15:15:41.234596968 CET4973914402192.168.2.418.197.239.109
                                                                                            Jan 10, 2024 15:15:41.414066076 CET144024973918.197.239.109192.168.2.4
                                                                                            Jan 10, 2024 15:15:41.414297104 CET4973914402192.168.2.418.197.239.109
                                                                                            Jan 10, 2024 15:15:41.593964100 CET144024973918.197.239.109192.168.2.4
                                                                                            Jan 10, 2024 15:15:41.594060898 CET4973914402192.168.2.418.197.239.109
                                                                                            Jan 10, 2024 15:15:41.773644924 CET144024973918.197.239.109192.168.2.4
                                                                                            Jan 10, 2024 15:15:41.773825884 CET4973914402192.168.2.418.197.239.109
                                                                                            Jan 10, 2024 15:15:41.953022957 CET144024973918.197.239.109192.168.2.4
                                                                                            Jan 10, 2024 15:15:41.953140974 CET4973914402192.168.2.418.197.239.109
                                                                                            Jan 10, 2024 15:15:42.133332968 CET144024973918.197.239.109192.168.2.4
                                                                                            Jan 10, 2024 15:15:42.133433104 CET4973914402192.168.2.418.197.239.109
                                                                                            Jan 10, 2024 15:15:42.312736988 CET144024973918.197.239.109192.168.2.4
                                                                                            Jan 10, 2024 15:15:42.313013077 CET4973914402192.168.2.418.197.239.109
                                                                                            Jan 10, 2024 15:15:42.492098093 CET144024973918.197.239.109192.168.2.4
                                                                                            Jan 10, 2024 15:15:42.492191076 CET4973914402192.168.2.418.197.239.109
                                                                                            Jan 10, 2024 15:15:42.671578884 CET144024973918.197.239.109192.168.2.4
                                                                                            Jan 10, 2024 15:15:42.671730995 CET4973914402192.168.2.418.197.239.109
                                                                                            Jan 10, 2024 15:15:42.851074934 CET144024973918.197.239.109192.168.2.4
                                                                                            Jan 10, 2024 15:15:42.851181984 CET4973914402192.168.2.418.197.239.109
                                                                                            Jan 10, 2024 15:15:43.030297041 CET144024973918.197.239.109192.168.2.4
                                                                                            Jan 10, 2024 15:15:43.030414104 CET4973914402192.168.2.418.197.239.109
                                                                                            Jan 10, 2024 15:15:43.209558010 CET144024973918.197.239.109192.168.2.4
                                                                                            Jan 10, 2024 15:15:43.209661961 CET4973914402192.168.2.418.197.239.109
                                                                                            Jan 10, 2024 15:15:43.389159918 CET144024973918.197.239.109192.168.2.4
                                                                                            Jan 10, 2024 15:15:43.389583111 CET4973914402192.168.2.418.197.239.109
                                                                                            Jan 10, 2024 15:15:43.572078943 CET144024973918.197.239.109192.168.2.4
                                                                                            Jan 10, 2024 15:15:43.803966999 CET4973914402192.168.2.418.197.239.109
                                                                                            Jan 10, 2024 15:15:43.983169079 CET144024973918.197.239.109192.168.2.4
                                                                                            Jan 10, 2024 15:15:43.983259916 CET4973914402192.168.2.418.197.239.109
                                                                                            Jan 10, 2024 15:15:44.162653923 CET144024973918.197.239.109192.168.2.4
                                                                                            Jan 10, 2024 15:15:45.826380968 CET4973914402192.168.2.418.197.239.109
                                                                                            Jan 10, 2024 15:15:46.005584955 CET144024973918.197.239.109192.168.2.4
                                                                                            Jan 10, 2024 15:15:46.005759001 CET4973914402192.168.2.418.197.239.109
                                                                                            Jan 10, 2024 15:15:46.184837103 CET144024973918.197.239.109192.168.2.4
                                                                                            Jan 10, 2024 15:15:46.184958935 CET4973914402192.168.2.418.197.239.109
                                                                                            Jan 10, 2024 15:15:46.373414993 CET144024973918.197.239.109192.168.2.4
                                                                                            Jan 10, 2024 15:15:46.373505116 CET4973914402192.168.2.418.197.239.109
                                                                                            Jan 10, 2024 15:15:46.552911043 CET144024973918.197.239.109192.168.2.4
                                                                                            Jan 10, 2024 15:15:46.553080082 CET4973914402192.168.2.418.197.239.109
                                                                                            Jan 10, 2024 15:15:46.732544899 CET144024973918.197.239.109192.168.2.4
                                                                                            Jan 10, 2024 15:15:46.732949972 CET4973914402192.168.2.418.197.239.109
                                                                                            Jan 10, 2024 15:15:46.912223101 CET144024973918.197.239.109192.168.2.4
                                                                                            Jan 10, 2024 15:15:46.912303925 CET4973914402192.168.2.418.197.239.109
                                                                                            Jan 10, 2024 15:15:47.091267109 CET144024973918.197.239.109192.168.2.4
                                                                                            Jan 10, 2024 15:15:47.091373920 CET4973914402192.168.2.418.197.239.109
                                                                                            Jan 10, 2024 15:15:47.270587921 CET144024973918.197.239.109192.168.2.4
                                                                                            Jan 10, 2024 15:15:47.270786047 CET4973914402192.168.2.418.197.239.109
                                                                                            Jan 10, 2024 15:15:47.450134039 CET144024973918.197.239.109192.168.2.4
                                                                                            Jan 10, 2024 15:15:47.450242996 CET4973914402192.168.2.418.197.239.109
                                                                                            Jan 10, 2024 15:15:47.629544020 CET144024973918.197.239.109192.168.2.4
                                                                                            Jan 10, 2024 15:15:47.629821062 CET4973914402192.168.2.418.197.239.109
                                                                                            Jan 10, 2024 15:15:47.809020996 CET144024973918.197.239.109192.168.2.4
                                                                                            Jan 10, 2024 15:15:47.809154987 CET4973914402192.168.2.418.197.239.109
                                                                                            Jan 10, 2024 15:15:47.988353014 CET144024973918.197.239.109192.168.2.4
                                                                                            Jan 10, 2024 15:15:47.988460064 CET4973914402192.168.2.418.197.239.109
                                                                                            Jan 10, 2024 15:15:48.167700052 CET144024973918.197.239.109192.168.2.4
                                                                                            Jan 10, 2024 15:15:48.167803049 CET4973914402192.168.2.418.197.239.109
                                                                                            Jan 10, 2024 15:15:48.346962929 CET144024973918.197.239.109192.168.2.4
                                                                                            Jan 10, 2024 15:15:48.347070932 CET4973914402192.168.2.418.197.239.109
                                                                                            Jan 10, 2024 15:15:48.526499033 CET144024973918.197.239.109192.168.2.4
                                                                                            Jan 10, 2024 15:15:48.526763916 CET4973914402192.168.2.418.197.239.109
                                                                                            Jan 10, 2024 15:15:48.705827951 CET144024973918.197.239.109192.168.2.4
                                                                                            Jan 10, 2024 15:15:48.705909967 CET4973914402192.168.2.418.197.239.109
                                                                                            Jan 10, 2024 15:15:48.885714054 CET144024973918.197.239.109192.168.2.4
                                                                                            Jan 10, 2024 15:15:48.885917902 CET4973914402192.168.2.418.197.239.109
                                                                                            Jan 10, 2024 15:15:49.065238953 CET144024973918.197.239.109192.168.2.4
                                                                                            Jan 10, 2024 15:15:49.065398932 CET4973914402192.168.2.418.197.239.109
                                                                                            Jan 10, 2024 15:15:49.244707108 CET144024973918.197.239.109192.168.2.4
                                                                                            Jan 10, 2024 15:15:49.244796038 CET4973914402192.168.2.418.197.239.109
                                                                                            Jan 10, 2024 15:15:49.424006939 CET144024973918.197.239.109192.168.2.4
                                                                                            Jan 10, 2024 15:15:49.424154043 CET4973914402192.168.2.418.197.239.109
                                                                                            Jan 10, 2024 15:15:49.603388071 CET144024973918.197.239.109192.168.2.4
                                                                                            Jan 10, 2024 15:15:49.603627920 CET4973914402192.168.2.418.197.239.109
                                                                                            Jan 10, 2024 15:15:49.782644033 CET144024973918.197.239.109192.168.2.4
                                                                                            Jan 10, 2024 15:15:49.782789946 CET4973914402192.168.2.418.197.239.109
                                                                                            Jan 10, 2024 15:15:49.962033033 CET144024973918.197.239.109192.168.2.4
                                                                                            Jan 10, 2024 15:15:49.962196112 CET4973914402192.168.2.418.197.239.109
                                                                                            Jan 10, 2024 15:15:50.144310951 CET144024973918.197.239.109192.168.2.4
                                                                                            Jan 10, 2024 15:15:50.144437075 CET4973914402192.168.2.418.197.239.109
                                                                                            Jan 10, 2024 15:15:50.324806929 CET144024973918.197.239.109192.168.2.4
                                                                                            Jan 10, 2024 15:15:50.324965000 CET4973914402192.168.2.418.197.239.109
                                                                                            Jan 10, 2024 15:15:50.504498005 CET144024973918.197.239.109192.168.2.4
                                                                                            Jan 10, 2024 15:15:50.504648924 CET4973914402192.168.2.418.197.239.109
                                                                                            Jan 10, 2024 15:15:50.683804989 CET144024973918.197.239.109192.168.2.4
                                                                                            Jan 10, 2024 15:15:50.683955908 CET4973914402192.168.2.418.197.239.109
                                                                                            Jan 10, 2024 15:15:50.863377094 CET144024973918.197.239.109192.168.2.4
                                                                                            Jan 10, 2024 15:15:50.863492012 CET4973914402192.168.2.418.197.239.109
                                                                                            Jan 10, 2024 15:15:51.042934895 CET144024973918.197.239.109192.168.2.4
                                                                                            Jan 10, 2024 15:15:51.043041945 CET4973914402192.168.2.418.197.239.109
                                                                                            Jan 10, 2024 15:15:51.222328901 CET144024973918.197.239.109192.168.2.4
                                                                                            Jan 10, 2024 15:15:51.222426891 CET4973914402192.168.2.418.197.239.109
                                                                                            Jan 10, 2024 15:15:51.403614044 CET144024973918.197.239.109192.168.2.4
                                                                                            Jan 10, 2024 15:15:51.403779030 CET4973914402192.168.2.418.197.239.109
                                                                                            Jan 10, 2024 15:15:51.583453894 CET144024973918.197.239.109192.168.2.4
                                                                                            Jan 10, 2024 15:15:51.583570957 CET4973914402192.168.2.418.197.239.109
                                                                                            Jan 10, 2024 15:15:51.762806892 CET144024973918.197.239.109192.168.2.4
                                                                                            Jan 10, 2024 15:15:51.763065100 CET4973914402192.168.2.418.197.239.109
                                                                                            Jan 10, 2024 15:15:51.943490982 CET144024973918.197.239.109192.168.2.4
                                                                                            Jan 10, 2024 15:15:51.943624020 CET4973914402192.168.2.418.197.239.109
                                                                                            Jan 10, 2024 15:15:52.126013994 CET144024973918.197.239.109192.168.2.4
                                                                                            Jan 10, 2024 15:15:52.126148939 CET4973914402192.168.2.418.197.239.109
                                                                                            Jan 10, 2024 15:15:52.305103064 CET144024973918.197.239.109192.168.2.4
                                                                                            Jan 10, 2024 15:15:52.305250883 CET4973914402192.168.2.418.197.239.109
                                                                                            Jan 10, 2024 15:15:52.484508038 CET144024973918.197.239.109192.168.2.4
                                                                                            Jan 10, 2024 15:15:52.484908104 CET4973914402192.168.2.418.197.239.109
                                                                                            Jan 10, 2024 15:15:52.664033890 CET144024973918.197.239.109192.168.2.4
                                                                                            Jan 10, 2024 15:15:52.664211035 CET4973914402192.168.2.418.197.239.109
                                                                                            Jan 10, 2024 15:15:52.843252897 CET144024973918.197.239.109192.168.2.4
                                                                                            Jan 10, 2024 15:15:52.843327999 CET4973914402192.168.2.418.197.239.109
                                                                                            Jan 10, 2024 15:15:53.022557020 CET144024973918.197.239.109192.168.2.4
                                                                                            Jan 10, 2024 15:15:53.022814989 CET4973914402192.168.2.418.197.239.109
                                                                                            Jan 10, 2024 15:15:53.201877117 CET144024973918.197.239.109192.168.2.4
                                                                                            Jan 10, 2024 15:15:53.202136040 CET4973914402192.168.2.418.197.239.109
                                                                                            Jan 10, 2024 15:15:53.381220102 CET144024973918.197.239.109192.168.2.4
                                                                                            Jan 10, 2024 15:15:53.381311893 CET4973914402192.168.2.418.197.239.109
                                                                                            Jan 10, 2024 15:15:53.560415030 CET144024973918.197.239.109192.168.2.4
                                                                                            Jan 10, 2024 15:15:53.560571909 CET4973914402192.168.2.418.197.239.109
                                                                                            Jan 10, 2024 15:15:53.740716934 CET144024973918.197.239.109192.168.2.4
                                                                                            Jan 10, 2024 15:15:53.741010904 CET4973914402192.168.2.418.197.239.109
                                                                                            Jan 10, 2024 15:15:53.920084000 CET144024973918.197.239.109192.168.2.4
                                                                                            Jan 10, 2024 15:15:53.920312881 CET4973914402192.168.2.418.197.239.109
                                                                                            Jan 10, 2024 15:15:54.099658966 CET144024973918.197.239.109192.168.2.4
                                                                                            Jan 10, 2024 15:15:54.099883080 CET4973914402192.168.2.418.197.239.109
                                                                                            Jan 10, 2024 15:15:54.279181004 CET144024973918.197.239.109192.168.2.4
                                                                                            Jan 10, 2024 15:15:54.279319048 CET4973914402192.168.2.418.197.239.109
                                                                                            Jan 10, 2024 15:15:54.462075949 CET144024973918.197.239.109192.168.2.4
                                                                                            Jan 10, 2024 15:15:54.462196112 CET4973914402192.168.2.418.197.239.109
                                                                                            Jan 10, 2024 15:15:54.641554117 CET144024973918.197.239.109192.168.2.4
                                                                                            Jan 10, 2024 15:15:54.641645908 CET4973914402192.168.2.418.197.239.109
                                                                                            Jan 10, 2024 15:15:54.820764065 CET144024973918.197.239.109192.168.2.4
                                                                                            Jan 10, 2024 15:15:54.820879936 CET4973914402192.168.2.418.197.239.109
                                                                                            Jan 10, 2024 15:15:55.000705957 CET144024973918.197.239.109192.168.2.4
                                                                                            Jan 10, 2024 15:15:55.000807047 CET4973914402192.168.2.418.197.239.109
                                                                                            Jan 10, 2024 15:15:55.180061102 CET144024973918.197.239.109192.168.2.4
                                                                                            Jan 10, 2024 15:15:55.180310011 CET4973914402192.168.2.418.197.239.109
                                                                                            Jan 10, 2024 15:15:55.359858990 CET144024973918.197.239.109192.168.2.4
                                                                                            Jan 10, 2024 15:15:55.359934092 CET4973914402192.168.2.418.197.239.109
                                                                                            Jan 10, 2024 15:15:55.538976908 CET144024973918.197.239.109192.168.2.4
                                                                                            Jan 10, 2024 15:15:55.539369106 CET4973914402192.168.2.418.197.239.109
                                                                                            Jan 10, 2024 15:15:55.718615055 CET144024973918.197.239.109192.168.2.4
                                                                                            Jan 10, 2024 15:15:55.718821049 CET4973914402192.168.2.418.197.239.109
                                                                                            Jan 10, 2024 15:15:55.898298979 CET144024973918.197.239.109192.168.2.4
                                                                                            Jan 10, 2024 15:15:55.898422003 CET4973914402192.168.2.418.197.239.109
                                                                                            Jan 10, 2024 15:15:56.078186989 CET144024973918.197.239.109192.168.2.4
                                                                                            Jan 10, 2024 15:15:56.078387022 CET4973914402192.168.2.418.197.239.109
                                                                                            Jan 10, 2024 15:15:56.257478952 CET144024973918.197.239.109192.168.2.4
                                                                                            Jan 10, 2024 15:15:56.257575035 CET4973914402192.168.2.418.197.239.109
                                                                                            Jan 10, 2024 15:15:56.436805010 CET144024973918.197.239.109192.168.2.4
                                                                                            Jan 10, 2024 15:15:56.436923981 CET4973914402192.168.2.418.197.239.109
                                                                                            Jan 10, 2024 15:15:56.616030931 CET144024973918.197.239.109192.168.2.4
                                                                                            Jan 10, 2024 15:15:56.616265059 CET4973914402192.168.2.418.197.239.109
                                                                                            Jan 10, 2024 15:15:56.795315981 CET144024973918.197.239.109192.168.2.4
                                                                                            Jan 10, 2024 15:15:56.795408010 CET4973914402192.168.2.418.197.239.109
                                                                                            Jan 10, 2024 15:15:56.974618912 CET144024973918.197.239.109192.168.2.4
                                                                                            Jan 10, 2024 15:15:56.974740028 CET4973914402192.168.2.418.197.239.109
                                                                                            Jan 10, 2024 15:15:57.154151917 CET144024973918.197.239.109192.168.2.4
                                                                                            Jan 10, 2024 15:15:57.154362917 CET4973914402192.168.2.418.197.239.109
                                                                                            Jan 10, 2024 15:15:57.334141970 CET144024973918.197.239.109192.168.2.4
                                                                                            Jan 10, 2024 15:15:57.334220886 CET4973914402192.168.2.418.197.239.109
                                                                                            Jan 10, 2024 15:15:57.513631105 CET144024973918.197.239.109192.168.2.4
                                                                                            Jan 10, 2024 15:15:57.513847113 CET4973914402192.168.2.418.197.239.109
                                                                                            Jan 10, 2024 15:15:57.693192959 CET144024973918.197.239.109192.168.2.4
                                                                                            Jan 10, 2024 15:15:57.693423033 CET4973914402192.168.2.418.197.239.109
                                                                                            Jan 10, 2024 15:15:57.872581005 CET144024973918.197.239.109192.168.2.4
                                                                                            Jan 10, 2024 15:15:57.872709036 CET4973914402192.168.2.418.197.239.109
                                                                                            Jan 10, 2024 15:15:58.052046061 CET144024973918.197.239.109192.168.2.4
                                                                                            Jan 10, 2024 15:15:58.052314997 CET4973914402192.168.2.418.197.239.109
                                                                                            Jan 10, 2024 15:15:58.231623888 CET144024973918.197.239.109192.168.2.4
                                                                                            Jan 10, 2024 15:15:58.231733084 CET4973914402192.168.2.418.197.239.109
                                                                                            Jan 10, 2024 15:15:58.410917997 CET144024973918.197.239.109192.168.2.4
                                                                                            Jan 10, 2024 15:15:58.411036968 CET4973914402192.168.2.418.197.239.109
                                                                                            Jan 10, 2024 15:15:58.590200901 CET144024973918.197.239.109192.168.2.4
                                                                                            Jan 10, 2024 15:15:58.590370893 CET4973914402192.168.2.418.197.239.109
                                                                                            Jan 10, 2024 15:15:58.770344973 CET144024973918.197.239.109192.168.2.4
                                                                                            Jan 10, 2024 15:15:58.770495892 CET4973914402192.168.2.418.197.239.109
                                                                                            Jan 10, 2024 15:15:58.950084925 CET144024973918.197.239.109192.168.2.4
                                                                                            Jan 10, 2024 15:15:58.950284958 CET4973914402192.168.2.418.197.239.109
                                                                                            Jan 10, 2024 15:15:59.129573107 CET144024973918.197.239.109192.168.2.4
                                                                                            Jan 10, 2024 15:15:59.129695892 CET4973914402192.168.2.418.197.239.109
                                                                                            Jan 10, 2024 15:15:59.309015036 CET144024973918.197.239.109192.168.2.4
                                                                                            Jan 10, 2024 15:15:59.309128046 CET4973914402192.168.2.418.197.239.109
                                                                                            Jan 10, 2024 15:15:59.489010096 CET144024973918.197.239.109192.168.2.4
                                                                                            Jan 10, 2024 15:16:00.002280951 CET4973914402192.168.2.418.197.239.109
                                                                                            Jan 10, 2024 15:16:00.181577921 CET144024973918.197.239.109192.168.2.4
                                                                                            Jan 10, 2024 15:16:00.181930065 CET4973914402192.168.2.418.197.239.109
                                                                                            Jan 10, 2024 15:16:00.361294031 CET144024973918.197.239.109192.168.2.4
                                                                                            Jan 10, 2024 15:16:00.361428022 CET4973914402192.168.2.418.197.239.109
                                                                                            Jan 10, 2024 15:16:00.540458918 CET144024973918.197.239.109192.168.2.4
                                                                                            Jan 10, 2024 15:16:00.540735960 CET4973914402192.168.2.418.197.239.109
                                                                                            Jan 10, 2024 15:16:00.720511913 CET144024973918.197.239.109192.168.2.4
                                                                                            Jan 10, 2024 15:16:00.720743895 CET4973914402192.168.2.418.197.239.109
                                                                                            Jan 10, 2024 15:16:00.899971008 CET144024973918.197.239.109192.168.2.4
                                                                                            Jan 10, 2024 15:16:00.900141954 CET4973914402192.168.2.418.197.239.109
                                                                                            Jan 10, 2024 15:16:01.079210997 CET144024973918.197.239.109192.168.2.4

                                                                                            UDP Packets

                                                                                            TimestampSource PortDest PortSource IPDest IP
                                                                                            Jan 10, 2024 15:12:05.260620117 CET6100353192.168.2.41.1.1.1
                                                                                            Jan 10, 2024 15:12:05.365364075 CET53610031.1.1.1192.168.2.4
                                                                                            Jan 10, 2024 15:13:09.299187899 CET5844753192.168.2.41.1.1.1
                                                                                            Jan 10, 2024 15:13:09.469407082 CET53584471.1.1.1192.168.2.4
                                                                                            Jan 10, 2024 15:14:13.109752893 CET6411753192.168.2.41.1.1.1
                                                                                            Jan 10, 2024 15:14:13.214869022 CET53641171.1.1.1192.168.2.4
                                                                                            Jan 10, 2024 15:15:17.109587908 CET6113653192.168.2.41.1.1.1
                                                                                            Jan 10, 2024 15:15:17.219971895 CET53611361.1.1.1192.168.2.4

                                                                                            DNS Queries

                                                                                            TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                                            Jan 10, 2024 15:12:05.260620117 CET192.168.2.41.1.1.10xfb7fStandard query (0)6.tcp.eu.ngrok.ioA (IP address)IN (0x0001)false
                                                                                            Jan 10, 2024 15:13:09.299187899 CET192.168.2.41.1.1.10x24a5Standard query (0)6.tcp.eu.ngrok.ioA (IP address)IN (0x0001)false
                                                                                            Jan 10, 2024 15:14:13.109752893 CET192.168.2.41.1.1.10x3b9eStandard query (0)6.tcp.eu.ngrok.ioA (IP address)IN (0x0001)false
                                                                                            Jan 10, 2024 15:15:17.109587908 CET192.168.2.41.1.1.10xa9a0Standard query (0)6.tcp.eu.ngrok.ioA (IP address)IN (0x0001)false

                                                                                            DNS Answers

                                                                                            TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                                            Jan 10, 2024 15:12:05.365364075 CET1.1.1.1192.168.2.40xfb7fNo error (0)6.tcp.eu.ngrok.io3.69.157.220A (IP address)IN (0x0001)false
                                                                                            Jan 10, 2024 15:13:09.469407082 CET1.1.1.1192.168.2.40x24a5No error (0)6.tcp.eu.ngrok.io3.68.171.119A (IP address)IN (0x0001)false
                                                                                            Jan 10, 2024 15:14:13.214869022 CET1.1.1.1192.168.2.40x3b9eNo error (0)6.tcp.eu.ngrok.io3.66.38.117A (IP address)IN (0x0001)false
                                                                                            Jan 10, 2024 15:15:17.219971895 CET1.1.1.1192.168.2.40xa9a0No error (0)6.tcp.eu.ngrok.io18.197.239.109A (IP address)IN (0x0001)false

                                                                                            Statistics

                                                                                            CPU Usage

                                                                                            Click to jump to process

                                                                                            Memory Usage

                                                                                            Click to jump to process

                                                                                            High Level Behavior Distribution

                                                                                            Click to dive into process behavior distribution

                                                                                            Behavior

                                                                                            Click to jump to process

                                                                                            System Behavior

                                                                                            General

                                                                                            Target ID:0
                                                                                            Start time:15:11:55
                                                                                            Start date:10/01/2024
                                                                                            Path:C:\Users\user\Desktop\226dVJ2zRZ.exe
                                                                                            Wow64 process (32bit):true
                                                                                            Commandline:C:\Users\user\Desktop\226dVJ2zRZ.exe
                                                                                            Imagebase:0x740000
                                                                                            File size:44'032 bytes
                                                                                            MD5 hash:AF4B01A3849D9CC08F3B92F0246F0877
                                                                                            Has elevated privileges:true
                                                                                            Has administrator privileges:true
                                                                                            Programmed in:.Net C# or VB.NET
                                                                                            Yara matches:
                                                                                            • Rule: JoeSecurity_Njrat, Description: Yara detected Njrat, Source: 00000000.00000000.1655325701.0000000000742000.00000002.00000001.01000000.00000003.sdmp, Author: Joe Security
                                                                                            • Rule: Windows_Trojan_Njrat_30f3c220, Description: unknown, Source: 00000000.00000000.1655325701.0000000000742000.00000002.00000001.01000000.00000003.sdmp, Author: unknown
                                                                                            • Rule: Njrat, Description: detect njRAT in memory, Source: 00000000.00000000.1655325701.0000000000742000.00000002.00000001.01000000.00000003.sdmp, Author: JPCERT/CC Incident Response Group
                                                                                            Reputation:low
                                                                                            Has exited:false

                                                                                            General

                                                                                            Target ID:3
                                                                                            Start time:15:12:16
                                                                                            Start date:10/01/2024
                                                                                            Path:C:\Users\user\Desktop\226dVJ2zRZ.exe
                                                                                            Wow64 process (32bit):true
                                                                                            Commandline:"C:\Users\user\Desktop\226dVJ2zRZ.exe" ..
                                                                                            Imagebase:0xec0000
                                                                                            File size:44'032 bytes
                                                                                            MD5 hash:AF4B01A3849D9CC08F3B92F0246F0877
                                                                                            Has elevated privileges:false
                                                                                            Has administrator privileges:false
                                                                                            Programmed in:.Net C# or VB.NET
                                                                                            Reputation:low
                                                                                            Has exited:true

                                                                                            General

                                                                                            Target ID:6
                                                                                            Start time:15:12:24
                                                                                            Start date:10/01/2024
                                                                                            Path:C:\Users\user\Desktop\226dVJ2zRZ.exe
                                                                                            Wow64 process (32bit):true
                                                                                            Commandline:"C:\Users\user\Desktop\226dVJ2zRZ.exe" ..
                                                                                            Imagebase:0x240000
                                                                                            File size:44'032 bytes
                                                                                            MD5 hash:AF4B01A3849D9CC08F3B92F0246F0877
                                                                                            Has elevated privileges:false
                                                                                            Has administrator privileges:false
                                                                                            Programmed in:.Net C# or VB.NET
                                                                                            Reputation:low
                                                                                            Has exited:true

                                                                                            General

                                                                                            Target ID:7
                                                                                            Start time:15:12:33
                                                                                            Start date:10/01/2024
                                                                                            Path:C:\Users\user\Desktop\226dVJ2zRZ.exe
                                                                                            Wow64 process (32bit):true
                                                                                            Commandline:"C:\Users\user\Desktop\226dVJ2zRZ.exe" ..
                                                                                            Imagebase:0x770000
                                                                                            File size:44'032 bytes
                                                                                            MD5 hash:AF4B01A3849D9CC08F3B92F0246F0877
                                                                                            Has elevated privileges:false
                                                                                            Has administrator privileges:false
                                                                                            Programmed in:.Net C# or VB.NET
                                                                                            Reputation:low
                                                                                            Has exited:true

                                                                                            General

                                                                                            Target ID:8
                                                                                            Start time:15:12:42
                                                                                            Start date:10/01/2024
                                                                                            Path:C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Java update.exe
                                                                                            Wow64 process (32bit):true
                                                                                            Commandline:"C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Java update.exe"
                                                                                            Imagebase:0x610000
                                                                                            File size:44'032 bytes
                                                                                            MD5 hash:AF4B01A3849D9CC08F3B92F0246F0877
                                                                                            Has elevated privileges:false
                                                                                            Has administrator privileges:false
                                                                                            Programmed in:.Net C# or VB.NET
                                                                                            Yara matches:
                                                                                            • Rule: JoeSecurity_Njrat, Description: Yara detected Njrat, Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Java update.exe, Author: Joe Security
                                                                                            • Rule: Windows_Trojan_Njrat_30f3c220, Description: unknown, Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Java update.exe, Author: unknown
                                                                                            • Rule: CN_disclosed_20180208_c, Description: Detects malware from disclosed CN malware set, Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Java update.exe, Author: Florian Roth
                                                                                            • Rule: Njrat, Description: detect njRAT in memory, Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Java update.exe, Author: JPCERT/CC Incident Response Group
                                                                                            Antivirus matches:
                                                                                            • Detection: 100%, Avira
                                                                                            • Detection: 100%, Joe Sandbox ML
                                                                                            • Detection: 86%, ReversingLabs
                                                                                            • Detection: 81%, Virustotal, Browse
                                                                                            Reputation:low
                                                                                            Has exited:true

                                                                                            Disassembly

                                                                                            Reset < >

                                                                                              Execution Graph

                                                                                              Execution Coverage:12.7%
                                                                                              Dynamic/Decrypted Code Coverage:100%
                                                                                              Signature Coverage:100%
                                                                                              Total number of Nodes:3
                                                                                              Total number of Limit Nodes:0
                                                                                              execution_graph 14601 2b2a6c0 14603 2b2a728 CreateProcessW 14601->14603 14604 2b2a8c3 14603->14604

                                                                                              Executed Functions

                                                                                              Function 02B2F5A8 Relevance: 5.4, Strings: 4, Instructions: 450COMMON
                                                                                              Download Yara Rule

                                                                                              Control-flow Graph

                                                                                              • Executed
                                                                                              • Not Executed
                                                                                              control_flow_graph 0 2b2f5a8-2b2f5de 1 2b2f5e6-2b2f5ec 0->1 130 2b2f5e0 call 2b2ef80 0->130 131 2b2f5e0 call 2b2f5a8 0->131 2 2b2f5ee-2b2f5f2 1->2 3 2b2f63c-2b2f640 1->3 4 2b2f601-2b2f608 2->4 5 2b2f5f4-2b2f5f9 2->5 6 2b2f642-2b2f651 3->6 7 2b2f657-2b2f66b 3->7 10 2b2f6de-2b2f6e8 4->10 11 2b2f60e-2b2f615 4->11 5->4 8 2b2f653-2b2f655 6->8 9 2b2f67d 6->9 12 2b2f673-2b2f67a 7->12 8->12 14 2b2f680-2b2f687 9->14 20 2b2f6ea-2b2f6f0 10->20 21 2b2f68e-2b2f68f 10->21 11->3 13 2b2f617-2b2f61b 11->13 16 2b2f62a-2b2f631 13->16 17 2b2f61d-2b2f622 13->17 18 2b2f691-2b2f692 14->18 19 2b2f689 14->19 16->10 22 2b2f637-2b2f63a 16->22 17->16 18->14 23 2b2f694 18->23 19->21 24 2b2f695 20->24 25 2b2f6f2-2b2f71b 20->25 26 2b2f69d-2b2f6d7 21->26 22->12 23->24 24->26 27 2b2f697 24->27 28 2b2f726-2b2f746 25->28 29 2b2f71d-2b2f723 25->29 26->10 27->26 35 2b2f748 28->35 36 2b2f74d-2b2f754 28->36 29->28 37 2b2fadc-2b2fae5 35->37 38 2b2f756-2b2f761 36->38 40 2b2f767-2b2f77a 38->40 41 2b2faed-2b2fb02 38->41 45 2b2f790-2b2f7ab 40->45 46 2b2f77c-2b2f78a 40->46 50 2b2f7cf-2b2f7d2 45->50 51 2b2f7ad-2b2f7b3 45->51 46->45 49 2b2fa64-2b2fa6b 46->49 49->37 54 2b2fa6d-2b2fa6f 49->54 55 2b2f7d8-2b2f7db 50->55 56 2b2f92c-2b2f932 50->56 52 2b2f7b5 51->52 53 2b2f7bc-2b2f7bf 51->53 52->53 52->56 57 2b2f7f2-2b2f7f8 52->57 58 2b2fa1e-2b2fa21 52->58 53->57 59 2b2f7c1-2b2f7c4 53->59 60 2b2fa71-2b2fa76 54->60 61 2b2fa7e-2b2fa84 54->61 55->56 63 2b2f7e1-2b2f7e7 55->63 56->58 62 2b2f938-2b2f93d 56->62 68 2b2f7fa-2b2f7fc 57->68 69 2b2f7fe-2b2f800 57->69 70 2b2fa27-2b2fa2d 58->70 71 2b2fae8 58->71 64 2b2f7ca 59->64 65 2b2f85e-2b2f864 59->65 60->61 61->41 66 2b2fa86-2b2fa8b 61->66 62->58 63->56 67 2b2f7ed 63->67 64->58 65->58 77 2b2f86a-2b2f870 65->77 75 2b2fad0-2b2fad3 66->75 76 2b2fa8d-2b2fa92 66->76 67->58 72 2b2f80a-2b2f813 68->72 69->72 73 2b2fa52-2b2fa56 70->73 74 2b2fa2f-2b2fa37 70->74 71->41 81 2b2f826-2b2f84e 72->81 82 2b2f815-2b2f820 72->82 73->49 83 2b2fa58-2b2fa5e 73->83 74->41 80 2b2fa3d-2b2fa4c 74->80 75->71 84 2b2fad5-2b2fada 75->84 76->71 85 2b2fa94 76->85 78 2b2f872-2b2f874 77->78 79 2b2f876-2b2f878 77->79 86 2b2f882-2b2f899 78->86 79->86 80->45 80->73 105 2b2f942-2b2f978 81->105 106 2b2f854-2b2f859 81->106 82->58 82->81 83->38 83->49 84->37 84->54 87 2b2fa9b-2b2faa0 85->87 98 2b2f8c4-2b2f8eb 86->98 99 2b2f89b-2b2f8b4 86->99 88 2b2fac2-2b2fac4 87->88 89 2b2faa2-2b2faa4 87->89 88->71 96 2b2fac6-2b2fac9 88->96 93 2b2fab3-2b2fab9 89->93 94 2b2faa6-2b2faab 89->94 93->41 97 2b2fabb-2b2fac0 93->97 94->93 96->75 97->88 101 2b2fa96-2b2fa99 97->101 98->71 109 2b2f8f1-2b2f8f4 98->109 99->105 110 2b2f8ba-2b2f8bf 99->110 101->71 101->87 113 2b2f985-2b2f98d 105->113 114 2b2f97a-2b2f97e 105->114 106->105 109->71 112 2b2f8fa-2b2f923 109->112 110->105 112->105 129 2b2f925-2b2f92a 112->129 113->71 117 2b2f993-2b2f998 113->117 115 2b2f980-2b2f983 114->115 116 2b2f99d-2b2f9a1 114->116 115->113 115->116 118 2b2f9a3-2b2f9a9 116->118 119 2b2f9c0-2b2f9c4 116->119 117->58 118->119 121 2b2f9ab-2b2f9b3 118->121 122 2b2f9c6-2b2f9cc 119->122 123 2b2f9ce-2b2f9ea 119->123 121->71 124 2b2f9b9-2b2f9be 121->124 122->123 126 2b2f9f3-2b2f9f7 122->126 123->126 124->58 126->58 127 2b2f9f9-2b2fa15 126->127 127->58 129->105 130->1 131->1
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.4097645303.0000000002B20000.00000040.00000800.00020000.00000000.sdmp, Offset: 02B20000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_2b20000_226dVJ2zRZ.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID: (o^q$(o^q$,bq$,bq
                                                                                              • API String ID: 0-879173519
                                                                                              • Opcode ID: 19b1fd8faa45e93544a9d5969bede89c0611cc05d4fa490342a64c6c36b31fdf
                                                                                              • Instruction ID: 63731c587063ed221ffb25305ff39b999d679c34faa9f93cbcdeae768e19ddd7
                                                                                              • Opcode Fuzzy Hash: 19b1fd8faa45e93544a9d5969bede89c0611cc05d4fa490342a64c6c36b31fdf
                                                                                              • Instruction Fuzzy Hash: D3025031A00229DFCB15CFA8C884ABEBBF6FF49304F1581A9E419AB664D730E945CF50
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Function 02B2EF80 Relevance: 3.0, Strings: 2, Instructions: 508COMMON
                                                                                              Download Yara Rule
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.4097645303.0000000002B20000.00000040.00000800.00020000.00000000.sdmp, Offset: 02B20000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_2b20000_226dVJ2zRZ.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID: (o^q$Hbq
                                                                                              • API String ID: 0-662517225
                                                                                              • Opcode ID: 31dfc3dd1bdf708fd7415d28e9fba393d6f375f8ebb4f6b616aaded31390dc7f
                                                                                              • Instruction ID: a6868e39a91a5274477a3d71c651a29236c3b1f0c69305a6f9cd34252ebc1d6f
                                                                                              • Opcode Fuzzy Hash: 31dfc3dd1bdf708fd7415d28e9fba393d6f375f8ebb4f6b616aaded31390dc7f
                                                                                              • Instruction Fuzzy Hash: AC128E71A002298FDB15DF69C954BAEBBF6FF88304F1485A9E449EB390DF349845CB90
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Function 02B2A6B4 Relevance: 1.7, APIs: 1, Instructions: 222processCOMMON
                                                                                              Download Yara Rule

                                                                                              Control-flow Graph

                                                                                              • Executed
                                                                                              • Not Executed
                                                                                              control_flow_graph 2265 2b2a6b4-2b2a6b5 2266 2b2a6b7-2b2a6bd 2265->2266 2267 2b2a6be-2b2a734 2265->2267 2266->2267 2270 2b2a736-2b2a73c 2267->2270 2271 2b2a73f-2b2a746 2267->2271 2270->2271 2272 2b2a751-2b2a758 2271->2272 2273 2b2a748-2b2a74e 2271->2273 2274 2b2a777-2b2a77b 2272->2274 2275 2b2a75a-2b2a776 2272->2275 2273->2272 2276 2b2a79b-2b2a7ab 2274->2276 2277 2b2a77d-2b2a793 2274->2277 2275->2274 2278 2b2a7ca-2b2a7ce 2276->2278 2279 2b2a7ad-2b2a7c9 2276->2279 2277->2276 2280 2b2a7d0-2b2a7e7 2278->2280 2281 2b2a7ef-2b2a808 2278->2281 2279->2278 2280->2281 2282 2b2a816-2b2a81f 2281->2282 2283 2b2a80a-2b2a813 2281->2283 2284 2b2a821-2b2a838 2282->2284 2285 2b2a83a-2b2a83e 2282->2285 2283->2282 2284->2285 2286 2b2a840-2b2a851 2285->2286 2287 2b2a859-2b2a86d 2285->2287 2286->2287 2288 2b2a872-2b2a8c1 CreateProcessW 2287->2288 2289 2b2a86f 2287->2289 2290 2b2a8c3-2b2a8c9 2288->2290 2291 2b2a8ca-2b2a8fb 2288->2291 2289->2288 2290->2291 2294 2b2a910-2b2a914 2291->2294 2295 2b2a8fd-2b2a901 2291->2295 2297 2b2a916-2b2a91a 2294->2297 2298 2b2a929-2b2a92d 2294->2298 2295->2294 2296 2b2a903-2b2a906 2295->2296 2296->2294 2297->2298 2301 2b2a91c-2b2a91f 2297->2301 2299 2b2a942-2b2a946 2298->2299 2300 2b2a92f-2b2a933 2298->2300 2303 2b2a957 2299->2303 2304 2b2a948-2b2a954 2299->2304 2300->2299 2302 2b2a935-2b2a938 2300->2302 2301->2298 2302->2299 2306 2b2a958 2303->2306 2304->2303 2306->2306
                                                                                              APIs
                                                                                              • CreateProcessW.KERNELBASE(?,?,00000000,00000000,?,?,?,00000000,00000000,?), ref: 02B2A8B1
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.4097645303.0000000002B20000.00000040.00000800.00020000.00000000.sdmp, Offset: 02B20000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_2b20000_226dVJ2zRZ.jbxd
                                                                                              Similarity
                                                                                              • API ID: CreateProcess
                                                                                              • String ID:
                                                                                              • API String ID: 963392458-0
                                                                                              • Opcode ID: 90c78604f4b0a01f96e0da5989276781418ba70a925de15d09540c58098ef5f9
                                                                                              • Instruction ID: cfa017bd3365c5162ebc8f0170cb4b6cb4ff86bd3fddff1bb42998842c75f6b2
                                                                                              • Opcode Fuzzy Hash: 90c78604f4b0a01f96e0da5989276781418ba70a925de15d09540c58098ef5f9
                                                                                              • Instruction Fuzzy Hash: 0E91F671D00319DFDB15CFA9C88479EBBB2EF88304F25816AE518AB250E774A946CF91
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Function 02B2A6C0 Relevance: 1.7, APIs: 1, Instructions: 215processCOMMON
                                                                                              Download Yara Rule

                                                                                              Control-flow Graph

                                                                                              • Executed
                                                                                              • Not Executed
                                                                                              control_flow_graph 2307 2b2a6c0-2b2a734 2309 2b2a736-2b2a73c 2307->2309 2310 2b2a73f-2b2a746 2307->2310 2309->2310 2311 2b2a751-2b2a758 2310->2311 2312 2b2a748-2b2a74e 2310->2312 2313 2b2a777-2b2a77b 2311->2313 2314 2b2a75a-2b2a776 2311->2314 2312->2311 2315 2b2a79b-2b2a7ab 2313->2315 2316 2b2a77d-2b2a793 2313->2316 2314->2313 2317 2b2a7ca-2b2a7ce 2315->2317 2318 2b2a7ad-2b2a7c9 2315->2318 2316->2315 2319 2b2a7d0-2b2a7e7 2317->2319 2320 2b2a7ef-2b2a808 2317->2320 2318->2317 2319->2320 2321 2b2a816-2b2a81f 2320->2321 2322 2b2a80a-2b2a813 2320->2322 2323 2b2a821-2b2a838 2321->2323 2324 2b2a83a-2b2a83e 2321->2324 2322->2321 2323->2324 2325 2b2a840-2b2a851 2324->2325 2326 2b2a859-2b2a86d 2324->2326 2325->2326 2327 2b2a872-2b2a8c1 CreateProcessW 2326->2327 2328 2b2a86f 2326->2328 2329 2b2a8c3-2b2a8c9 2327->2329 2330 2b2a8ca-2b2a8fb 2327->2330 2328->2327 2329->2330 2333 2b2a910-2b2a914 2330->2333 2334 2b2a8fd-2b2a901 2330->2334 2336 2b2a916-2b2a91a 2333->2336 2337 2b2a929-2b2a92d 2333->2337 2334->2333 2335 2b2a903-2b2a906 2334->2335 2335->2333 2336->2337 2340 2b2a91c-2b2a91f 2336->2340 2338 2b2a942-2b2a946 2337->2338 2339 2b2a92f-2b2a933 2337->2339 2342 2b2a957 2338->2342 2343 2b2a948-2b2a954 2338->2343 2339->2338 2341 2b2a935-2b2a938 2339->2341 2340->2337 2341->2338 2345 2b2a958 2342->2345 2343->2342 2345->2345
                                                                                              APIs
                                                                                              • CreateProcessW.KERNELBASE(?,?,00000000,00000000,?,?,?,00000000,00000000,?), ref: 02B2A8B1
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.4097645303.0000000002B20000.00000040.00000800.00020000.00000000.sdmp, Offset: 02B20000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_2b20000_226dVJ2zRZ.jbxd
                                                                                              Similarity
                                                                                              • API ID: CreateProcess
                                                                                              • String ID:
                                                                                              • API String ID: 963392458-0
                                                                                              • Opcode ID: 98ef2130f4973338f91f1fd476a034fec4c67e889e91d51ac998119d81b6761f
                                                                                              • Instruction ID: be2e160e6cfbb31d0238dcf7d7abdc0b3fabe389ffbe247a6bc1903ad25bf438
                                                                                              • Opcode Fuzzy Hash: 98ef2130f4973338f91f1fd476a034fec4c67e889e91d51ac998119d81b6761f
                                                                                              • Instruction Fuzzy Hash: B291E671D00319DFDB24CFA9C88479EBBB2FF88314F25816AE518AB250D774A946CF91
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Function 0106D390 Relevance: .1, Instructions: 76COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.4097191559.000000000106D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0106D000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_106d000_226dVJ2zRZ.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: b80f7d965bb989780e91b5f4926b4a8c973a831d50be93672337dcbb1cfc380e
                                                                                              • Instruction ID: 43e6a02c1a569451100038d0ccd66fe691e0d608a4755a106cab1965eedffba4
                                                                                              • Opcode Fuzzy Hash: b80f7d965bb989780e91b5f4926b4a8c973a831d50be93672337dcbb1cfc380e
                                                                                              • Instruction Fuzzy Hash: B4213A71600200DFCB05DF58D9C4B2BBFA9FB84310F24C5A9ED854B256C736E856CBA1
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Function 0106D56C Relevance: .1, Instructions: 75COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.4097191559.000000000106D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0106D000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_106d000_226dVJ2zRZ.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 91a4a96309a234777859451da62303f7e8c8382f8e8b5ad3caf6c9915f11561a
                                                                                              • Instruction ID: af62e460f73ef795af31256652a5a1ed55c4afe3051309eeea6ffd2667b11443
                                                                                              • Opcode Fuzzy Hash: 91a4a96309a234777859451da62303f7e8c8382f8e8b5ad3caf6c9915f11561a
                                                                                              • Instruction Fuzzy Hash: 3B212571600200DFDB05DF58D9C0B2ABFA9FB88314F24C5A9E9894F256C336D856CBA1
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Function 0107D1D4 Relevance: .1, Instructions: 72COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.4097241819.000000000107D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0107D000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_107d000_226dVJ2zRZ.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: b222b3c07f1dd72882b0c00c0371a3d0dbc3c742762225e7ea4d4433f1014233
                                                                                              • Instruction ID: a2b75333de2392c91369fa2bd43fdbde8a26bd0206b4846b7c6ac961db99fb6d
                                                                                              • Opcode Fuzzy Hash: b222b3c07f1dd72882b0c00c0371a3d0dbc3c742762225e7ea4d4433f1014233
                                                                                              • Instruction Fuzzy Hash: DB210471A04200EFDB05DF98D9C0B2ABBA5FF94324F24C6ADE9894B256C336D447CB65
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Function 0107D0EC Relevance: .1, Instructions: 72COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.4097241819.000000000107D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0107D000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_107d000_226dVJ2zRZ.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: a1ead5c7c40cd3d8ca2fd580fa053cd97f1450c1e78303face066a11d3f12c7b
                                                                                              • Instruction ID: 7b7ba306bbaadc1bb63aa92c04df1d1220978dc7ca59260ac3ab0f57de4bc21c
                                                                                              • Opcode Fuzzy Hash: a1ead5c7c40cd3d8ca2fd580fa053cd97f1450c1e78303face066a11d3f12c7b
                                                                                              • Instruction Fuzzy Hash: A12134B1A40200EFDB01DF58E9C0B2ABBA5FF84314F20C5ADD8894B256C336D446CBA1
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Function 0106D38B Relevance: .1, Instructions: 57COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.4097191559.000000000106D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0106D000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_106d000_226dVJ2zRZ.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: d4a9c2a4520ad29cc5014b186a1537c42efb92585eeaa8902cc1b22a323ac8e1
                                                                                              • Instruction ID: af4169b73caf364c86c0fee7acbc787048094f84a23a9e5d49d074359f1c5775
                                                                                              • Opcode Fuzzy Hash: d4a9c2a4520ad29cc5014b186a1537c42efb92585eeaa8902cc1b22a323ac8e1
                                                                                              • Instruction Fuzzy Hash: 8B21A276504240DFDB06CF54D9C4B56BFB1FB84314F24C1A9DD850B656C336E85ACB92
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Function 0106D567 Relevance: .1, Instructions: 56COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.4097191559.000000000106D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0106D000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_106d000_226dVJ2zRZ.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 201b50b495cf87aa99c5283e85c62261d36f592a674eeeb3b47fc5aac64b1fd2
                                                                                              • Instruction ID: 00bd110c8097b61a9b31eab816473f6e150840a7c7c791694aa1e4532a2c2180
                                                                                              • Opcode Fuzzy Hash: 201b50b495cf87aa99c5283e85c62261d36f592a674eeeb3b47fc5aac64b1fd2
                                                                                              • Instruction Fuzzy Hash: DA110372504240CFCB02CF44D9C4B16BFB2FB88314F24C5A9E8890B257C336D85ACBA1
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Function 0107D1CF Relevance: .1, Instructions: 53COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.4097241819.000000000107D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0107D000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_107d000_226dVJ2zRZ.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 48042a67946fd5b471a152cae87ddc5a96e5ad52caa5f07da488830fbc7c129d
                                                                                              • Instruction ID: b54ee5643c3b73e5d2d1e3cbbcbdc7ea6343b1f48a8c9d57739f9b1f393b50c9
                                                                                              • Opcode Fuzzy Hash: 48042a67946fd5b471a152cae87ddc5a96e5ad52caa5f07da488830fbc7c129d
                                                                                              • Instruction Fuzzy Hash: AF11BB75904280DFDB02CF54C5C4B15BFA1FF84224F28C6AADC894B296C33AD40BCB61
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Function 0107D0E7 Relevance: .1, Instructions: 53COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.4097241819.000000000107D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0107D000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_107d000_226dVJ2zRZ.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 48042a67946fd5b471a152cae87ddc5a96e5ad52caa5f07da488830fbc7c129d
                                                                                              • Instruction ID: 804b0682bff6e376d0c0067d7963f6bb5e5b1cc41a3dac0642acb4e9d45f6057
                                                                                              • Opcode Fuzzy Hash: 48042a67946fd5b471a152cae87ddc5a96e5ad52caa5f07da488830fbc7c129d
                                                                                              • Instruction Fuzzy Hash: FE11DD75904280EFDB02CF54E9C4B15BFB2FF84314F28C6AAD8494B256C33AD40ACBA1
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Executed Functions

                                                                                              Function 016248B8 Relevance: 1.7, Strings: 1, Instructions: 469COMMON
                                                                                              Download Yara Rule
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000003.00000002.1912649383.0000000001620000.00000040.00000800.00020000.00000000.sdmp, Offset: 01620000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_3_2_1620000_226dVJ2zRZ.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID: dbq
                                                                                              • API String ID: 0-1887291361
                                                                                              • Opcode ID: 36b617c2be70f8496119c1224fc55b1370ee755f6328a239b1fa3dbc44557b73
                                                                                              • Instruction ID: aa43c892186bd76b80874f353164afdde3f761295762901efc5c64506b1d7b56
                                                                                              • Opcode Fuzzy Hash: 36b617c2be70f8496119c1224fc55b1370ee755f6328a239b1fa3dbc44557b73
                                                                                              • Instruction Fuzzy Hash: 7F225D74A02215CFDB24DF24EC98B9D7BB2FB48700F1081A9E919AB394DB399D85CF51
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Function 016240E8 Relevance: 1.4, Strings: 1, Instructions: 123COMMON
                                                                                              Download Yara Rule
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000003.00000002.1912649383.0000000001620000.00000040.00000800.00020000.00000000.sdmp, Offset: 01620000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_3_2_1620000_226dVJ2zRZ.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID: Te^q
                                                                                              • API String ID: 0-671973202
                                                                                              • Opcode ID: a3f66c2758af51e049d14fd7c0bfad679c8666e9244deb35cb437f43b5f56838
                                                                                              • Instruction ID: 57b64c48dbe5e8fa18af23898ab7d8f71b9b45c9e1fae0be34c06e64c09d804c
                                                                                              • Opcode Fuzzy Hash: a3f66c2758af51e049d14fd7c0bfad679c8666e9244deb35cb437f43b5f56838
                                                                                              • Instruction Fuzzy Hash: 8A51CB70702246CFCB05DF6CF99898DBBB1FB48744B009669D4049B329EB79AD49CF91
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Function 016240F8 Relevance: 1.4, Strings: 1, Instructions: 120COMMON
                                                                                              Download Yara Rule
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000003.00000002.1912649383.0000000001620000.00000040.00000800.00020000.00000000.sdmp, Offset: 01620000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_3_2_1620000_226dVJ2zRZ.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID: Te^q
                                                                                              • API String ID: 0-671973202
                                                                                              • Opcode ID: e7b1454048fee903c70a15604ab04352b7d3608c9a5cc79bf20e36dad572643c
                                                                                              • Instruction ID: fbba57aa06dc7567573163cd5be5a9863ac0e6d1262fe42b2cabaea43dd44c62
                                                                                              • Opcode Fuzzy Hash: e7b1454048fee903c70a15604ab04352b7d3608c9a5cc79bf20e36dad572643c
                                                                                              • Instruction Fuzzy Hash: 5D51BB70702246CFCB05DF6CF99898DBBA1FB44744700966DD4048B729EB79AD89CF91
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Function 01620DCF Relevance: 1.3, Strings: 1, Instructions: 81COMMON
                                                                                              Download Yara Rule
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000003.00000002.1912649383.0000000001620000.00000040.00000800.00020000.00000000.sdmp, Offset: 01620000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_3_2_1620000_226dVJ2zRZ.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID: 4'^q
                                                                                              • API String ID: 0-1614139903
                                                                                              • Opcode ID: a93bbca2c2efdeb801c2dc5584fc38a44316d975656894c58d6e77b332d7b0f1
                                                                                              • Instruction ID: 1457d2b781dbab4bc01ddb13b27da7cfe15f43e495bafe94d957b436330be7f9
                                                                                              • Opcode Fuzzy Hash: a93bbca2c2efdeb801c2dc5584fc38a44316d975656894c58d6e77b332d7b0f1
                                                                                              • Instruction Fuzzy Hash: C3318B316013169FC715EF7CE8146AEBBE2FB81704B10896DD4159F3A4DB76EC498B82
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Function 01629291 Relevance: .5, Instructions: 525COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000003.00000002.1912649383.0000000001620000.00000040.00000800.00020000.00000000.sdmp, Offset: 01620000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_3_2_1620000_226dVJ2zRZ.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 4f718d161bd51ff07e3bd384b95c71f6a6240cbdb5c7e021cfbf5e3b32309b9c
                                                                                              • Instruction ID: 7273bdca41386975ef8a6ab318f5403a1652885fc53772c0174e0d8734f6dbe7
                                                                                              • Opcode Fuzzy Hash: 4f718d161bd51ff07e3bd384b95c71f6a6240cbdb5c7e021cfbf5e3b32309b9c
                                                                                              • Instruction Fuzzy Hash: CC0184312051548FD715FBBCAD1429D3AE6AFCA201F0584A9E455DB3A9EF24CA008792
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Function 0162925D Relevance: .5, Instructions: 475COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000003.00000002.1912649383.0000000001620000.00000040.00000800.00020000.00000000.sdmp, Offset: 01620000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_3_2_1620000_226dVJ2zRZ.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 5a5a5f43a50dbe55dbe07dc290751fd1696ddbf2c36f04639ea1472e0535c54f
                                                                                              • Instruction ID: 3bf7fdf3a9251c8b0ee5983a6692407de04f62586918e4e16ecce952b6791460
                                                                                              • Opcode Fuzzy Hash: 5a5a5f43a50dbe55dbe07dc290751fd1696ddbf2c36f04639ea1472e0535c54f
                                                                                              • Instruction Fuzzy Hash: 5AE0A0306097488BCF26FFF4992855D3AA59F8A305B0588DAD4818B296EE20CE0087A2
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Function 01623DE8 Relevance: .1, Instructions: 111COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000003.00000002.1912649383.0000000001620000.00000040.00000800.00020000.00000000.sdmp, Offset: 01620000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_3_2_1620000_226dVJ2zRZ.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 5fa2cdfd4abdd8bb0eafa4d6a7cbcc2edb473e14bff5dae2d65ee9e5339eb5ff
                                                                                              • Instruction ID: 0fdc2fd5a547e2f9f92cf2ae33473b8f4aa17ba0b5be03c0963f51a854f65fa1
                                                                                              • Opcode Fuzzy Hash: 5fa2cdfd4abdd8bb0eafa4d6a7cbcc2edb473e14bff5dae2d65ee9e5339eb5ff
                                                                                              • Instruction Fuzzy Hash: 8E418230B01215DFDB15EF7CE81876E7BAAEB88700F01846DD405A7394DF799C458BA6
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Function 01623DF8 Relevance: .1, Instructions: 108COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000003.00000002.1912649383.0000000001620000.00000040.00000800.00020000.00000000.sdmp, Offset: 01620000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_3_2_1620000_226dVJ2zRZ.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: d2e0cfef810b9c1926f397250e6f46d0aa559ca8e08734d8833a5c4c1c8b935b
                                                                                              • Instruction ID: 75e173e33a08bd41fbfce2f13ad727b22d2ee67a56c3f51e39d9f0de2619f86a
                                                                                              • Opcode Fuzzy Hash: d2e0cfef810b9c1926f397250e6f46d0aa559ca8e08734d8833a5c4c1c8b935b
                                                                                              • Instruction Fuzzy Hash: A8319230B01215DFDB15EF7CE81876E7BAAEB88700F00846DD40997394DB399C498B95
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Function 01620890 Relevance: .1, Instructions: 90COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000003.00000002.1912649383.0000000001620000.00000040.00000800.00020000.00000000.sdmp, Offset: 01620000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_3_2_1620000_226dVJ2zRZ.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 747ca930594e3ab5098e2b3de1c6c5511784443745f160d5ec3cfd5dc98150d6
                                                                                              • Instruction ID: 84eeae3d1d0c9c8649feeaf508e2b4da6c8ca8991305deebaf64a942a9eab969
                                                                                              • Opcode Fuzzy Hash: 747ca930594e3ab5098e2b3de1c6c5511784443745f160d5ec3cfd5dc98150d6
                                                                                              • Instruction Fuzzy Hash: 58317AB19003189FDB14DFA9D8457AEBFF5EF88320F20886AE515A7260D735A940CF94
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Function 01620994 Relevance: .1, Instructions: 78COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000003.00000002.1912649383.0000000001620000.00000040.00000800.00020000.00000000.sdmp, Offset: 01620000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_3_2_1620000_226dVJ2zRZ.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 988c8673d8fa2c1a1254b4676b36059c7cd567686b2911f83c2b2ffb81fae5a9
                                                                                              • Instruction ID: 3606c1d35b7e5c7e5a6c8a1eb6fd856c3c72888d975c49e0e9908ced9b891acc
                                                                                              • Opcode Fuzzy Hash: 988c8673d8fa2c1a1254b4676b36059c7cd567686b2911f83c2b2ffb81fae5a9
                                                                                              • Instruction Fuzzy Hash: DE311FB0D01258DFDB14CFA8D584BDEBFF0AF48310F20816AE809AB265C775A945CF90
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Function 016209A0 Relevance: .1, Instructions: 74COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000003.00000002.1912649383.0000000001620000.00000040.00000800.00020000.00000000.sdmp, Offset: 01620000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_3_2_1620000_226dVJ2zRZ.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: e4cca9e9d4f1dbccb35eea6fc70c2fd2448727d9af4b007e50453c4823c85e07
                                                                                              • Instruction ID: b2bcb36220fabe38a060cb284445d90ca2dbcad1164a090f00bb581f1e6d527a
                                                                                              • Opcode Fuzzy Hash: e4cca9e9d4f1dbccb35eea6fc70c2fd2448727d9af4b007e50453c4823c85e07
                                                                                              • Instruction Fuzzy Hash: 1631EDB0D01258DFDB14CFA9D584BCEBFF5AF48310F20812AE808AB265CB75A945CF95
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Function 01623CE1 Relevance: .1, Instructions: 55COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000003.00000002.1912649383.0000000001620000.00000040.00000800.00020000.00000000.sdmp, Offset: 01620000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_3_2_1620000_226dVJ2zRZ.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: f59403d8f7bff8cf81a36b4cea41cb21bff64820d5c7615da17bd0c5cc73f245
                                                                                              • Instruction ID: f2ac292df4daf32433bc9336bd7a0bceae21436caaee0192c7c8cca3db7ae61a
                                                                                              • Opcode Fuzzy Hash: f59403d8f7bff8cf81a36b4cea41cb21bff64820d5c7615da17bd0c5cc73f245
                                                                                              • Instruction Fuzzy Hash: 09211D30A0120E9FCB50EFA9F8545AEBBB1FB84705F00892CD515BB3A4DB35A948CB91
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Function 01623CF0 Relevance: .1, Instructions: 52COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000003.00000002.1912649383.0000000001620000.00000040.00000800.00020000.00000000.sdmp, Offset: 01620000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_3_2_1620000_226dVJ2zRZ.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: eb08cf63a9966b6b5bd4b57143c5a6bd10fb29fc09c9851387b8c79c686d4800
                                                                                              • Instruction ID: 511161f1d42b58d6d42d2a8de1d64ccdfec290a75c73f1c275d42c8a3d4b866c
                                                                                              • Opcode Fuzzy Hash: eb08cf63a9966b6b5bd4b57143c5a6bd10fb29fc09c9851387b8c79c686d4800
                                                                                              • Instruction Fuzzy Hash: B8110A30A0120E9FCB50EFA9F8545AEBBB5FB84704F00452CD515AB3A4DB35AE488BA1
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Function 01620DE0 Relevance: .0, Instructions: 49COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000003.00000002.1912649383.0000000001620000.00000040.00000800.00020000.00000000.sdmp, Offset: 01620000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_3_2_1620000_226dVJ2zRZ.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: a2e99f04cf21f7ef39cdfadd7ba876ca1836d57d455b816d3568562d72a6bcb7
                                                                                              • Instruction ID: b969dfc25ec1887eb653014ced22cdc46066e7f1165a01db9bcefa710820d4c2
                                                                                              • Opcode Fuzzy Hash: a2e99f04cf21f7ef39cdfadd7ba876ca1836d57d455b816d3568562d72a6bcb7
                                                                                              • Instruction Fuzzy Hash: 2D11AC312017109FC324EF2DE4146AABBE6FB80614710892DC4299F7A4DFB6EC898FD5
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Function 016208F8 Relevance: .0, Instructions: 46COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000003.00000002.1912649383.0000000001620000.00000040.00000800.00020000.00000000.sdmp, Offset: 01620000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_3_2_1620000_226dVJ2zRZ.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 5d30ddee09a6e7f114531c1cc15e56a03cf523d3468788d5dab97e6b167db45e
                                                                                              • Instruction ID: 492df86d1fe53332953989242627ad45b4ed053fa695ed5075032e46b6a51f23
                                                                                              • Opcode Fuzzy Hash: 5d30ddee09a6e7f114531c1cc15e56a03cf523d3468788d5dab97e6b167db45e
                                                                                              • Instruction Fuzzy Hash: 3F1110B5D007598FDB20CFA9C444BDEBBF4EB48320F20845AD459A7220C379A980CFA1
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Function 01620900 Relevance: .0, Instructions: 44COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000003.00000002.1912649383.0000000001620000.00000040.00000800.00020000.00000000.sdmp, Offset: 01620000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_3_2_1620000_226dVJ2zRZ.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: bdc3a046a0c14713b1c749126ff96368185f6f5acfe12bcc781caf4cb629d074
                                                                                              • Instruction ID: eab9f192454ea0e2cfc8e0d50412b9c2af283f48943448e63ce28cbb751f4464
                                                                                              • Opcode Fuzzy Hash: bdc3a046a0c14713b1c749126ff96368185f6f5acfe12bcc781caf4cb629d074
                                                                                              • Instruction Fuzzy Hash: 561130B59006588FDB20DFAAC884BDEBFF4EB48320F208419D459A7320C339A940CFA1
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Function 01620880 Relevance: .0, Instructions: 42COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000003.00000002.1912649383.0000000001620000.00000040.00000800.00020000.00000000.sdmp, Offset: 01620000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_3_2_1620000_226dVJ2zRZ.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 5a7fc4422705eb8ac8203ad89fe4354f7ed79bbe7466aed5e6636b0d84441d47
                                                                                              • Instruction ID: d99692aaf8310ae9318e7fba8b5734fb85037f33fca51724985ff615098678ba
                                                                                              • Opcode Fuzzy Hash: 5a7fc4422705eb8ac8203ad89fe4354f7ed79bbe7466aed5e6636b0d84441d47
                                                                                              • Instruction Fuzzy Hash: 0A01F471A40325AFCB089BB09C052AF3F73EF91260F1548BEF604DB2A0DA3644029B40
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Function 01629009 Relevance: .0, Instructions: 41COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000003.00000002.1912649383.0000000001620000.00000040.00000800.00020000.00000000.sdmp, Offset: 01620000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_3_2_1620000_226dVJ2zRZ.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 9ca2f4929e79ee54c5fecacc29cc502c25ad667c473b28c729cd7a85bd64b320
                                                                                              • Instruction ID: 55af7123ce38f63353bf3aeebf5ef97d3ced0484dbd035de8d04c56e5dab1d20
                                                                                              • Opcode Fuzzy Hash: 9ca2f4929e79ee54c5fecacc29cc502c25ad667c473b28c729cd7a85bd64b320
                                                                                              • Instruction Fuzzy Hash: 36014B30704625CFCB01EF2CDA44B1ABBE1BF89715F01496DE0898B364DB35AD50CB96
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Function 01620EA0 Relevance: .0, Instructions: 29COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000003.00000002.1912649383.0000000001620000.00000040.00000800.00020000.00000000.sdmp, Offset: 01620000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_3_2_1620000_226dVJ2zRZ.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 4ade8d321fe0868cc86970c4c4135f1af60e277f69531125cc670e9c2dc4c361
                                                                                              • Instruction ID: 0e9dfc9de614d9d2d578a117968963bfa2f9073421bf0a8f18708f28e9dcde5a
                                                                                              • Opcode Fuzzy Hash: 4ade8d321fe0868cc86970c4c4135f1af60e277f69531125cc670e9c2dc4c361
                                                                                              • Instruction Fuzzy Hash: B6F055313052208FC3159B7CAC240A93FA2FA856443000ABEE059CF264DB79CC4BCB81
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Function 01620839 Relevance: .0, Instructions: 18COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000003.00000002.1912649383.0000000001620000.00000040.00000800.00020000.00000000.sdmp, Offset: 01620000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_3_2_1620000_226dVJ2zRZ.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 1073d343dd9ad62ea2b9c4c31474194d76265d828485a76b68bd33676613ffe3
                                                                                              • Instruction ID: 9f668a5556c7f0975f0378ce22114e62626918a1c092263c366fd451429fbf77
                                                                                              • Opcode Fuzzy Hash: 1073d343dd9ad62ea2b9c4c31474194d76265d828485a76b68bd33676613ffe3
                                                                                              • Instruction Fuzzy Hash: 5DE01A3014A3849FCB32CF2CF8587997FA0EB52214F0641DBD4449F66BD776594C8B56
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Function 01629699 Relevance: .0, Instructions: 17COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000003.00000002.1912649383.0000000001620000.00000040.00000800.00020000.00000000.sdmp, Offset: 01620000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_3_2_1620000_226dVJ2zRZ.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 6fbcb7fc3635864c4446f351190f461274e2174c1087e7e3ac149ecb41290214
                                                                                              • Instruction ID: d31a41de9ca3b463cedad2a37a52c6753663cd2796b095ee02335aec188a82ab
                                                                                              • Opcode Fuzzy Hash: 6fbcb7fc3635864c4446f351190f461274e2174c1087e7e3ac149ecb41290214
                                                                                              • Instruction Fuzzy Hash: 48D05E31212210CBCB143BB4661C1993EA6EFCD617B05087AE555D2794FF7A8C018BC0
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Function 01629668 Relevance: .0, Instructions: 16COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000003.00000002.1912649383.0000000001620000.00000040.00000800.00020000.00000000.sdmp, Offset: 01620000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_3_2_1620000_226dVJ2zRZ.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: b3c517f293b17225b98282638bcdcddef4dc22c27c572538a1caf31cea7aa1f3
                                                                                              • Instruction ID: 17ce21c00bae24ef54e3afb4868bd29fc6c82684d737decc975c045bb257fad0
                                                                                              • Opcode Fuzzy Hash: b3c517f293b17225b98282638bcdcddef4dc22c27c572538a1caf31cea7aa1f3
                                                                                              • Instruction Fuzzy Hash: CED0A730A0120C5BCF18FFB885101AE7AED9F892017008D99944AC7244EF35CF000792
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Function 01620848 Relevance: .0, Instructions: 12COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000003.00000002.1912649383.0000000001620000.00000040.00000800.00020000.00000000.sdmp, Offset: 01620000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_3_2_1620000_226dVJ2zRZ.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 9b74c00ec0dbde36a1200019597eb0e3d63865eae1ace33dd28e440617cc5b5c
                                                                                              • Instruction ID: 9841ca2b3e54eb3ce2ea429ad117f700e9e8e1f09df261a559778a70908e71c2
                                                                                              • Opcode Fuzzy Hash: 9b74c00ec0dbde36a1200019597eb0e3d63865eae1ace33dd28e440617cc5b5c
                                                                                              • Instruction Fuzzy Hash: 28D0C7302462458FCB31DB1CF5597097F55E750704F014154D4141F729D7B9595C97D6
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Executed Functions

                                                                                              Function 00998020 Relevance: 1.8, Strings: 1, Instructions: 511COMMON
                                                                                              Download Yara Rule
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000006.00000002.2005195812.0000000000990000.00000040.00000800.00020000.00000000.sdmp, Offset: 00990000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_6_2_990000_226dVJ2zRZ.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID: dbq
                                                                                              • API String ID: 0-1887291361
                                                                                              • Opcode ID: 2a874bddcb690caa787dede0f1e4c1fabf25bd27d73fccd144f11467548e4a41
                                                                                              • Instruction ID: ed7bb9e79fb003f7667fd9057c9425953ec896727bae7dfca540131abd361903
                                                                                              • Opcode Fuzzy Hash: 2a874bddcb690caa787dede0f1e4c1fabf25bd27d73fccd144f11467548e4a41
                                                                                              • Instruction Fuzzy Hash: 07221974A00314CFDB25EF64DCA4BA9B7B2FB49301F1045A9E50AA73A4DB35AD86DF40
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Function 009982A4 Relevance: 1.6, Strings: 1, Instructions: 305COMMON
                                                                                              Download Yara Rule
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000006.00000002.2005195812.0000000000990000.00000040.00000800.00020000.00000000.sdmp, Offset: 00990000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_6_2_990000_226dVJ2zRZ.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID: dbq
                                                                                              • API String ID: 0-1887291361
                                                                                              • Opcode ID: e7d0d0d6e48341eba0916c564dcd2060aa6b2d8088c028645189a84509e2ea99
                                                                                              • Instruction ID: bdd8fb3d51426999021d514904103f7ba19044f452c45d38ef2951d91af561c0
                                                                                              • Opcode Fuzzy Hash: e7d0d0d6e48341eba0916c564dcd2060aa6b2d8088c028645189a84509e2ea99
                                                                                              • Instruction Fuzzy Hash: F8E1F678A00218CFDB25EF74D894BADB7B2FB89301F1044A9E40A97364DB35AD86DF40
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Function 009976A9 Relevance: 1.4, Strings: 1, Instructions: 127COMMON
                                                                                              Download Yara Rule
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000006.00000002.2005195812.0000000000990000.00000040.00000800.00020000.00000000.sdmp, Offset: 00990000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_6_2_990000_226dVJ2zRZ.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID: Te^q
                                                                                              • API String ID: 0-671973202
                                                                                              • Opcode ID: 23dd9bbb0315b1f95b1b9c26592f967e8d0550295f280515d37d6e1fc9b40d2d
                                                                                              • Instruction ID: 565bad1746d166f6b7a38933cee6eea11bd97bcb638c949b3a0bea909c563dfb
                                                                                              • Opcode Fuzzy Hash: 23dd9bbb0315b1f95b1b9c26592f967e8d0550295f280515d37d6e1fc9b40d2d
                                                                                              • Instruction Fuzzy Hash: B951CC74601346CFCB06EF68E9A4E897BB1FB843447009665D0058727EEB74BA5EEF80
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Function 009976B8 Relevance: 1.4, Strings: 1, Instructions: 120COMMON
                                                                                              Download Yara Rule
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000006.00000002.2005195812.0000000000990000.00000040.00000800.00020000.00000000.sdmp, Offset: 00990000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_6_2_990000_226dVJ2zRZ.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID: Te^q
                                                                                              • API String ID: 0-671973202
                                                                                              • Opcode ID: b0218870d123554c72d70a711d72b1d6bad98464d47e5f0fcf334d3c299aa2e6
                                                                                              • Instruction ID: 270341c195d09b61774ccff78759063efdbcc1de16131b250c8904021c8f5168
                                                                                              • Opcode Fuzzy Hash: b0218870d123554c72d70a711d72b1d6bad98464d47e5f0fcf334d3c299aa2e6
                                                                                              • Instruction Fuzzy Hash: 5251BB74601346CFCB06FF68E9A4E997BB1FB84344700966490058727EEB74BA5EEF80
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Function 00990DCF Relevance: 1.3, Strings: 1, Instructions: 83COMMON
                                                                                              Download Yara Rule
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000006.00000002.2005195812.0000000000990000.00000040.00000800.00020000.00000000.sdmp, Offset: 00990000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_6_2_990000_226dVJ2zRZ.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID: 4'^q
                                                                                              • API String ID: 0-1614139903
                                                                                              • Opcode ID: 8885bfa9d3317713de21115c3ff61ded65a213aa284723916e97e19038d0aceb
                                                                                              • Instruction ID: 62c90a600983c57049f1c77be9a3655631ca84c6e74b9c9c5280cc3c51d8a77e
                                                                                              • Opcode Fuzzy Hash: 8885bfa9d3317713de21115c3ff61ded65a213aa284723916e97e19038d0aceb
                                                                                              • Instruction Fuzzy Hash: 13318D306053459FC716EB78D820AAE7BE2EB81344B0049ADD0599B3B9CF71ED4A8BC1
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Function 009992B1 Relevance: .5, Instructions: 507COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000006.00000002.2005195812.0000000000990000.00000040.00000800.00020000.00000000.sdmp, Offset: 00990000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_6_2_990000_226dVJ2zRZ.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: e80a915e5cdc050db8333b4829c43d4f4c182b998458a52c6446c705d2235fe8
                                                                                              • Instruction ID: dad8e146e3245f5faf7a1c2740846d7ca8492c64bf48e26ae8571feec2d82dd6
                                                                                              • Opcode Fuzzy Hash: e80a915e5cdc050db8333b4829c43d4f4c182b998458a52c6446c705d2235fe8
                                                                                              • Instruction Fuzzy Hash: 1AE0D87150A3885FCB26DBB4D8110B97FF0DF1720470449DAE4C7DB267ED28AA068383
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Function 0099927D Relevance: .5, Instructions: 478COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000006.00000002.2005195812.0000000000990000.00000040.00000800.00020000.00000000.sdmp, Offset: 00990000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_6_2_990000_226dVJ2zRZ.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 6b4ab35d399b9f0b984a84115e2b263ecd380ac5034fbb4b699530e72ed14a3f
                                                                                              • Instruction ID: 3652afc861f0da890b59f9c10c3253e096f0bca69401d0f016164078a5e454e9
                                                                                              • Opcode Fuzzy Hash: 6b4ab35d399b9f0b984a84115e2b263ecd380ac5034fbb4b699530e72ed14a3f
                                                                                              • Instruction Fuzzy Hash: 6AF0E56560B3881FCF179BF898640AD3FA0DE67215701899BD4C7CB157ED249A074393
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Function 00993DF0 Relevance: .1, Instructions: 114COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000006.00000002.2005195812.0000000000990000.00000040.00000800.00020000.00000000.sdmp, Offset: 00990000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_6_2_990000_226dVJ2zRZ.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 8a7918149724539a1a180e71d51230bc1a091b37c837851931b01dae686bd385
                                                                                              • Instruction ID: e137a549dccc399dad165bbdee4f71e04c71981094d86a6b9446e7c184b389c8
                                                                                              • Opcode Fuzzy Hash: 8a7918149724539a1a180e71d51230bc1a091b37c837851931b01dae686bd385
                                                                                              • Instruction Fuzzy Hash: 5341C330B103049FDB05AF78D825B6E7BAAAB84700F008469E109D73B9DB35AD4ADB91
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Function 00993E00 Relevance: .1, Instructions: 108COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000006.00000002.2005195812.0000000000990000.00000040.00000800.00020000.00000000.sdmp, Offset: 00990000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_6_2_990000_226dVJ2zRZ.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 80d0bf53298552979bdbd51a6f9200d844ca22db7ec8217197cf81685b84045e
                                                                                              • Instruction ID: 567e06ff9d0423903a6a215f75d410c50ee7778e6dd174cce30a0703e06d10e1
                                                                                              • Opcode Fuzzy Hash: 80d0bf53298552979bdbd51a6f9200d844ca22db7ec8217197cf81685b84045e
                                                                                              • Instruction Fuzzy Hash: FD318D30B103159FDB05AF78D825B6E7BAAAB84700F108469E109D73B8DF35AD4A9BD1
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Function 009997E0 Relevance: .1, Instructions: 89COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000006.00000002.2005195812.0000000000990000.00000040.00000800.00020000.00000000.sdmp, Offset: 00990000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_6_2_990000_226dVJ2zRZ.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 5b323d1b36fe6e1df60de90d92bfc9fcc77d108462923f495a4ab6522dc5604c
                                                                                              • Instruction ID: 6c1c8fffa4f0a392f14e6a20fb69c0c0fabf5107e88ff32f8d00deb6b5d5293d
                                                                                              • Opcode Fuzzy Hash: 5b323d1b36fe6e1df60de90d92bfc9fcc77d108462923f495a4ab6522dc5604c
                                                                                              • Instruction Fuzzy Hash: F021F775B047408FDB159B7DE9A49697BF5FB8634131100AED50ACB392CE30ED0ACBA2
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Function 00990890 Relevance: .1, Instructions: 89COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000006.00000002.2005195812.0000000000990000.00000040.00000800.00020000.00000000.sdmp, Offset: 00990000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_6_2_990000_226dVJ2zRZ.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: a89b19ae42b521be1086ec33c882fcfe7665d0c05d88a5ec8ec9cad0fdbf9d12
                                                                                              • Instruction ID: b730a161b389a1141ef112e24ed5d170c6bc39bc3869722bf617201bdc93bef6
                                                                                              • Opcode Fuzzy Hash: a89b19ae42b521be1086ec33c882fcfe7665d0c05d88a5ec8ec9cad0fdbf9d12
                                                                                              • Instruction Fuzzy Hash: 68319CB19043489FDB14DFB9C849BEEBFF5EF89320F108469D129A7261D735A840CB90
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Function 00990994 Relevance: .1, Instructions: 81COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000006.00000002.2005195812.0000000000990000.00000040.00000800.00020000.00000000.sdmp, Offset: 00990000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_6_2_990000_226dVJ2zRZ.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: e1facf0c0a6c3480b03a9ed0673bac760146fc5f6e08e8a4b29a335c5e71e1df
                                                                                              • Instruction ID: c2252bc6a4f99d84b61b649214168145c56c8d8d4b099dbc2da2e06fc082936d
                                                                                              • Opcode Fuzzy Hash: e1facf0c0a6c3480b03a9ed0673bac760146fc5f6e08e8a4b29a335c5e71e1df
                                                                                              • Instruction Fuzzy Hash: D73133B0D02248DFCB14CFA9C584BDDBFF5AF89300F24816AE448BB264C775A845CB90
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Function 009909A0 Relevance: .1, Instructions: 74COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000006.00000002.2005195812.0000000000990000.00000040.00000800.00020000.00000000.sdmp, Offset: 00990000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_6_2_990000_226dVJ2zRZ.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: c88b337ea21fdbfeb4a72470207561143880fbd0f9eeb73cba32b5d1c011b826
                                                                                              • Instruction ID: de000c55e3fc3231a3c98bec4eeb4df548f3b3a357ba5700289e7cddd481256b
                                                                                              • Opcode Fuzzy Hash: c88b337ea21fdbfeb4a72470207561143880fbd0f9eeb73cba32b5d1c011b826
                                                                                              • Instruction Fuzzy Hash: 4E31E1B0D02248DFDB14CF99D588BCDBFF5AF88310F24802AE418BB264DB75A945CB94
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Function 009997D1 Relevance: .1, Instructions: 73COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000006.00000002.2005195812.0000000000990000.00000040.00000800.00020000.00000000.sdmp, Offset: 00990000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_6_2_990000_226dVJ2zRZ.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: faee8062d2d7e5c9bfc173f680459efc35645f6a46e801dc4be6c83cffb769dc
                                                                                              • Instruction ID: 204f4592abe0453b8e8c76c8df8b9453fabf677b185cfdf336dac170d70d2bcd
                                                                                              • Opcode Fuzzy Hash: faee8062d2d7e5c9bfc173f680459efc35645f6a46e801dc4be6c83cffb769dc
                                                                                              • Instruction Fuzzy Hash: B511C0717002008FDB149B7DE88086A7BB9FF85311710897DD019CB3A5DF30EC4587A2
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Function 00993CE9 Relevance: .1, Instructions: 65COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000006.00000002.2005195812.0000000000990000.00000040.00000800.00020000.00000000.sdmp, Offset: 00990000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_6_2_990000_226dVJ2zRZ.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 042d6f04cefe4a67ff532c9f63a854ac65728cdd684cf2ef9a23be7aad8d847a
                                                                                              • Instruction ID: 67b72fc1efdb1ff3675213e8911c13e5b0339e8012ca9219e60ce8c0c762c3c2
                                                                                              • Opcode Fuzzy Hash: 042d6f04cefe4a67ff532c9f63a854ac65728cdd684cf2ef9a23be7aad8d847a
                                                                                              • Instruction Fuzzy Hash: 8721C530A0020A9FCB01EF78E8559AEBB71FF80340F104579D505E72B5EF30AA49CB51
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Function 00993CF8 Relevance: .1, Instructions: 52COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000006.00000002.2005195812.0000000000990000.00000040.00000800.00020000.00000000.sdmp, Offset: 00990000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_6_2_990000_226dVJ2zRZ.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 9e2bb88a1df943ebf638d675784a0b0202dfb28fe1fdbf7f88d7303a8d9d03c9
                                                                                              • Instruction ID: 4cd62777d9b25b07d5c6414bad4096dcc621c128c44fa172d9b93951023ef160
                                                                                              • Opcode Fuzzy Hash: 9e2bb88a1df943ebf638d675784a0b0202dfb28fe1fdbf7f88d7303a8d9d03c9
                                                                                              • Instruction Fuzzy Hash: CB111C34A0020A9FCB41EFA8E8559AEBBB5FF84340F104539D205E73B5DF30AA49DB91
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Function 00997609 Relevance: .0, Instructions: 49COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000006.00000002.2005195812.0000000000990000.00000040.00000800.00020000.00000000.sdmp, Offset: 00990000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_6_2_990000_226dVJ2zRZ.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: e10df35816c39bf675d78f81889ea1645bcf1279ca47876348f13924b1b5b324
                                                                                              • Instruction ID: 72bd93929f6bb43daf61bd2766887e5c5ee7f409a35f40c7c3b4eb079e98115f
                                                                                              • Opcode Fuzzy Hash: e10df35816c39bf675d78f81889ea1645bcf1279ca47876348f13924b1b5b324
                                                                                              • Instruction Fuzzy Hash: 7B1125B5800259CFDB20DF99C988BDEFFF5EB59320F208419E459A7250C735A944CFA5
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Function 009908F8 Relevance: .0, Instructions: 49COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000006.00000002.2005195812.0000000000990000.00000040.00000800.00020000.00000000.sdmp, Offset: 00990000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_6_2_990000_226dVJ2zRZ.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 126dd8ef9369434d451b363670a6a52dabfb8485c83a9ba06ec5f9081b49830d
                                                                                              • Instruction ID: f580b4aaadd0ece3873b747c4d8a5b0ac048ed8aaa36c9e483a0b4f6dce84c2b
                                                                                              • Opcode Fuzzy Hash: 126dd8ef9369434d451b363670a6a52dabfb8485c83a9ba06ec5f9081b49830d
                                                                                              • Instruction Fuzzy Hash: 611125B58012488FDB20CFA9C485BDEFFF4EB88324F208459D459A7251C375A944CFA0
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Function 00990DE0 Relevance: .0, Instructions: 49COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000006.00000002.2005195812.0000000000990000.00000040.00000800.00020000.00000000.sdmp, Offset: 00990000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_6_2_990000_226dVJ2zRZ.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 75ecb8985cb1d2b71c11fb27817ec0941b85366732d1955cfdaccaf6348b4e20
                                                                                              • Instruction ID: 33482c10eb3d57161b8c8dab7e5eacaba7f42d933c7a92eda334327d0ddb3da6
                                                                                              • Opcode Fuzzy Hash: 75ecb8985cb1d2b71c11fb27817ec0941b85366732d1955cfdaccaf6348b4e20
                                                                                              • Instruction Fuzzy Hash: 74115A712007009FC316EB299814AAA7BE6BB81355710496DD11A8B7A8DFB1FD4A8BC2
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Function 00993FF4 Relevance: .0, Instructions: 49COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000006.00000002.2005195812.0000000000990000.00000040.00000800.00020000.00000000.sdmp, Offset: 00990000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_6_2_990000_226dVJ2zRZ.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 310ea3fda09d008a848136a0ab9fc6168b86cd4d2e282a6df25b24971ba06526
                                                                                              • Instruction ID: 6b9aa387cde907cb2867a7787394d54d18bab8c7bc727846b3a51bb34240d91b
                                                                                              • Opcode Fuzzy Hash: 310ea3fda09d008a848136a0ab9fc6168b86cd4d2e282a6df25b24971ba06526
                                                                                              • Instruction Fuzzy Hash: CA11FDB59042489FCB20DF99C488BDEBBF4EB48320F208829E959A7250C775A944CFA5
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Function 009996B8 Relevance: .0, Instructions: 47COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000006.00000002.2005195812.0000000000990000.00000040.00000800.00020000.00000000.sdmp, Offset: 00990000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_6_2_990000_226dVJ2zRZ.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 4974065d3a76b26b6fffc4fadbf5816b0f93d92ffcc32957bba9160722ccbb0f
                                                                                              • Instruction ID: 4594e546cfac68bb53bfde8f79810906f89bccaf87d1f426a7ab03044ee6aea6
                                                                                              • Opcode Fuzzy Hash: 4974065d3a76b26b6fffc4fadbf5816b0f93d92ffcc32957bba9160722ccbb0f
                                                                                              • Instruction Fuzzy Hash: C8F0A435A4A3445FCB269BB8A8240AD7FB4DB5B21530444EAE48BCB653ED399D038792
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Function 00990900 Relevance: .0, Instructions: 44COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000006.00000002.2005195812.0000000000990000.00000040.00000800.00020000.00000000.sdmp, Offset: 00990000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_6_2_990000_226dVJ2zRZ.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: b2b2346aa650d51edae28dd6aca47c27752000eeb3115423141fff8533a869e6
                                                                                              • Instruction ID: 35da9410cd8e0ab7971f5a00be627042965990cff3f7384f5ea198b659e1ada0
                                                                                              • Opcode Fuzzy Hash: b2b2346aa650d51edae28dd6aca47c27752000eeb3115423141fff8533a869e6
                                                                                              • Instruction Fuzzy Hash: E31100B59003498FDB20DFAAC588BDEFBF8EB48324F208419D469A7251C375A944CFA5
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Function 00999031 Relevance: .0, Instructions: 43COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000006.00000002.2005195812.0000000000990000.00000040.00000800.00020000.00000000.sdmp, Offset: 00990000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_6_2_990000_226dVJ2zRZ.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 1b0cf69c046678a3d7f8cdef410ced7aa18ca00a3e1f57d3d3ace84ae33ebe4e
                                                                                              • Instruction ID: 0797ac984b7e98ac944838164bda401e4daba12b5ffbb375e2dd25a8cd3ef2ab
                                                                                              • Opcode Fuzzy Hash: 1b0cf69c046678a3d7f8cdef410ced7aa18ca00a3e1f57d3d3ace84ae33ebe4e
                                                                                              • Instruction Fuzzy Hash: E2015A747092558FDB02EB3CC544619BBE1AF86320F024AADD4E68F3A5D735AC41CB82
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Function 00990880 Relevance: .0, Instructions: 42COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000006.00000002.2005195812.0000000000990000.00000040.00000800.00020000.00000000.sdmp, Offset: 00990000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_6_2_990000_226dVJ2zRZ.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: cdd54684e1e7b67827a983bbd1849b905023cdeb0a401115f95d7ac412e23578
                                                                                              • Instruction ID: 366722ca938253cd16ce97193b6b2e18775f2eb67db9879c4ddf9b1c1d281262
                                                                                              • Opcode Fuzzy Hash: cdd54684e1e7b67827a983bbd1849b905023cdeb0a401115f95d7ac412e23578
                                                                                              • Instruction Fuzzy Hash: DDF04C716483406FDF09AB788C16AEE3F72DFC6310F1446EEE014DB2A2DA3244528740
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Function 009996F0 Relevance: .0, Instructions: 33COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000006.00000002.2005195812.0000000000990000.00000040.00000800.00020000.00000000.sdmp, Offset: 00990000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_6_2_990000_226dVJ2zRZ.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: fc413586ac330391adf76f34b565ef65e5bed1ad345ed73620898e09da6fc4c0
                                                                                              • Instruction ID: e150b391555312578ad4b56ba4ac90f8ad3ad74484a9c3341f8bf15ef1d23d30
                                                                                              • Opcode Fuzzy Hash: fc413586ac330391adf76f34b565ef65e5bed1ad345ed73620898e09da6fc4c0
                                                                                              • Instruction Fuzzy Hash: CAE022663011510FE765A63CB8021692BC1DBC2300B0001AAE906CB3A8EE24ED4343C2
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Function 00990EA0 Relevance: .0, Instructions: 29COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000006.00000002.2005195812.0000000000990000.00000040.00000800.00020000.00000000.sdmp, Offset: 00990000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_6_2_990000_226dVJ2zRZ.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 1f2d08bccb6a76a05ccfc7ffa234d6bffa077e644ac9f0c1dc9da3753e9b7dc4
                                                                                              • Instruction ID: b4cb62b0b06a7fc5e51b8c70149b2aebb63e323958d17858f0644dab91dfdf02
                                                                                              • Opcode Fuzzy Hash: 1f2d08bccb6a76a05ccfc7ffa234d6bffa077e644ac9f0c1dc9da3753e9b7dc4
                                                                                              • Instruction Fuzzy Hash: 7DF05531A093008FC7155BBCA8201B97BE2EAC13A034009BED01DCF2B8DB64E94BD3C1
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Function 00999688 Relevance: .0, Instructions: 16COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000006.00000002.2005195812.0000000000990000.00000040.00000800.00020000.00000000.sdmp, Offset: 00990000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_6_2_990000_226dVJ2zRZ.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 1d11fe8cd942447120ec0233abe0e3f84071345b54940176a9f3c8f5bb89494f
                                                                                              • Instruction ID: ec1a973381213a6f417e68e83116967dd401a0e0cdb53fba8f6e21a135c39564
                                                                                              • Opcode Fuzzy Hash: 1d11fe8cd942447120ec0233abe0e3f84071345b54940176a9f3c8f5bb89494f
                                                                                              • Instruction Fuzzy Hash: CBD0A7316402085BCB24EFF4981006E7BD9DB442107004969D44BC7204EE35EE4047D2
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Function 00990839 Relevance: .0, Instructions: 16COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000006.00000002.2005195812.0000000000990000.00000040.00000800.00020000.00000000.sdmp, Offset: 00990000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_6_2_990000_226dVJ2zRZ.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 6ce45e7eb644add211f5a16efb0a6ecf6c6563498d253df96f7a2b2e762588e3
                                                                                              • Instruction ID: a217bab2ab0eae28e05038f849a7eccf87e4b7d332173737815e2e0d97f0d21c
                                                                                              • Opcode Fuzzy Hash: 6ce45e7eb644add211f5a16efb0a6ecf6c6563498d253df96f7a2b2e762588e3
                                                                                              • Instruction Fuzzy Hash: 7BE08C700482848ECB12EB28FC59F497FA0EB11344F0542E9C0480B23BC3B0611EABC1
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Function 00990848 Relevance: .0, Instructions: 12COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000006.00000002.2005195812.0000000000990000.00000040.00000800.00020000.00000000.sdmp, Offset: 00990000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_6_2_990000_226dVJ2zRZ.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 6d6ae1cc241acdd3d6e1c7603aa90c2225ef480a7481c714c412f9375b8e0030
                                                                                              • Instruction ID: 1f5c914d18785013c2f7fe67258b800afd7309413f45ecda3ff348dec20f3955
                                                                                              • Opcode Fuzzy Hash: 6d6ae1cc241acdd3d6e1c7603aa90c2225ef480a7481c714c412f9375b8e0030
                                                                                              • Instruction Fuzzy Hash: E6D0C9B11583898ECB52EB28FD59B057F99F750308F0105A8D10C0B33AD7B5B55EABD5
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Executed Functions

                                                                                              Function 00E781A1 Relevance: 1.7, Strings: 1, Instructions: 464COMMON
                                                                                              Download Yara Rule
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000007.00000002.2088846969.0000000000E70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E70000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_7_2_e70000_226dVJ2zRZ.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID: dbq
                                                                                              • API String ID: 0-1887291361
                                                                                              • Opcode ID: 849a8f125c18283f7d6d77f2e74dd68f4a4bfd8bf0b117377903594aea22bd2d
                                                                                              • Instruction ID: ef9787ece6e3f391abfe1ffd40d336bf489b3d24e1a31bbd7d757b9ed75a8e1f
                                                                                              • Opcode Fuzzy Hash: 849a8f125c18283f7d6d77f2e74dd68f4a4bfd8bf0b117377903594aea22bd2d
                                                                                              • Instruction Fuzzy Hash: 31223F75A0021ACFDB25EF24DD94BA9B7B2FF48300F1085A9E509A73A5DB359D86CF40
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Function 00E78424 Relevance: 1.6, Strings: 1, Instructions: 305COMMON
                                                                                              Download Yara Rule
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000007.00000002.2088846969.0000000000E70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E70000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_7_2_e70000_226dVJ2zRZ.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID: dbq
                                                                                              • API String ID: 0-1887291361
                                                                                              • Opcode ID: 56d0ecb4a774274ef202f4800b6a4cc50888febf4022b292bdb528814b4d73a3
                                                                                              • Instruction ID: 32741007ca89dac038947a888c93b3bfc6d3efd0643090ab8f2aee8984122ac6
                                                                                              • Opcode Fuzzy Hash: 56d0ecb4a774274ef202f4800b6a4cc50888febf4022b292bdb528814b4d73a3
                                                                                              • Instruction Fuzzy Hash: 8CE10775A00219CFDB25EF74D988BA9B7B2FF48304F1080A9E409A73A5DB359D86CF40
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Function 00E776A9 Relevance: 1.4, Strings: 1, Instructions: 125COMMON
                                                                                              Download Yara Rule
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000007.00000002.2088846969.0000000000E70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E70000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_7_2_e70000_226dVJ2zRZ.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID: Te^q
                                                                                              • API String ID: 0-671973202
                                                                                              • Opcode ID: 3b942e815555cb25b11c2e627a8a6c181b0876b2d49609d6c16ac332172d8fab
                                                                                              • Instruction ID: c195287aeba099b4f309313f835b5dcce6e207cafbb1a91f32e551b51300f91b
                                                                                              • Opcode Fuzzy Hash: 3b942e815555cb25b11c2e627a8a6c181b0876b2d49609d6c16ac332172d8fab
                                                                                              • Instruction Fuzzy Hash: D751BC3564094B8FCB06FF6CEA85989BBB1FB44304B109669D0059B36DEB70A94FCF90
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Function 00E776B8 Relevance: 1.4, Strings: 1, Instructions: 120COMMON
                                                                                              Download Yara Rule
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000007.00000002.2088846969.0000000000E70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E70000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_7_2_e70000_226dVJ2zRZ.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID: Te^q
                                                                                              • API String ID: 0-671973202
                                                                                              • Opcode ID: 7756a6ab582a62cae15e8ee89a8eac876aeeca5360394783ebf8fee5712a18e0
                                                                                              • Instruction ID: 07f460027b3b917739d5867be54f7706dc2654f7b3bcb1108416bd60c4b6563c
                                                                                              • Opcode Fuzzy Hash: 7756a6ab582a62cae15e8ee89a8eac876aeeca5360394783ebf8fee5712a18e0
                                                                                              • Instruction Fuzzy Hash: 6B51CB3560094B8FCB06FF6CF98594ABBB1FB443047009669D0059B26DEB70A94FCF80
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Function 00E792B9 Relevance: .5, Instructions: 503COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000007.00000002.2088846969.0000000000E70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E70000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_7_2_e70000_226dVJ2zRZ.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 3cd4c2e63d64fe4568b29cf8eb296a1830bf364bfb6f092cb3895aec74f03c9d
                                                                                              • Instruction ID: 4b36b959bba1d7458a1e1debdcb2c0f9aaf41043e46644d53bf105490bb4ebf5
                                                                                              • Opcode Fuzzy Hash: 3cd4c2e63d64fe4568b29cf8eb296a1830bf364bfb6f092cb3895aec74f03c9d
                                                                                              • Instruction Fuzzy Hash: F4E04F3154A3886FC721EBB4A821269BFF8DF46104F0449DBD486C7267DE289A158752
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Function 00E79285 Relevance: .5, Instructions: 474COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000007.00000002.2088846969.0000000000E70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E70000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_7_2_e70000_226dVJ2zRZ.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 9ac738413d69829baf1cb97579d5c2f49b6e493cf43c876d72158017d935ee80
                                                                                              • Instruction ID: 9cff2336a1cc2feaea7b6e9f274e53d6b7243d33ce69a29559f9fe94cb75a316
                                                                                              • Opcode Fuzzy Hash: 9ac738413d69829baf1cb97579d5c2f49b6e493cf43c876d72158017d935ee80
                                                                                              • Instruction Fuzzy Hash: 68E0E57160A3885BCB12E7F4682026DBFA89F52104B0049DBD48587157EE248A0143A2
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Function 00E73DF0 Relevance: .1, Instructions: 112COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000007.00000002.2088846969.0000000000E70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E70000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_7_2_e70000_226dVJ2zRZ.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: ff2362e0f8e12100e59b8349401eb3d6044da3a56b4860b6cc2ce827aeb15614
                                                                                              • Instruction ID: 149f635b6ad5fe5d0f9cd25e95a81b23d73f0f96fc452933a3e461f425343c3c
                                                                                              • Opcode Fuzzy Hash: ff2362e0f8e12100e59b8349401eb3d6044da3a56b4860b6cc2ce827aeb15614
                                                                                              • Instruction Fuzzy Hash: B141C231B10205DFDB55BB78D90576E7BAAEB85700F008469E409E73A8CF399D4A8BA1
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Function 00E73E00 Relevance: .1, Instructions: 108COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000007.00000002.2088846969.0000000000E70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E70000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_7_2_e70000_226dVJ2zRZ.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: bbd5367a31957841480fb2350a1ccf6819260ee2c0b4088f361a5cced0291ccc
                                                                                              • Instruction ID: 4f803b07db3e5a77e0d010320ded7543f733dc7844db1b6dfebe0bbcfcec6ba5
                                                                                              • Opcode Fuzzy Hash: bbd5367a31957841480fb2350a1ccf6819260ee2c0b4088f361a5cced0291ccc
                                                                                              • Instruction Fuzzy Hash: D031C231B10205DFDB58BB78D90576F7BAAEB84700F008429E009E33A8CF359D4A8BA1
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Function 00E70890 Relevance: .1, Instructions: 89COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000007.00000002.2088846969.0000000000E70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E70000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_7_2_e70000_226dVJ2zRZ.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 743ac72cdbb704391d3b8afab2649c6425cc10e53ef00abe20ddfe9659e83825
                                                                                              • Instruction ID: f7f0884b28f6b88b05d0896756464844301585a2e4dcda2405a7dc48728b817d
                                                                                              • Opcode Fuzzy Hash: 743ac72cdbb704391d3b8afab2649c6425cc10e53ef00abe20ddfe9659e83825
                                                                                              • Instruction Fuzzy Hash: 9431ACB1900308DFDB14DFA9D84579EBFF5EF88324F20846AE119B72A1C735A940CBA0
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Function 00E797E8 Relevance: .1, Instructions: 83COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000007.00000002.2088846969.0000000000E70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E70000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_7_2_e70000_226dVJ2zRZ.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: a3eb9176c312f289bd659bc516ebd190b4bcb43b3126af5cd047d19ed4156e2c
                                                                                              • Instruction ID: fd082e083dbb755de331a9c21a0e573846dec480bbf086df5dc837d500eafa20
                                                                                              • Opcode Fuzzy Hash: a3eb9176c312f289bd659bc516ebd190b4bcb43b3126af5cd047d19ed4156e2c
                                                                                              • Instruction Fuzzy Hash: D421F7317046108FD708EB78E9856597BF5FF8630571051A9D519E73A6CB30EC05CBA2
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Function 00E70994 Relevance: .1, Instructions: 80COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000007.00000002.2088846969.0000000000E70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E70000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_7_2_e70000_226dVJ2zRZ.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 14835323ae98390ff76733a043cfe0ed8b3767202fa8671344838ad7485deab9
                                                                                              • Instruction ID: 2f723729f3b8b0783ee812118ca700764e979224a67f90fef22c76c88c13b26f
                                                                                              • Opcode Fuzzy Hash: 14835323ae98390ff76733a043cfe0ed8b3767202fa8671344838ad7485deab9
                                                                                              • Instruction Fuzzy Hash: EF31F0B0D01248DFDB14CFA9D584BCEBFF5AF48314F20902AE409BB264DB75A945CB94
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Function 00E709A0 Relevance: .1, Instructions: 74COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000007.00000002.2088846969.0000000000E70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E70000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_7_2_e70000_226dVJ2zRZ.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 81e64a0edf418ebad02743533259166e092234c109755f4de23801b1ae681ebc
                                                                                              • Instruction ID: 439f4de3dad043cbca0bafd8ff3d659874f263f5bb63ff42e5136c68a9bb40f6
                                                                                              • Opcode Fuzzy Hash: 81e64a0edf418ebad02743533259166e092234c109755f4de23801b1ae681ebc
                                                                                              • Instruction Fuzzy Hash: 1731EFB0D01248DFDB24CFA9D584BCEBFF5AF48314F24802AE409BB264DB75A945CB94
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Function 00E73CE9 Relevance: .1, Instructions: 56COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000007.00000002.2088846969.0000000000E70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E70000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_7_2_e70000_226dVJ2zRZ.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: e197a5c95fd32951599e23301b02a5b899b7c6103ca56e38c3722d360881c9f9
                                                                                              • Instruction ID: c5f2730a6f350bd73328a5a95e86cd90541434c998ba1155389d089ff33f52b1
                                                                                              • Opcode Fuzzy Hash: e197a5c95fd32951599e23301b02a5b899b7c6103ca56e38c3722d360881c9f9
                                                                                              • Instruction Fuzzy Hash: F0215C3490010B9FCF05FBA8E9525ADBBB1EF84310F404569D115B73A5DF70AA8ACBA1
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Function 00E73CF8 Relevance: .1, Instructions: 52COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000007.00000002.2088846969.0000000000E70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E70000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_7_2_e70000_226dVJ2zRZ.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: f96ac75c133995acee35b74139ff0abc394b80585c5f31d0639378f4cf808f8d
                                                                                              • Instruction ID: d6dfe3d9e9a2e3d702ffe105edb8c8fa7c3e147250fc1e9c8d4c085bffba7b43
                                                                                              • Opcode Fuzzy Hash: f96ac75c133995acee35b74139ff0abc394b80585c5f31d0639378f4cf808f8d
                                                                                              • Instruction Fuzzy Hash: 6C115E3490010B9FCF04FBA8E9565AEBBB1EF84310F405568D115B73A5DF70AA8ACB91
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Function 00E797D9 Relevance: .0, Instructions: 50COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000007.00000002.2088846969.0000000000E70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E70000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_7_2_e70000_226dVJ2zRZ.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 5981fe04ddaacd052c0226570ffd3ee54a1efcafb0cf7f5b4364a8c39a804a88
                                                                                              • Instruction ID: 11bf20d8ffee3cb6614d7d6e441975e4d62053b54b4c5acd91bec2c699d71331
                                                                                              • Opcode Fuzzy Hash: 5981fe04ddaacd052c0226570ffd3ee54a1efcafb0cf7f5b4364a8c39a804a88
                                                                                              • Instruction Fuzzy Hash: 510192717042109FE7189F69ED94929BBF8FF8A714714856AE518D7352CA20EC048BA2
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Function 00E7407C Relevance: .0, Instructions: 49COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000007.00000002.2088846969.0000000000E70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E70000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_7_2_e70000_226dVJ2zRZ.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 0d08eeaf97fb380adeed898c8905cff7701cc9148a9825c9c5df304b6af07500
                                                                                              • Instruction ID: d8663162549533b7a3dba59f2eb82999a5ab81006944981edb0f1ecb5f6916ad
                                                                                              • Opcode Fuzzy Hash: 0d08eeaf97fb380adeed898c8905cff7701cc9148a9825c9c5df304b6af07500
                                                                                              • Instruction Fuzzy Hash: 321113B59042488FCB20DF99D448BDEBFF4FB48320F208429E459B7254C775A944CFA4
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Function 00E708F8 Relevance: .0, Instructions: 49COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000007.00000002.2088846969.0000000000E70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E70000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_7_2_e70000_226dVJ2zRZ.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 0f58243ff0f24bc2a98bb250fc552858269820407f0a684b434e2e47100de941
                                                                                              • Instruction ID: 3d9b0e7870e339e0effeeecdc6e2d307c3cc819871f98ff4cb2059e5bdc4551a
                                                                                              • Opcode Fuzzy Hash: 0f58243ff0f24bc2a98bb250fc552858269820407f0a684b434e2e47100de941
                                                                                              • Instruction Fuzzy Hash: 251122B1900349CFDB20DF9AC485BDEBBF4EB88324F208419D559A7351C375A944CFA4
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Function 00E70DE0 Relevance: .0, Instructions: 49COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000007.00000002.2088846969.0000000000E70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E70000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_7_2_e70000_226dVJ2zRZ.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 63cf1f8b65a47337315e07b3586b81c6a339001247d9747dd82ce7cd46170964
                                                                                              • Instruction ID: 38163d0c6ea5e1ab31ae3126a03b384653d5f24d047b11a7bc4a79f9e1f95171
                                                                                              • Opcode Fuzzy Hash: 63cf1f8b65a47337315e07b3586b81c6a339001247d9747dd82ce7cd46170964
                                                                                              • Instruction Fuzzy Hash: D3119A722007019FC319EB39980069B7BE6EB813147008D2DD0199B7A8DFB5ED8A8BC1
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Function 00E77608 Relevance: .0, Instructions: 48COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000007.00000002.2088846969.0000000000E70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E70000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_7_2_e70000_226dVJ2zRZ.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 4ff5a2797f40335b91c05edddaa648c5a07a66c461e99c1e0aba55ed4e4c982b
                                                                                              • Instruction ID: 98a439c1216dca1b4421bf9f9435243f34a8dd2510f799822373e477d49fe591
                                                                                              • Opcode Fuzzy Hash: 4ff5a2797f40335b91c05edddaa648c5a07a66c461e99c1e0aba55ed4e4c982b
                                                                                              • Instruction Fuzzy Hash: C11125B58002499FCB20DF9AD844BDEBFF4FF58320F20841AE459A7250C779AA44CFA5
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Function 00E778FF Relevance: .0, Instructions: 44COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000007.00000002.2088846969.0000000000E70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E70000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_7_2_e70000_226dVJ2zRZ.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 18f1217b825f3c8de141e3e5eeb134158c74808e5f1199c753ec17277ab8a1f5
                                                                                              • Instruction ID: 37870643cf56228b147bdd06dea827c3730d1d18ca9ccc369cc319e6ac97c7c0
                                                                                              • Opcode Fuzzy Hash: 18f1217b825f3c8de141e3e5eeb134158c74808e5f1199c753ec17277ab8a1f5
                                                                                              • Instruction Fuzzy Hash: 64018F307092158FCB00EB3CDA5475D7BE1AF8A710F41496DE0D99B3A4DB34AD45CB82
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Function 00E70900 Relevance: .0, Instructions: 44COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000007.00000002.2088846969.0000000000E70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E70000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_7_2_e70000_226dVJ2zRZ.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 51ad1e7f651836bf2dab23748e4b92e67c888f670b3717c4d9e02f5e29604c7e
                                                                                              • Instruction ID: faa765963cab0f456505b55b9714431adff95b5161d038aaade10b5fcebbda0a
                                                                                              • Opcode Fuzzy Hash: 51ad1e7f651836bf2dab23748e4b92e67c888f670b3717c4d9e02f5e29604c7e
                                                                                              • Instruction Fuzzy Hash: 5F1100B5900249CFDB20DFAAC484BDEBBF4EB88324F20841AD559A7255C379A944CFA5
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Function 00E70EA0 Relevance: .0, Instructions: 29COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000007.00000002.2088846969.0000000000E70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E70000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_7_2_e70000_226dVJ2zRZ.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 20ebdcab1490a5107ccab129cb1b79768a5ba19509a2575132aa7b53ddfdc844
                                                                                              • Instruction ID: fd06fec85443c24fbb1f822c2f5934ac29ef38c9a7e48662647cf380024a245f
                                                                                              • Opcode Fuzzy Hash: 20ebdcab1490a5107ccab129cb1b79768a5ba19509a2575132aa7b53ddfdc844
                                                                                              • Instruction Fuzzy Hash: 8EF05C72305210CFC7195F38A8110A93BA2FAC134130089BAD049CF264DB64CC47C381
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Function 00E796C0 Relevance: .0, Instructions: 20COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000007.00000002.2088846969.0000000000E70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E70000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_7_2_e70000_226dVJ2zRZ.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: a3f2735f7d4ca627e8e4995035db34a79439d26a3d7720a7120a6c2893570a68
                                                                                              • Instruction ID: f3c639f58b211ab190c9db18166cf34b53af1b6cd5588804a60e55f870fab510
                                                                                              • Opcode Fuzzy Hash: a3f2735f7d4ca627e8e4995035db34a79439d26a3d7720a7120a6c2893570a68
                                                                                              • Instruction Fuzzy Hash: 36E0863460B3848FC7152FB87014079BFBAEF4721270420F6E446C7663DD698C11C740
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Function 00E79690 Relevance: .0, Instructions: 16COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000007.00000002.2088846969.0000000000E70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E70000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_7_2_e70000_226dVJ2zRZ.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: a2560d8f128189af7b074c57a6c319a7ba00bc97b50c5fae74913766343ed92c
                                                                                              • Instruction ID: 0e1dc4ae15f502a731a67ae5edefea952c710228b12d3e320180ad71b559aa1a
                                                                                              • Opcode Fuzzy Hash: a2560d8f128189af7b074c57a6c319a7ba00bc97b50c5fae74913766343ed92c
                                                                                              • Instruction Fuzzy Hash: 01D0A73164020C5BCB14FFB4941016EFAD9DF44100B004999944AC7214ED35DE010792
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Function 00E70848 Relevance: .0, Instructions: 12COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000007.00000002.2088846969.0000000000E70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E70000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_7_2_e70000_226dVJ2zRZ.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: b14d88cdaa4a786c5cce6e621219d0b72690774ca75916775d8d485515ff0fc0
                                                                                              • Instruction ID: 4a55ec43cbe5b561863604fe4a289d94c1288c6eb9cc52e114c7086cc597ea00
                                                                                              • Opcode Fuzzy Hash: b14d88cdaa4a786c5cce6e621219d0b72690774ca75916775d8d485515ff0fc0
                                                                                              • Instruction Fuzzy Hash: 33D05E7100064A8ECB61FB19FC057027F54E301204F004150D0041B2B9C7A4541E8BD0
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Executed Functions

                                                                                              Function 00F981AF Relevance: 1.7, Strings: 1, Instructions: 451COMMON
                                                                                              Download Yara Rule
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000008.00000002.2188189949.0000000000F90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F90000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_8_2_f90000_Java update.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID: dbq
                                                                                              • API String ID: 0-1887291361
                                                                                              • Opcode ID: 3dd228594cc5a659182db1d8dca0fb0cdcb2ae725a4ecc3ab090a3040c0c1951
                                                                                              • Instruction ID: 4da53a523615b8c2cf0b514350ddfa446e907fd7bfe6235e1fc15c147f655ddc
                                                                                              • Opcode Fuzzy Hash: 3dd228594cc5a659182db1d8dca0fb0cdcb2ae725a4ecc3ab090a3040c0c1951
                                                                                              • Instruction Fuzzy Hash: E2224774A14218CFDB15EF20DD94BA97BB2FB48301F1081A9E909AB3A9DF359D81DF40
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Function 00F98424 Relevance: 1.6, Strings: 1, Instructions: 305COMMON
                                                                                              Download Yara Rule
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000008.00000002.2188189949.0000000000F90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F90000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_8_2_f90000_Java update.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID: dbq
                                                                                              • API String ID: 0-1887291361
                                                                                              • Opcode ID: ba250a4e6852c59abd707531ebed3cccd4b2288fb35e9aa6629766ae9c17256a
                                                                                              • Instruction ID: 75373fb04d19fa68b84c2a8127994f1c4f49d53fbf49264c92f75c23aff1066f
                                                                                              • Opcode Fuzzy Hash: ba250a4e6852c59abd707531ebed3cccd4b2288fb35e9aa6629766ae9c17256a
                                                                                              • Instruction Fuzzy Hash: 4FE11774A10258CFDB15EF74D984BA9B7B2FF48305F1080A9D809AB3A9DB359D81DF40
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Function 00F97729 Relevance: 1.4, Strings: 1, Instructions: 124COMMON
                                                                                              Download Yara Rule
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000008.00000002.2188189949.0000000000F90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F90000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_8_2_f90000_Java update.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID: Te^q
                                                                                              • API String ID: 0-671973202
                                                                                              • Opcode ID: b57630a4034f926307ef3d90d38a05d8268d72346657fcb21eeac9fd1361e7c8
                                                                                              • Instruction ID: 20506c55943848a87068dfcea6db6a9de17ccbabc79c6a527b85ee7809d85884
                                                                                              • Opcode Fuzzy Hash: b57630a4034f926307ef3d90d38a05d8268d72346657fcb21eeac9fd1361e7c8
                                                                                              • Instruction Fuzzy Hash: BC51CD74668286CFCB02FF69FA849997BB1FB44304B008665D4098F36FDB74A949DF90
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Function 00F97738 Relevance: 1.4, Strings: 1, Instructions: 120COMMON
                                                                                              Download Yara Rule
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000008.00000002.2188189949.0000000000F90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F90000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_8_2_f90000_Java update.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID: Te^q
                                                                                              • API String ID: 0-671973202
                                                                                              • Opcode ID: 59c18112fc7b6435069639533f8503221eebcc9e010d82b3acf0932a0fc0c4fe
                                                                                              • Instruction ID: 1b6921a4f6ac9bbb12011ec933f7f1424cb4dbfaa934faf5ad0f258c58d30d4f
                                                                                              • Opcode Fuzzy Hash: 59c18112fc7b6435069639533f8503221eebcc9e010d82b3acf0932a0fc0c4fe
                                                                                              • Instruction Fuzzy Hash: 9F51BD74668286CFCB02FF69FA849997BB1FB44304B008665D4098F36FDB74A949DF90
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Function 00F97737 Relevance: 1.4, Strings: 1, Instructions: 120COMMON
                                                                                              Download Yara Rule
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000008.00000002.2188189949.0000000000F90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F90000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_8_2_f90000_Java update.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID: Te^q
                                                                                              • API String ID: 0-671973202
                                                                                              • Opcode ID: 5f859041cfb01d2c1000291423244364644230546fbf7fde40f9b4a4d61db43e
                                                                                              • Instruction ID: bc2b13f4767cf3ceeb255f3785b88849c676ba9c68db7399f9572bb9687e25d7
                                                                                              • Opcode Fuzzy Hash: 5f859041cfb01d2c1000291423244364644230546fbf7fde40f9b4a4d61db43e
                                                                                              • Instruction Fuzzy Hash: E551BC74668286CFCB02FF69FA849997BB1FB44304B008665D4098F36FDB74A949DF90
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Function 00F90DCF Relevance: 1.3, Strings: 1, Instructions: 82COMMON
                                                                                              Download Yara Rule
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000008.00000002.2188189949.0000000000F90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F90000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_8_2_f90000_Java update.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID: 4'^q
                                                                                              • API String ID: 0-1614139903
                                                                                              • Opcode ID: bfc511661f22db0d262b2bf6d692dc470766dc1eff41573b6e8274c9dd8c637e
                                                                                              • Instruction ID: bde174d2d25360b198e0db8c346706a4a19c0c5b20f38b763a7b9aef096d4e75
                                                                                              • Opcode Fuzzy Hash: bfc511661f22db0d262b2bf6d692dc470766dc1eff41573b6e8274c9dd8c637e
                                                                                              • Instruction Fuzzy Hash: 6E31AD306042459FC705FB78E9456AE7BE2FF81304B008AA9D0599F3A9DF75ED4ACB81
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Function 00F992B9 Relevance: .5, Instructions: 503COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000008.00000002.2188189949.0000000000F90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F90000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_8_2_f90000_Java update.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: d38883223459a86e724bfcc0814498d608f5f89a6021606414448579c2252ff6
                                                                                              • Instruction ID: 7a475deff9aacb87a2256cf366523cc2610c39f5c69c3620036ce9e3d7e6de58
                                                                                              • Opcode Fuzzy Hash: d38883223459a86e724bfcc0814498d608f5f89a6021606414448579c2252ff6
                                                                                              • Instruction Fuzzy Hash: 7BE026326092045FDF15DFB4C8111B97FE4DF42204711099DD08BC7258ED369B015342
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Function 00F99285 Relevance: .5, Instructions: 479COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000008.00000002.2188189949.0000000000F90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F90000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_8_2_f90000_Java update.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 4208f95d67aeca814e36f3f2636b376ff2ffb86b7b4137f433490c64e44c38f9
                                                                                              • Instruction ID: e03ed3e5c73e1ff652286c3499d62a82fc9e62fc12c2b0504fd53b16425d8b4c
                                                                                              • Opcode Fuzzy Hash: 4208f95d67aeca814e36f3f2636b376ff2ffb86b7b4137f433490c64e44c38f9
                                                                                              • Instruction Fuzzy Hash: E1E0A271A0E3080FEF12ABF884240FD3FE0DF62204312089EC0CACB18AE8208E024383
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Function 00F93DF0 Relevance: .1, Instructions: 112COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000008.00000002.2188189949.0000000000F90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F90000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_8_2_f90000_Java update.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: c73cb4708e8e036daed07b767db55e0c9a7df4525e59debc16eea003d0b9fe47
                                                                                              • Instruction ID: 8c3da68874a48e609088911f10d75c71438b78d4bf9cb595c487ea74ce76a7c6
                                                                                              • Opcode Fuzzy Hash: c73cb4708e8e036daed07b767db55e0c9a7df4525e59debc16eea003d0b9fe47
                                                                                              • Instruction Fuzzy Hash: AD41D334B102049FDF05FB74D85577E3BAAAB84700F008469E54AD73A8CF399D46DB91
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Function 00F93DFF Relevance: .1, Instructions: 108COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000008.00000002.2188189949.0000000000F90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F90000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_8_2_f90000_Java update.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 891cc187a79d66c9158d8219e217e005b728e43a21a009fc7e08ae978fb7d09d
                                                                                              • Instruction ID: 5719c0e8f399d9c9360885c3272d35409ce55719d34a55eff84daf24ce6e882a
                                                                                              • Opcode Fuzzy Hash: 891cc187a79d66c9158d8219e217e005b728e43a21a009fc7e08ae978fb7d09d
                                                                                              • Instruction Fuzzy Hash: 9931C034B102049FDB05FB78D95577E3BAAAB84700F008469E54AD73A8CF399D46DB91
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Function 00F93E00 Relevance: .1, Instructions: 108COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000008.00000002.2188189949.0000000000F90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F90000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_8_2_f90000_Java update.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: fcdc8cfae622fcce389339b8aaf5ad84f645d44ec021309bfbf5e6a911d011f8
                                                                                              • Instruction ID: a635ac1b4d75360f51839748618528807b2e1dd4eef889b0ea670859c21196f4
                                                                                              • Opcode Fuzzy Hash: fcdc8cfae622fcce389339b8aaf5ad84f645d44ec021309bfbf5e6a911d011f8
                                                                                              • Instruction Fuzzy Hash: 1D31D234B102049FDB05FF78D95576E3BAAAB84700F008468E549D73A8CF399D46DBD1
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Function 00F90890 Relevance: .1, Instructions: 88COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000008.00000002.2188189949.0000000000F90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F90000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_8_2_f90000_Java update.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 196cc47dcf11372a291e93a570eed092ebef15ea555e5cac109922dd6eb7b1a0
                                                                                              • Instruction ID: ff349d426aa53a9f57527c78d63c1330c16be1d538053353187e760d1edb06a3
                                                                                              • Opcode Fuzzy Hash: 196cc47dcf11372a291e93a570eed092ebef15ea555e5cac109922dd6eb7b1a0
                                                                                              • Instruction Fuzzy Hash: C6318BB19003489FDF14EFB9C8457AEBFF5EF88320F108469D159A72A1CB35A840CB90
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Function 00F997E8 Relevance: .1, Instructions: 82COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000008.00000002.2188189949.0000000000F90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F90000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_8_2_f90000_Java update.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: a381f3ea0f4e55085df0a834427656c392d6858ee29f289414e683f6469840e9
                                                                                              • Instruction ID: bdd9a30350c681c9dee876b99a9efb79a91c7262117328aee0c7c65c22c89788
                                                                                              • Opcode Fuzzy Hash: a381f3ea0f4e55085df0a834427656c392d6858ee29f289414e683f6469840e9
                                                                                              • Instruction Fuzzy Hash: 1A21C775B082408FEB15AB7DE8945297BF5EB8631035204ADD509CB392CA75DC05DB62
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Function 00F90994 Relevance: .1, Instructions: 78COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000008.00000002.2188189949.0000000000F90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F90000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_8_2_f90000_Java update.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 60338a31f3481588dc52b0cd646fb44f958de55f45068de77732b695092da019
                                                                                              • Instruction ID: 94e7553345ec5aad234b5ccc7711f8703262057a92d70032be5cdb3ddeb87dab
                                                                                              • Opcode Fuzzy Hash: 60338a31f3481588dc52b0cd646fb44f958de55f45068de77732b695092da019
                                                                                              • Instruction Fuzzy Hash: 6B311DB0D012489FDB14CFA9C184BDDBFF1AF49310F24806AE449AB265CBB9A845CB94
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Function 00F909A0 Relevance: .1, Instructions: 74COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000008.00000002.2188189949.0000000000F90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F90000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_8_2_f90000_Java update.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 209214da8106195afd95ac685bc8be8fec9e4097c076fa733f07c51992399c68
                                                                                              • Instruction ID: 11642bd3f374d55d49534f245303866f78802d1c4d5d47ec45301b7a576ced2d
                                                                                              • Opcode Fuzzy Hash: 209214da8106195afd95ac685bc8be8fec9e4097c076fa733f07c51992399c68
                                                                                              • Instruction Fuzzy Hash: F331EFB0D01248DFDB14DFA9D584BCDBFF5AF48310F24802AE408BB264CB79A945CBA5
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Function 00F996C0 Relevance: .1, Instructions: 70COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000008.00000002.2188189949.0000000000F90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F90000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_8_2_f90000_Java update.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 801141334701a0c0570538d0f5359fd935c2dcdd40acc0f13ce70bc03bf836d5
                                                                                              • Instruction ID: 10d9485fafb46963afd7e1cc9019b62dafc8c715802f082f450a6c9fcaaae05b
                                                                                              • Opcode Fuzzy Hash: 801141334701a0c0570538d0f5359fd935c2dcdd40acc0f13ce70bc03bf836d5
                                                                                              • Instruction Fuzzy Hash: 22F02871A0A3408FDF05AFF895140AC3FA4DF4721531604EED44EC7266E976CE029782
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Function 00F93CE9 Relevance: .1, Instructions: 57COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000008.00000002.2188189949.0000000000F90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F90000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_8_2_f90000_Java update.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: d15ea69ea3e99e29cb7352b6f34fc45c8b8433e63847390c41cbab3e927772ce
                                                                                              • Instruction ID: 1c3aa1d7a75ef9373bc37216662dc7c0b663fa6c036564eb4fd0ec85df2e5dd1
                                                                                              • Opcode Fuzzy Hash: d15ea69ea3e99e29cb7352b6f34fc45c8b8433e63847390c41cbab3e927772ce
                                                                                              • Instruction Fuzzy Hash: EA21603490014A9FCF01EBA8E9955ADBBB1FF84300F40457AD109AB3A6DF30AA49DB51
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Function 00F93CF8 Relevance: .1, Instructions: 52COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000008.00000002.2188189949.0000000000F90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F90000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_8_2_f90000_Java update.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 9b0f93da833e0cd82c13de0e41c2e89856a24a922d6488193107bd4b8fa2e00f
                                                                                              • Instruction ID: 590686315d9e15a33b5b53e7c4411baf4f56c57700fd97d4149a017ec707e1a3
                                                                                              • Opcode Fuzzy Hash: 9b0f93da833e0cd82c13de0e41c2e89856a24a922d6488193107bd4b8fa2e00f
                                                                                              • Instruction Fuzzy Hash: 1C115E3490014A9FCB00FBA8E9955AEBBB1FF84300F404579D109AB3A6DF34AA49DB91
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Function 00F997D9 Relevance: .0, Instructions: 50COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000008.00000002.2188189949.0000000000F90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F90000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_8_2_f90000_Java update.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: f510d24817ff732a2b9b1e3ece63865ecedb00bb8c860af1abee65927376fdc5
                                                                                              • Instruction ID: 93f8ff3deb9c8fe5129ad481e1f616d609ca548a6e65d8366f024222ded700bb
                                                                                              • Opcode Fuzzy Hash: f510d24817ff732a2b9b1e3ece63865ecedb00bb8c860af1abee65927376fdc5
                                                                                              • Instruction Fuzzy Hash: C501D272B082119FEF14DF69E8C492977B4FB4A72132204AEE418C7351CBB1EC04DBA1
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Function 00F90DE0 Relevance: .0, Instructions: 49COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000008.00000002.2188189949.0000000000F90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F90000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_8_2_f90000_Java update.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 9da5895eee7dbe3989188a25ddd42a3efb430ae171864dbd954375c02a730d34
                                                                                              • Instruction ID: c13df55eddd88679ad4c699d67f0aefbceeee0899cdaf33453a5bb1b15f7475b
                                                                                              • Opcode Fuzzy Hash: 9da5895eee7dbe3989188a25ddd42a3efb430ae171864dbd954375c02a730d34
                                                                                              • Instruction Fuzzy Hash: 1E11AC712003009FC314FB29D5056AA7BE6BB803187408A3DC0198F3A8DFB9ED498FC1
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Function 00F93FF4 Relevance: .0, Instructions: 49COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000008.00000002.2188189949.0000000000F90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F90000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_8_2_f90000_Java update.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: a18b155e432f51895487cc3ec7b88e63397e6d35d4a5f02a3880548143469e4b
                                                                                              • Instruction ID: 0fad144d46781661c021ed90c4934919aa9571fe295c067e794242adabd47539
                                                                                              • Opcode Fuzzy Hash: a18b155e432f51895487cc3ec7b88e63397e6d35d4a5f02a3880548143469e4b
                                                                                              • Instruction Fuzzy Hash: 321113B59043488FDB20DF99C448BDEBFF4EB48320F208419E959A7251C775A944CFA5
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Function 00F9760F Relevance: .0, Instructions: 46COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000008.00000002.2188189949.0000000000F90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F90000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_8_2_f90000_Java update.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: b246159c022439398f4165dac3c11aea2dd800e5239e7ef45fcce4008133dc8c
                                                                                              • Instruction ID: 9d56b81b84f0afe3df554a9276a8609af55f3d8ba39ea97255a74bd9311a638e
                                                                                              • Opcode Fuzzy Hash: b246159c022439398f4165dac3c11aea2dd800e5239e7ef45fcce4008133dc8c
                                                                                              • Instruction Fuzzy Hash: 3611F2B59003498FDB20DF99D448BDEBFF4EB48324F208419E559A7250C775A944CFA5
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Function 00F908F8 Relevance: .0, Instructions: 46COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000008.00000002.2188189949.0000000000F90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F90000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_8_2_f90000_Java update.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 378b8e1b74d799f01975021bfeeae7cdab375a890a69bc0774acd554cab504b6
                                                                                              • Instruction ID: 50c55822b732f3fe8c98a2449761e7b26a980cbae936b5077547e57a0bac08e5
                                                                                              • Opcode Fuzzy Hash: 378b8e1b74d799f01975021bfeeae7cdab375a890a69bc0774acd554cab504b6
                                                                                              • Instruction Fuzzy Hash: 4F1122B59002498FDB20DFAAC488BDEBFF0EB48324F20845AD459A7351C779A944CFA1
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Function 00F90900 Relevance: .0, Instructions: 44COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000008.00000002.2188189949.0000000000F90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F90000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_8_2_f90000_Java update.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 724d2758ee208240262df3337fb819003d13634afe9f3ddb9b15cd846bb200f6
                                                                                              • Instruction ID: 180c27bd605d38a4734895a3db7fd0e8233376745b6a2654385d937618ba871f
                                                                                              • Opcode Fuzzy Hash: 724d2758ee208240262df3337fb819003d13634afe9f3ddb9b15cd846bb200f6
                                                                                              • Instruction Fuzzy Hash: 181100B59002498FDB20DFAAC444BDEBBF4EB48324F208419D559A7351C779A984CFA5
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Function 00F976A8 Relevance: .0, Instructions: 43COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000008.00000002.2188189949.0000000000F90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F90000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_8_2_f90000_Java update.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 8ea1e1c43d7f71c546e1ab78e6aaddb94ad2b2f544e5bd1d9962723e27aa18c5
                                                                                              • Instruction ID: 74444b127bc1bd06e22e164f3610cc525f5b9cdea78f8be4a24d58dc963fd868
                                                                                              • Opcode Fuzzy Hash: 8ea1e1c43d7f71c546e1ab78e6aaddb94ad2b2f544e5bd1d9962723e27aa18c5
                                                                                              • Instruction Fuzzy Hash: B7018B35B1C305CFDF01EB2CD254219BBE1AF89320F41086AD486CB350DB30EC419B92
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Function 00F90880 Relevance: .0, Instructions: 41COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000008.00000002.2188189949.0000000000F90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F90000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_8_2_f90000_Java update.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 22124b669f86dfadebf609e992466b3092356756ca245b8bfcdbda9ad7d282ae
                                                                                              • Instruction ID: b9d8462eb488d32777717d7db8c12fcfd5cfbd99508ec3c8b1178a918ef0e293
                                                                                              • Opcode Fuzzy Hash: 22124b669f86dfadebf609e992466b3092356756ca245b8bfcdbda9ad7d282ae
                                                                                              • Instruction Fuzzy Hash: 6CF0FC71608344AFEF09ABB08C165BE3FB2EF82310F1485EED145DB1A2DD764452E740
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Function 00F90EA0 Relevance: .0, Instructions: 29COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000008.00000002.2188189949.0000000000F90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F90000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_8_2_f90000_Java update.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 8f94d466446c31f596ed3b772b2bd3cc55e0a36d9b645ae5b4fbd036b1518055
                                                                                              • Instruction ID: febfb657ee0acaa75929debbf072770eb27bf7d60379dc8d121f74085def04d1
                                                                                              • Opcode Fuzzy Hash: 8f94d466446c31f596ed3b772b2bd3cc55e0a36d9b645ae5b4fbd036b1518055
                                                                                              • Instruction Fuzzy Hash: A6F055326083008FC7057B78A8101A93BA2EA8139834049BAD009CF2A8DF69D947E381
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Function 00F90839 Relevance: .0, Instructions: 17COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000008.00000002.2188189949.0000000000F90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F90000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_8_2_f90000_Java update.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 952960a41a336c78df052e16dcf6d04e25feda39448c0af6fddca3fc1526c29d
                                                                                              • Instruction ID: d10986be408bdbe1b04dd8269da08d7c7801d2500d92389b205f692cc4bda4d6
                                                                                              • Opcode Fuzzy Hash: 952960a41a336c78df052e16dcf6d04e25feda39448c0af6fddca3fc1526c29d
                                                                                              • Instruction Fuzzy Hash: 63E046B404D2C94ECB12E738FD92B457F70BB02204F0942AAC4849F2BBC6A8664DDBD5
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Function 00F99690 Relevance: .0, Instructions: 16COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000008.00000002.2188189949.0000000000F90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F90000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_8_2_f90000_Java update.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 59dd75ea1fd8ca6b122ae18ecbe43918d19279fc13bd0ed2b88f41a669558368
                                                                                              • Instruction ID: 36562f2ea5319ca2e915d3648512cebe6a5482b6fc68d5c0e1042375b343daeb
                                                                                              • Opcode Fuzzy Hash: 59dd75ea1fd8ca6b122ae18ecbe43918d19279fc13bd0ed2b88f41a669558368
                                                                                              • Instruction Fuzzy Hash: CDD0A7316402085BCF14EFF4481116EBAD9DB44101B10499D944EC7204ED35DE000792
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Function 00F996D0 Relevance: .0, Instructions: 14COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000008.00000002.2188189949.0000000000F90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F90000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_8_2_f90000_Java update.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: b5125be5f262a9b5c37e3170536c8a7c462f613efba3db887e3d37595149ce02
                                                                                              • Instruction ID: eb1d4597c3064f93c7f8283c01627f8cd76abf2b241634a936ca890cb111e214
                                                                                              • Opcode Fuzzy Hash: b5125be5f262a9b5c37e3170536c8a7c462f613efba3db887e3d37595149ce02
                                                                                              • Instruction Fuzzy Hash: 5DD012317023148BCF142B7AA90C06977D9EB8912332104FDE80EC3714DE7ACC0187C0
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Function 00F90848 Relevance: .0, Instructions: 12COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000008.00000002.2188189949.0000000000F90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F90000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_8_2_f90000_Java update.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 811e2aee828e6ef1b8d875cf4ae4a8effc027eb394439ac623b5e3bcc9539abd
                                                                                              • Instruction ID: 6a11e84bc263edd24ee42720a13944c9d12fabc9d4b507b5b69772bf1b610795
                                                                                              • Opcode Fuzzy Hash: 811e2aee828e6ef1b8d875cf4ae4a8effc027eb394439ac623b5e3bcc9539abd
                                                                                              • Instruction Fuzzy Hash: 66D052B40182898ECA02FB28FA867017F58F300208F404160D1480F23ECBA8B4088BD8
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%